From b65de274580e01314d63700ce06c9c3779dad8f3 Mon Sep 17 00:00:00 2001 From: The SpaceCake Project Date: Mon, 6 Apr 2020 22:45:39 -0400 Subject: [PATCH 01/36] bc5 siem rules merge (#62679) * bc5 rule merge version changes field changes to endpoint rules removed max_signals from 7 rules * Fixing monitoring i18n (#62715) * Updates esarchiver test data with the latest rules (#62723) * Remove CR, only CRLF for rules * delete two files for Garrett * deletes delete 2 files (for Garrett) * Revert "deletes" This reverts commit cc2ac1e05fdfbaa72dd57e8dbfb21811cee5e1bc. * Revert "Fixing monitoring i18n (#62715)" This reverts commit 028574037aca6be5286f5a7c8738c81035a1c327. Co-authored-by: Elastic Machine Co-authored-by: Garrett Spong Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com> --- .../403_response_to_a_post.json | 2 +- .../405_response_method_not_allowed.json | 2 +- ..._security_adversary_behavior_detected.json | 4 +- ...dpoint_security_cred_dumping_detected.json | 4 +- ...point_security_cred_dumping_prevented.json | 4 +- ...t_security_cred_manipulation_detected.json | 4 +- ..._security_cred_manipulation_prevented.json | 4 +- ...ic_endpoint_security_exploit_detected.json | 4 +- ...c_endpoint_security_exploit_prevented.json | 4 +- ...ic_endpoint_security_malware_detected.json | 4 +- ...c_endpoint_security_malware_prevented.json | 4 +- ...nt_security_permission_theft_detected.json | 4 +- ...t_security_permission_theft_prevented.json | 4 +- ...t_security_process_injection_detected.json | 4 +- ..._security_process_injection_prevented.json | 4 +- ...endpoint_security_ransomware_detected.json | 4 +- ...ndpoint_security_ransomware_prevented.json | 4 +- ...den_file_attribute_with_via_attribexe.json | 2 +- .../eql_clearing_windows_event_logs.json | 2 +- ...delete_volume_usn_journal_with_fsutil.json | 2 +- ...deleting_backup_catalogs_with_wbadmin.json | 2 +- .../eql_direct_outbound_smb_connection.json | 2 +- ...ble_windows_firewall_rules_with_netsh.json | 2 +- ...coding_or_decoding_files_via_certutil.json | 2 +- .../eql_local_scheduled_task_commands.json | 2 +- .../eql_local_service_commands.json | 2 +- ...ql_msbuild_making_network_connections.json | 2 +- .../eql_mshta_making_network_connections.json | 2 +- .../eql_psexec_lateral_movement_command.json | 2 +- .../eql_system_shells_via_services.json | 2 +- ...usual_network_connection_via_rundll32.json | 2 +- .../eql_unusual_parentchild_relationship.json | 2 +- ...ql_unusual_process_network_connection.json | 2 +- .../eql_user_account_creation.json | 2 +- ...ume_shadow_copy_deletion_via_vssadmin.json | 2 +- ..._volume_shadow_copy_deletion_via_wmic.json | 2 +- ...l_windows_script_executing_powershell.json | 2 +- .../linux_hping_activity.json | 2 +- .../linux_iodine_activity.json | 2 +- .../linux_kernel_module_activity.json | 2 +- .../linux_mknod_activity.json | 2 +- .../linux_netcat_network_connection.json | 2 +- .../linux_nmap_activity.json | 2 +- .../linux_nping_activity.json | 2 +- ...nux_process_started_in_temp_directory.json | 2 +- .../linux_shell_activity_by_web_server.json | 2 +- .../linux_socat_activity.json | 2 +- .../linux_strace_activity.json | 2 +- .../linux_tcpdump_activity.json | 2 +- .../linux_whoami_commmand.json | 2 +- .../prepackaged_rules/null_user_agent.json | 2 +- .../prepackaged_rules/sqlmap_user_agent.json | 2 +- .../windows_certutil_network_connection.json | 1 - ...and_prompt_connecting_to_the_internet.json | 2 +- ...s_command_shell_started_by_powershell.json | 2 +- ...dows_command_shell_started_by_svchost.json | 2 +- .../windows_credential_dumping_msbuild.json | 2 +- .../windows_cve_2020_0601.json | 1 - ...ws_defense_evasion_via_filter_manager.json | 2 +- ...dows_execution_via_compiled_html_file.json | 2 +- ...dows_execution_via_net_com_assemblies.json | 1 - ...ution_via_trusted_developer_utilities.json | 2 +- ...le_program_connecting_to_the_internet.json | 2 +- ...isc_lolbin_connecting_to_the_internet.json | 2 +- .../windows_modification_of_boot_config.json | 1 - .../windows_msxsl_network.json | 1 - .../windows_net_command_system_account.json | 1 - ..._persistence_via_application_shimming.json | 2 +- ...escalation_via_accessibility_features.json | 2 +- ...rocess_discovery_via_tasklist_command.json | 2 +- ...er_program_connecting_to_the_internet.json | 2 +- .../windows_uac_bypass_event_viewer.json | 1 - .../windows_whoami_command_activity.json | 2 +- .../prebuilt_rules_loaded/data.json.gz | Bin 40255 -> 41865 bytes .../prebuilt_rules_loaded/mappings.json | 3026 +---------------- 75 files changed, 224 insertions(+), 2971 deletions(-) diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/403_response_to_a_post.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/403_response_to_a_post.json index 3b043439759c1..d4118d0686b11 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/403_response_to_a_post.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/403_response_to_a_post.json @@ -20,5 +20,5 @@ "Elastic" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/405_response_method_not_allowed.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/405_response_method_not_allowed.json index 12c6a5feabebb..da27f0a71d281 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/405_response_method_not_allowed.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/405_response_method_not_allowed.json @@ -20,5 +20,5 @@ "Elastic" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_adversary_behavior_detected.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_adversary_behavior_detected.json index a3302896b7e98..cfc322788d4be 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_adversary_behavior_detected.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_adversary_behavior_detected.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Adversary Behavior - Detected - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:rules_engine_event", + "query": "event.kind:alert and event.module:endgame and (event.action:rules_engine_event or endgame.event_subtype_full:rules_engine_event)", "risk_score": 47, "rule_id": "77a3c3df-8ec4-4da4-b758-878f551dee69", "severity": "medium", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_detected.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_detected.json index 8c2c5f32feab7..0647fe9c9ce10 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_detected.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_detected.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Credential Dumping - Detected - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:cred_theft_event and endgame.metadata.type:detection", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:cred_theft_event or endgame.event_subtype_full:cred_theft_event)", "risk_score": 73, "rule_id": "571afc56-5ed9-465d-a2a9-045f099f6e7e", "severity": "high", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_prevented.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_prevented.json index 6a96da3218bf2..036c88688d9bd 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_prevented.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_prevented.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Credential Dumping - Prevented - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:cred_theft_event and endgame.metadata.type:prevention", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:cred_theft_event or endgame.event_subtype_full:cred_theft_event)", "risk_score": 47, "rule_id": "db8c33a8-03cd-4988-9e2c-d0a4863adb13", "severity": "medium", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_detected.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_detected.json index 954e35ccd644a..0fe610d551152 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_detected.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_detected.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Credential Manipulation - Detected - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:token_manipulation_event and endgame.metadata.type:detection", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:token_manipulation_event or endgame.event_subtype_full:token_manipulation_event)", "risk_score": 73, "rule_id": "c0be5f31-e180-48ed-aa08-96b36899d48f", "severity": "high", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_prevented.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_prevented.json index 0de35891a3e81..a317c77bcd90a 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_prevented.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_prevented.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Credential Manipulation - Prevented - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:token_manipulation_event and endgame.metadata.type:prevention", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:token_manipulation_event or endgame.event_subtype_full:token_manipulation_event)", "risk_score": 47, "rule_id": "c9e38e64-3f4c-4bf3-ad48-0e61a60ea1fa", "severity": "medium", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_detected.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_detected.json index 3652b7068ecd2..97640c0cea9b2 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_detected.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_detected.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Exploit - Detected - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:exploit_event and endgame.metadata.type:detection", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:exploit_event or endgame.event_subtype_full:exploit_event)", "risk_score": 73, "rule_id": "2003cdc8-8d83-4aa5-b132-1f9a8eb48514", "severity": "high", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_prevented.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_prevented.json index dbc910c3002a7..069687a5af00f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_prevented.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_prevented.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Exploit - Prevented - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:exploit_event and endgame.metadata.type:prevention", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:exploit_event or endgame.event_subtype_full:exploit_event)", "risk_score": 47, "rule_id": "2863ffeb-bf77-44dd-b7a5-93ef94b72036", "severity": "medium", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_detected.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_detected.json index efe2806532be0..a7d3371190ced 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_detected.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_detected.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Malware - Detected - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:file_classification_event and endgame.metadata.type:detection", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:file_classification_event or endgame.event_subtype_full:file_classification_event)", "risk_score": 99, "rule_id": "0a97b20f-4144-49ea-be32-b540ecc445de", "severity": "critical", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_prevented.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_prevented.json index 51028b9dbeeb3..dd7bf72c34f90 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_prevented.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_prevented.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Malware - Prevented - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:file_classification_event and endgame.metadata.type:prevention", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:file_classification_event or endgame.event_subtype_full:file_classification_event)", "risk_score": 73, "rule_id": "3b382770-efbb-44f4-beed-f5e0a051b895", "severity": "high", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_detected.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_detected.json index c30ca0632f410..a8e102cc4619d 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_detected.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_detected.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Permission Theft - Detected - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:token_protection_event and endgame.metadata.type:detection", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:token_protection_event or endgame.event_subtype_full:token_protection_event)", "risk_score": 73, "rule_id": "c3167e1b-f73c-41be-b60b-87f4df707fe3", "severity": "high", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_prevented.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_prevented.json index ed0c714254743..c97330f2349eb 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_prevented.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_prevented.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Permission Theft - Prevented - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:token_protection_event and endgame.metadata.type:prevention", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:token_protection_event or endgame.event_subtype_full:token_protection_event)", "risk_score": 47, "rule_id": "453f659e-0429-40b1-bfdb-b6957286e04b", "severity": "medium", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json index 63b008849487a..e644c0e8d66eb 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Process Injection - Detected - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:kernel_shellcode_event and endgame.metadata.type:detection", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:kernel_shellcode_event or endgame.event_subtype_full:kernel_shellcode_event)", "risk_score": 73, "rule_id": "80c52164-c82a-402c-9964-852533d58be1", "severity": "high", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_prevented.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_prevented.json index 135b4a95e8005..61cbe267f9a46 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_prevented.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_prevented.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Process Injection - Prevented - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:kernel_shellcode_event and endgame.metadata.type:prevention", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:kernel_shellcode_event or endgame.event_subtype_full:kernel_shellcode_event)", "risk_score": 47, "rule_id": "990838aa-a953-4f3e-b3cb-6ddf7584de9e", "severity": "medium", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_detected.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_detected.json index d4042a5e6b9e1..0e88b26cb2c75 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_detected.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_detected.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Ransomware - Detected - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:ransomware_event and endgame.metadata.type:detection", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:ransomware_event or endgame.event_subtype_full:ransomware_event)", "risk_score": 99, "rule_id": "8cb4f625-7743-4dfb-ae1b-ad92be9df7bd", "severity": "critical", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_prevented.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_prevented.json index befdf611da223..ba341f059f26d 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_prevented.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_prevented.json @@ -7,7 +7,7 @@ "interval": "10m", "language": "kuery", "name": "Ransomware - Prevented - Elastic Endpoint", - "query": "event.kind:alert and event.module:endgame and event.action:ransomware_event and endgame.metadata.type:prevention", + "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:ransomware_event or endgame.event_subtype_full:ransomware_event)", "risk_score": 73, "rule_id": "e3c5d5cb-41d5-4206-805c-f30561eae3ac", "severity": "high", @@ -16,5 +16,5 @@ "Endpoint" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_adding_the_hidden_file_attribute_with_via_attribexe.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_adding_the_hidden_file_attribute_with_via_attribexe.json index 6c9b54b8ddb02..25d2232d3f6dc 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_adding_the_hidden_file_attribute_with_via_attribexe.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_adding_the_hidden_file_attribute_with_via_attribexe.json @@ -46,5 +46,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_clearing_windows_event_logs.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_clearing_windows_event_logs.json index 244d329cc4bb7..1c73d6c276ce6 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_clearing_windows_event_logs.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_clearing_windows_event_logs.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_delete_volume_usn_journal_with_fsutil.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_delete_volume_usn_journal_with_fsutil.json index 4087542816588..0bfa18398eada 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_delete_volume_usn_journal_with_fsutil.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_delete_volume_usn_journal_with_fsutil.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_deleting_backup_catalogs_with_wbadmin.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_deleting_backup_catalogs_with_wbadmin.json index eca06723e68b8..e7293eda6390f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_deleting_backup_catalogs_with_wbadmin.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_deleting_backup_catalogs_with_wbadmin.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_direct_outbound_smb_connection.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_direct_outbound_smb_connection.json index e37c877c62889..2896d27e19112 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_direct_outbound_smb_connection.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_direct_outbound_smb_connection.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_disable_windows_firewall_rules_with_netsh.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_disable_windows_firewall_rules_with_netsh.json index f6b4bc67ed9b1..42fe51f4e0373 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_disable_windows_firewall_rules_with_netsh.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_disable_windows_firewall_rules_with_netsh.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_encoding_or_decoding_files_via_certutil.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_encoding_or_decoding_files_via_certutil.json index 38162889737ff..eef112503da5b 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_encoding_or_decoding_files_via_certutil.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_encoding_or_decoding_files_via_certutil.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_local_scheduled_task_commands.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_local_scheduled_task_commands.json index 42007f153bd55..dbacb2537e60f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_local_scheduled_task_commands.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_local_scheduled_task_commands.json @@ -34,5 +34,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_local_service_commands.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_local_service_commands.json index 9559baabe0e40..648e83b4a5267 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_local_service_commands.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_local_service_commands.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_msbuild_making_network_connections.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_msbuild_making_network_connections.json index 3e34aacf605c7..5e8b260d44b55 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_msbuild_making_network_connections.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_msbuild_making_network_connections.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_mshta_making_network_connections.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_mshta_making_network_connections.json index 769614e8faf53..88bd248e258d8 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_mshta_making_network_connections.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_mshta_making_network_connections.json @@ -34,5 +34,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_psexec_lateral_movement_command.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_psexec_lateral_movement_command.json index ac170665042f6..f763d2aa03363 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_psexec_lateral_movement_command.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_psexec_lateral_movement_command.json @@ -49,5 +49,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_system_shells_via_services.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_system_shells_via_services.json index 1c001caa1539c..f1b1879fc2652 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_system_shells_via_services.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_system_shells_via_services.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_network_connection_via_rundll32.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_network_connection_via_rundll32.json index 0165f4d7512e4..2a7960c939d01 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_network_connection_via_rundll32.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_network_connection_via_rundll32.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_parentchild_relationship.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_parentchild_relationship.json index 0b4bf9ff32945..9a28c87c77089 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_parentchild_relationship.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_parentchild_relationship.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_process_network_connection.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_process_network_connection.json index 2c88a2061844c..43a3d6f6af0b2 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_process_network_connection.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_process_network_connection.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_user_account_creation.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_user_account_creation.json index 240df34419132..7054e7f67c358 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_user_account_creation.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_user_account_creation.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_vssadmin.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_vssadmin.json index e12c2e70138c9..24f1cb72504f3 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_vssadmin.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_vssadmin.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_wmic.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_wmic.json index 94b8846741e3e..bad3c65024e42 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_wmic.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_wmic.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_windows_script_executing_powershell.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_windows_script_executing_powershell.json index b0a754a662c0e..52323b169cb22 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_windows_script_executing_powershell.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/eql_windows_script_executing_powershell.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_hping_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_hping_activity.json index bb8e8983661e6..04a56241ea6f6 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_hping_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_hping_activity.json @@ -20,5 +20,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_iodine_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_iodine_activity.json index 4e49702855a76..80358cc775e3b 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_iodine_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_iodine_activity.json @@ -20,5 +20,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_activity.json index cf8cd72b7aa6f..b50fcc4c9980b 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_activity.json @@ -37,5 +37,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_mknod_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_mknod_activity.json index 3bd3848c07581..d65440e95ff17 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_mknod_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_mknod_activity.json @@ -20,5 +20,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_netcat_network_connection.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_netcat_network_connection.json index cd523b6594ccd..df8e46be7a1c3 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_netcat_network_connection.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_netcat_network_connection.json @@ -22,5 +22,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_nmap_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_nmap_activity.json index 604cfa172fd84..2e5c899ebc625 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_nmap_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_nmap_activity.json @@ -20,5 +20,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_nping_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_nping_activity.json index 8e71b5b906711..168b30121c4bb 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_nping_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_nping_activity.json @@ -20,5 +20,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_process_started_in_temp_directory.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_process_started_in_temp_directory.json index c50026d7736ae..0865ac6c70cb2 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_process_started_in_temp_directory.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_process_started_in_temp_directory.json @@ -17,5 +17,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_shell_activity_by_web_server.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_shell_activity_by_web_server.json index 01f117e0a225b..e9c4c95bb9284 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_shell_activity_by_web_server.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_shell_activity_by_web_server.json @@ -37,5 +37,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_socat_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_socat_activity.json index a16b164e9ee4a..404fea63aff94 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_socat_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_socat_activity.json @@ -20,5 +20,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_strace_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_strace_activity.json index 9b18039b63fd0..fbdfa9e66682d 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_strace_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_strace_activity.json @@ -20,5 +20,5 @@ "Linux" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_tcpdump_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_tcpdump_activity.json index 5ae48c8db9984..82771074e7c29 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_tcpdump_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_tcpdump_activity.json @@ -49,5 +49,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_whoami_commmand.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_whoami_commmand.json index 7fef4e813da98..7e7f041581eb0 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_whoami_commmand.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/linux_whoami_commmand.json @@ -34,5 +34,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/null_user_agent.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/null_user_agent.json index afbbb2a34d545..01246de5595e9 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/null_user_agent.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/null_user_agent.json @@ -38,5 +38,5 @@ "Elastic" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/sqlmap_user_agent.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/sqlmap_user_agent.json index fd240262d021f..10412c19da1b1 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/sqlmap_user_agent.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/sqlmap_user_agent.json @@ -20,5 +20,5 @@ "Elastic" ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_certutil_network_connection.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_certutil_network_connection.json index 2cda21cf7d5ef..52a373e3aeb77 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_certutil_network_connection.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_certutil_network_connection.json @@ -4,7 +4,6 @@ "winlogbeat-*" ], "language": "kuery", - "max_signals": 33, "name": "Network Connection via Certutil", "query": "process.name:certutil.exe and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)", "risk_score": 21, diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_prompt_connecting_to_the_internet.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_prompt_connecting_to_the_internet.json index 2427ab4d7cc55..2bee265a74e11 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_prompt_connecting_to_the_internet.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_prompt_connecting_to_the_internet.json @@ -49,5 +49,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_powershell.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_powershell.json index f8e5bd22576a4..d8f91dba7dd89 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_powershell.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_powershell.json @@ -46,5 +46,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_svchost.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_svchost.json index 71aafa9984ecb..6fd194ee2fa22 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_svchost.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_svchost.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json index 4ff7891438554..43050e2769a24 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json @@ -35,4 +35,4 @@ ], "type": "query", "version": 1 -} +} \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_cve_2020_0601.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_cve_2020_0601.json index c08bb7b3315f5..f5eb37c70d268 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_cve_2020_0601.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_cve_2020_0601.json @@ -4,7 +4,6 @@ "winlogbeat-*" ], "language": "kuery", - "max_signals": 33, "name": "Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601 - CurveBall)", "query": "event.provider:\"Microsoft-Windows-Audit-CVE\" and message:\"[CVE-2020-0601]\"", "risk_score": 21, diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_defense_evasion_via_filter_manager.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_defense_evasion_via_filter_manager.json index 3f97f7aca74f6..0e8c5a5f2f631 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_defense_evasion_via_filter_manager.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_defense_evasion_via_filter_manager.json @@ -31,5 +31,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_compiled_html_file.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_compiled_html_file.json index 2b6e1fb3daaec..7755ff0233f7c 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_compiled_html_file.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_compiled_html_file.json @@ -49,5 +49,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_net_com_assemblies.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_net_com_assemblies.json index c397c955fe64f..d6acb81c10e3f 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_net_com_assemblies.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_net_com_assemblies.json @@ -4,7 +4,6 @@ "winlogbeat-*" ], "language": "kuery", - "max_signals": 33, "name": "Execution via Regsvcs/Regasm", "query": "process.name:(RegAsm.exe or RegSvcs.exe) and event.action:\"Process Create (rule: ProcessCreate)\"", "risk_score": 21, diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_trusted_developer_utilities.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_trusted_developer_utilities.json index f60a986996d6f..87e38febb0743 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_trusted_developer_utilities.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_trusted_developer_utilities.json @@ -49,5 +49,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_html_help_executable_program_connecting_to_the_internet.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_html_help_executable_program_connecting_to_the_internet.json index 4b3efead776d2..6c8cd0673256a 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_html_help_executable_program_connecting_to_the_internet.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_html_help_executable_program_connecting_to_the_internet.json @@ -46,5 +46,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_misc_lolbin_connecting_to_the_internet.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_misc_lolbin_connecting_to_the_internet.json index 0cd68ba5c1ed8..a0e311d8eb154 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_misc_lolbin_connecting_to_the_internet.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_misc_lolbin_connecting_to_the_internet.json @@ -46,5 +46,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_modification_of_boot_config.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_modification_of_boot_config.json index d761226276496..045a9789b1260 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_modification_of_boot_config.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_modification_of_boot_config.json @@ -4,7 +4,6 @@ "winlogbeat-*" ], "language": "kuery", - "max_signals": 33, "name": "Modification of Boot Configuration", "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:bcdedit.exe and process.args:(/set and (bootstatuspolicy and ignoreallfailures or no and recoveryenabled))", "risk_score": 21, diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_msxsl_network.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_msxsl_network.json index 9b45d03aae375..e80dcde1e398d 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_msxsl_network.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_msxsl_network.json @@ -4,7 +4,6 @@ "winlogbeat-*" ], "language": "kuery", - "max_signals": 33, "name": "Network Connection via MsXsl", "query": "process.name:msxsl.exe and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)", "risk_score": 21, diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_net_command_system_account.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_net_command_system_account.json index 390c9c278905c..c2379142df002 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_net_command_system_account.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_net_command_system_account.json @@ -4,7 +4,6 @@ "winlogbeat-*" ], "language": "kuery", - "max_signals": 33, "name": "Net command via SYSTEM account", "query": "(process.name:net.exe or process.name:net1.exe and not process.parent.name:net.exe) and user.name:SYSTEM and event.action:\"Process Create (rule: ProcessCreate)\"", "risk_score": 21, diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_persistence_via_application_shimming.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_persistence_via_application_shimming.json index 0488667d06c82..2f44727f9e6f0 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_persistence_via_application_shimming.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_persistence_via_application_shimming.json @@ -46,5 +46,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_priv_escalation_via_accessibility_features.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_priv_escalation_via_accessibility_features.json index 26f0a0bcc245c..aeff071ed4514 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_priv_escalation_via_accessibility_features.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_priv_escalation_via_accessibility_features.json @@ -46,5 +46,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_process_discovery_via_tasklist_command.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_process_discovery_via_tasklist_command.json index 28ebdb44fddd2..3a883fa51b763 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_process_discovery_via_tasklist_command.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_process_discovery_via_tasklist_command.json @@ -34,5 +34,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_register_server_program_connecting_to_the_internet.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_register_server_program_connecting_to_the_internet.json index 920ff28a9a9cd..1e061f2ef9463 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_register_server_program_connecting_to_the_internet.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_register_server_program_connecting_to_the_internet.json @@ -49,5 +49,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_uac_bypass_event_viewer.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_uac_bypass_event_viewer.json index 0d4168640bc60..df7a6fe1285d1 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_uac_bypass_event_viewer.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_uac_bypass_event_viewer.json @@ -4,7 +4,6 @@ "winlogbeat-*" ], "language": "kuery", - "max_signals": 33, "name": "Bypass UAC via Event Viewer", "query": "process.parent.name:eventvwr.exe and event.action:\"Process Create (rule: ProcessCreate)\" and not process.executable:(\"C:\\Windows\\SysWOW64\\mmc.exe\" or \"C:\\Windows\\System32\\mmc.exe\")", "risk_score": 21, diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_whoami_command_activity.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_whoami_command_activity.json index 46af0c5b586a5..93ce1f83dd64e 100644 --- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_whoami_command_activity.json +++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_whoami_command_activity.json @@ -34,5 +34,5 @@ } ], "type": "query", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/x-pack/test/siem_cypress/es_archives/prebuilt_rules_loaded/data.json.gz b/x-pack/test/siem_cypress/es_archives/prebuilt_rules_loaded/data.json.gz index 90d4cfe0f2734823f0acccd4ba4ea977fe939f4d..573c006d1507d9c84c581c9abab7d60d96bfebe3 100644 GIT binary patch literal 41865 zcmV)bK&ihUiwFP!000026YRZvbK6LkFZh3d3WV>*jy<8I@O~(EH^Sv|MR~?{>y}*A zv3F`hH<6hj(Eou-=CVo`%-N*`RnOQOxIvVn{L(O>+}qrrWAc+vYE>ECI{Wbcll8M|m0niXjE|L-K?PjO z952CJc?lP$9Dj`lLjm2U@jtB^c=A#$kM`1d2jc9HyD!f%!QyjIjx?*8yH_LV8 zQ> z6w5o$pnrG2_hz{#{hGXgdDMAxaVDx7$1n1hZ$U5hX6B_{>_(BzRF%65=p5)`n@{8>Rx2JoX+~!jSpP*V@e0TRt-WDqt zMO&FQf1_e^?EK^QnuPW?dV_KM%l|#tni?@txFl|FPOzn@8cr`P*0HCrR=(Ww@y!|P zwz1__tk@Lc>iId<0xS9)=j%L|C+pAFppgEnKf!PQ)yhpA=BR2{jqa=YOx`|Q{&J(! ztCwb9K|d4v5biIVvd{UQCtc#i|4Y~Q-+#e>{`)U~`LA^mg>=Fs3*3aoP8KjfNC8_! zLNc2NvG2rgVh8SvM-)l8dx+xqa^B40&^)axSXhnqS+!SHePO+;%2FS)Yomz|5_j(` zSB+Jg(s0f$Ve_)^?6l^k`Z|Nc0bVrMO{=CBpUn!hD>ozS%Or2CDZhr3T;f$YEF^9w zyw0JeeObIgNYJRIw=IN6Ro1G~DsabyBU4)G^`Zo5Ra;r=s}e9&06e5QiY__)B|BvC z^uS@dIc&Jf%c2^mu!{BuIha%a&sW_#6#Y6hlLOQF8n^6|ZmF7;`sUA9G?6pCkVm+{ zPhNk@MO`(p9!7tIN3){38ojHgGXMki2-X0ChIEX8vHK-t+W$Fi+FAdj$-6&g`L+8q zTU^Z*uBpYZuK;798RmB-QvqGcy5IGnysuaJKY1H;f(yMv7aIU=+P3Z9dULSTy{Aupc|*HB(gd&CcGjF6AM+OKy%o0KdG?S{pCI`zv=5B~OHw}O%+PowXY0a?u9%r@_-dci}3pgsO=@hUA z!+&5(+PW%^tQl@Lup^^BYYLkvFY{)4M1X;}91tfW!&+C+l|8b41H4*XTk{5X^1GV= zczCQ}MeqWjH7(9dGiq6(RNEX8{8?(}yyWwCQq}oCp>!??;FB^AXC6yO#aY*sH4rb{ ze+$_Dsz8Vib6vnPLEtrp$sx2;Dm`j--#fzUy*wbQc_9Jk=Hs!#_CWviCo+1qDX?}P zg{*HCIY7;~?oGLvz(Ms<@w&{*@xN86{?rScjdQ&it9f&7dV7v@dESllxf0DzBJf*9 z-HAS}1$?-=x*D0SVqWx}`}Dkiy|#c2>F0k@wJ)P7HRV;0?cVOHH;NXL1+u5DweL)+2v zrB5FpR=lk}iTeV4;$(Bho1ZwIV@E7;;a@(F6-#;Iuz2hyypUZ&fsgz zVJ5x{vt$3 zy|&7#Wc`z>9K*=LMvG;_hI`!?yg63chS8A*ZBJ~D%eF#2ld$0E54Zozdo%E2G6qUx zKbEi7#xklLUF8?~Ov#*+!3BRE(^vFrGk2rJcEThGL*}}n&HUK)SsE*!#i0`jFZGoS z+=IK((;9nLV3QSCWc``i6D;D|{>E6uwj=2|na?5_M9g=CgmLL}mN_bp;vfK!_u^fR zqFr=e{=6M5^7(Eo^0_;U=>#?|!=I;o1|XvR}90^Q#B&$2a2+sY-NNqE|>J z@7`Dwa-3CD1u$WVJ4lIPz!o`6Rdqf_>yf$vJr;lhpX{I$^b4DWm`qOdGH=i{MH-uQ z-s-{;)1aQHK!gIr0tYQ(I(Tzl0-UM6Q<0bXnwCQe|dED5ui`C$YSW*kb!!-#uc6bltS&OK=g zO`T5<@MVkeW&OF@7x;oA{-*E+ke{E$oW+R0FLQ4FZBp@RzBYpS0?6ZvUL67l>k2?gw=>_yHebw?a`VCCal|oMkFZBAJD0^4vX@qx(FS`%Pv`p32eF zdMewVcfY6dnGW)xlj3-J8{L|xGBo1gsr+5g-};~DzMwzf+Zg?YFnVqTfI0Lthxsss zjAtI8zXW7y&TXC?+;t*<2bEVpe?IF~Rs^a5!+oGtt=dNbKtMkDJ(-xM2H>E=XlJYY zP!^smMUKJEjVfhhVI$g_XIU;Rnb+`UajP*4q{v}m0=6uyR89D0j^RqA%>ukdQE{e< zh2L4GS7d7z1eiC%y46%}_T7z~mBDa7al|1BwOwIIYUO1;A+38$~r9ll3OU zT6CAHnJP`u-DpBte5lCdDY*)1017}nujU$(&dWX=aXpOu{wwPK6!ldr*cy#y+kVbT z_o%0+kAv){XwA+m;<#pAZl zrG#~sL&r%KXLYlr-KBDhpx2xZFj5H9xmBwvAk9I=iv`wOJfQ{Mq8dz*8T1Bf7aR-A zTjPk8!WWHH5U`@)Aq&4Tw2D@Rb}XZhp#j0DwaB*&E@AapBStv=Q+4u0x6N38oPO@z z&uBK&y1K#+&Wib%<)t14{D_vmA?T#(UibA3eejzRT<$#JVE3?^xtPEMx|XV5bkKY} zO3%H#IpNfwyQh37eaZ(cph(Qe)_0mxu9t}c&DSop^T6i}3K0_OVm+Z&j@ zf4RIYX7d!p$GkCb!ykC%_zaeO&WqD|+FMDEKYuv;GCDgQ#Wp}khqjsQkDdE$lM^dr6W}61pd?NkiUoQ=s5Suj_(F%^E-VuZ%2xBoF|qd{RgDT zcXZakdH6f(zA!>;d%~l?C&Hum)Idb-iVKzhq?M`oH~vVk|TFR<~yEZ z+|N9gg@LDh+jpY$#S^zh7*4!v;^S|p@2uCqX{<>e5E4MQ^$zg;nq4 zF`5a;nB*2o>k?r%2)q-L6nHVM8gvUqPX&P3z0?aZy28fXXz~$CS0Fd!D0L~=D@ziQ zc|BH$xk;P-byie)YwRb3P}m0FB^exqJ0hCt0%kFug<(L8b*b>lXTc7$M~L36=Ml<_ z4MF-=%xE%iVSUF7ehAoq7}gt<{*-)kZsK~r6S64uIP(L~VQGpX4xX379ajmNKBWWb zk4L{B%%}U7KHcX5e4WI;ANao48+bl?Zm-%VN84t3E3Exi>>7*)%lNXPJgLnsV@Xx0`4*pp+7i~2|Jls~I z0wiqorauk~L+d&$e5)-Zx_v;y8=>Lem-%J{*Q`SG3u^C+qPn7??t6D@D#*AoZ;<<$ z=96p@8K34w&S@ZxYx6=!Z&mn(^_uzt10{jQc{9_-A3e#vDZ$uIy5YUc=7t84X3(uh zn+jk6MN!SsC~}$CRXN2KNJa&^jYb8GkjJHjwT@vmUh!*+pKmmoC3N8L^XaTN`7GL_ z8?PI-JX$x~Hn8rguWCALZy6|br%lk{Ue-B zHK2e`)uqB?Y)hVr@e@zF>)b!-28kNho$c|aLdDNu#=pBN#XhJ~4yu&xt5ViKnD<4M zvIXW`+fLF<1|jnT2L{jcBbFv^%#tKdR2undkn)2`aR*f?XPlYA5tg{J6 zhsZZi>8QGnI;CqI%1Wfyz|HnGIerSw;f8$x?Edb@2@QeU%3NAV1FE|&4;y+tj2Fiq~P@ci2G z5}Y^R58k|38>NWd)JMM9c}Kg8Hb+l z+YyT$KViO9iY1-Q(|8aSAwf0$J5y8A9m-<{Gia{}8=1q)pnF<+$#i$lO@ zksk*tjwE+8|Ctk|9IVlYV7KQS?6&q7x-YWR7E&A8ZjwZt$4sS;fWeDnmbd|DQRsMH zCPOcd;)Cqu@1E@R1x~*mF+pKd?zAi6O-fwQXB{wlDqW`LT_ro{fKLh`vLoeuT4%Tvv7d208b9ek-IKZZv6XnVH0z z@pb|ze^?!H8socAV@?U5kZA=^$jd61k4tZE=?OJNG{cmX-^~9pZ@YdjUYM8NE67Yp zYU9NlR}+PnJax6oL3lPRu1D5ShEznSfY%AEPz2CyD3+Q{)RbJ7078z{(SVKvn?gN? zHlUP-YzG`(gF(c65GeO_!iuKlu|B{3f)+=Wb|ONpW`)Tl&%2Sin&j{jGE38BqTH() zsQc!nDD>u~z?lK8s@X+QXkW04bmG}fMv**2e2TKwLDu+z7Q6(YA+FcN_Uyg4;oa#7 z8%bAqF#sAR6`-0_W-N7loB4i_*r5tV;M)gB*n{ZtJRM>8bl#o#0TbRQ*dlW_(E(Xs zx5vy06(8iy?<8-ozccTPyqRplR%Z(#eI;2I_$Y7MAgrfB!cv|FHV-4;OCK7h0S6fdCZR#_hLJ8<4hi~-Y#b0Daps9k1fG;5_IoDkjKjk0M_*vIBc3p zRbV@VWq5G|2EMgSHgv1YhHm}6N*5=4uL{?+>T}bQ-nj%1cb)O3xYiE?w9{H*K~77? zTrn^Cyd|P*C=?U-jM15=FFn0peu8r79a)8m$eo&qTtbkdngVc{=BT-W=^`8pBTlMj zILoe=IM$(%QeE}!*6MR?v`#T(rh6%!F?#2aF$9(?SwK4XGTqo58{Si2;QKgeSP2(^ ziA$4E5ih9etf;OP@|%1i6*=*d_mBN!o{J0gcTxiVi1g^`?8!O};mCTg%|Fzz8k*iY zy)F8KqujHZFT8d7p+(THHU2n7M_s}pC_}qzWre~VkS)@NlY5XF%=z8blJbl!2bhxy z0bhaq^kkW+P>4|0U^;a=#T5$xEmup{pb5tz5XQx7FuffEKGvX#WjZSR*}O(4Js9Nf zyICF`O~T(T#94k>;fx&_`^z1x$#_~B*S}gDm~a_(YqFzkK@$ijuOc%^Ng-Hk8lHad zEKFu~n87#J5jj`7=wU&Y9Gy}_HR|HPo68irJn1J z5|+<7j`}&SmUAVVos`pV74@ww=jQwxiRySf&!sw6j!+W*Ii=AMr6iVR}yNB2hxrZ$J^|RjLw&xyVdk5|DchVlO z|AFocdJQ)B6bL;YNP#iXSxTz+h^1}@5Y~~tbka~bf%D?g>n`SSKLrS&_pbMsyy+YT zej)T@eIl?|KPsL3auJ=m5Iw2JP=fV3E80)*@SJ{QrGO6V>&_vXoCFBe@qq&YazS@q z0velHvd&RGrH^@vLxm5dMBU!OH{d&?J`J-(CDn;@8g;w?d|;Ax?i>$>+tE3(Jqdit3{%q!R>PE|e4 zn}&iCK2=hC3vH852O4$AoBo|J*ZQCBzF@9!^UUdi9SFdt8FSMR0ILU8q+W>H*DQ41 zEXhQizIeV1PE1PV2f=tx^`(IQJMny@AgYRD&ZR)wzxktxB@o4UazjQUzMg6?1hEYa%# zHZZ?u_&sQ{ACyV7MzrMxELu3ciXtCVxFf8}W8AckZTFbg6s&%hUe9>bFeC_K z(}pf@!^HXx+Kuo4karCr2e$oSXc}(4*4qpv;-3LbUf%pBH^IVC|3Uw_JNn0PKe2GU z1uP6_O%&QTQz_=qc6`oYJbfm42Dms)V>=EGSUB22{i8mF7wi}mr=)i^Y5n@;(?@d3 zUmF207eNf@*6Wd&Oy7{RUJnQ*`pD(!oRBXf(YiGx1p}Z=W&DZ`bQ<(6$2OtfvZI?= zU|Lj$q3ay<=GRY}@LfmH(-w^wkzDRBbLhCveh1h>%ysA#zJhFk$fA%poxPISFw~$m z`VE{V1T$K%I++kic?4+wrg8z{mYM~E=-;)IFA_e83*-$E-LR9pp&4-MJbGcOat<9w z(2Nej0K3bEdPEP?Qy{hEQuCEiOa92!RWDc=4`Pf7yKWXkeMHcm-mvxUpyxc`~sbp_mNp z7}fk4i;;XDE+<(M`B@;7x7hRT8;kK^zTZv)~b_vZ5{@=UZsC0w@4!% zOYNns8zqAcp5E187 zox-k-e%fT&=#3R98Wd^_pdX1M`pOql$3aNgDZP86*Z0#Z-(g4ON#aTtIv$3D*e*-5 zEM~Erq;bMkY&*|h`R?5Z_D&aH&z9hx_rwfo-UDQ~t2WH-v7~wNGl2L0y)$0tmpN>N zAj>s^7h6naYWs(&Kj`7N0s7b9miGko`+>cA@|`S6WFj3Fx}n4TRK*OF9xz)7PlznC zBm2d>+lOATgP^~U7(!yTthJbRS`$bD7|bm5MOp7lNz`a-BmbKP0N(0KzghLjdWW7e z1nh6UmJ5xhDOn3)xM_u32LSG3J}o;Ze5CE@9;1Ad{YTS1Xl}m$s=r+8EiM-T`8@4h zo6bJG|788#<-S3;r?F=I;642tl!8oOeBIwsvAxVV7a)^%50ETV1H~9J4#=C2&r6afx+>X#$UCo?>C= z8FcQBm!2@KiXV7c7$gd|88>0RojNSdWXjSo2_iQRmF=fbn^t8H(1l}f3NKddjH~g* z`t!9H_#zr5?&dDck@Nsrq%rfA7r?(Vh2thzpk%C6tTN%eczh9g$?hgwI4kok>(q!} z#0=@K9;HS!@Akg8HHX6=J&835E5?nD`iGX%^-ZfXZ>!o+an4Y?*IG^2uD0qD`E}`= zyWD(y*3KzYT%+^554lZ|j|mPHN@-VV_vF5(J!9&iFqt=kRFV>oqr4ze+^&7dD4Jt} zZ_ML|I0p`tj&Bp-sMt^-n9%)Lao!nV`kAY%l(?6{zLIZ(v- zn@X)Sf~*_)5ih)y4K!{RZogO!AEbHivUMPMZsy~$YFdn8oEI<+-1sn1N(!A$i8vE5 zg~giA!i)TlHzb+``!EVea*oN*u`N0g#4sN<`c+gVK1c!&MJ?*)^t~K}dm1?*RZvh~ z)dv*+q$ob+&BSDVSGA$v;2^9{$PfAI>dO3wq1^dqW3WFU;+UaYzG(}dj*ycBz{&U+ z77e47ar|mCZKdluaTH>fQR!sxuh3)Mj|79$Njh9e;fVD4CxQMReh&j=^*vl49wOPG zjTTqP7PG<~;Ntgzi|c=s`vMo;%|p*(!QJrn9{@`bch!KAF<{Vgf39D@C}r zsts+;LGBhKbCYz}f1G|^Vranf$WgYTbXgtET4lAoxELhPGHh}1>D1T6vDVHpu~;*@ zQKueoa;8N>2>p;If`HGv)NydyhZX?H2m1C^YZ8883yjSii76T#8aK(&A(raF`|UMv`Y-U z){Ibqq-tn)n5S?D)*!k&)W|+lD|lA3OmieNLAgOoI_Ne{lftdve?B!$HqIB=N}McF z<)whtft+qVQ^~wb)P^HUZPSft7TkaWtsinXgbie0*%MjAEY1Uaf zmZls2O@g(pnhba%QZMu!mT5*WDHyi_fTVsJOWWmPB%(vU=v~YgZTk-sQ)vFE-*Ioi zqjig_tpA1Xi*yid9t9W0VdQ~$#dzuj%nv}SiX#!TSj0}u6Ygc) zd-2l2E)rAxcKXhGZ8F{y|DHsjk9PpN-)KjOArRhzq|l+op~SGnLV@)e9}R4qkrHmV zWkk1E@i}){mzVJuHqFPF_3qi2ipR<9s@> zRSbVd?#K!0x8u@<1TVz;N{Cnfe06f-{Q2t5tx8uEet&6io-XH|<9i}?y^z^S5HdgW zUB)9jWU=F?f^%DB0e|i}@9syyAIzt_O^=zU2ER`7fIj@a-mt7wlB3x#T%aOm5GA%f zJ$bSxdU9{~vGDpI>%L&&XbX%Gewg`+L&1KOFy9Lm$PiA-f-p!p4{a{fgY$N@izIFT z^CRkt32)wjZd=xoBjPpcaYY{0MB>n4-PfPaENIJ-_1Bt(<;r#Xp{UQ@l}?&?B5r_FxZJ`01%6&nS-sE^lWMxc*fmbx z>6@#GZ)k~8g%6z@_>Fv%Cir13@Q2cPo5QRe-K+k!@(h;+OpqK|q^B1}HOHW?%e=12 zDJ>w<*e|Kgsr`SPe%Ai^G`-l(l9nBg7UE54BECfsv0HFmULgIHo;7Gizd}|mu!DyB zhlvlb;aK(vv-=fY=Pu zHg>_4xa(t~=lx871PY5|f0Yt`4b_l7yb$|;u&y5{IclFu?ub)%`(c+5BLz(iCjMZB8P>E>fSap*(!#d_VlCE@H&pupx0=C0JSw20!Ce0xw*&{K~0 z9uzoIoIo5MEP`d^dexODLJQ)L{2$Ntkw^>x-iG*MewbJo0ByOD=ROq29Z` zE0lLRpYrmuDrlIXsU3s4-nw)ka1T#A*QzPt!zIU}dy4Er1qO~l^!1=XS60>qoWCFn zHccgRB5E{6^@Bl+rW+z$hcI+glbK0(cF>T6sPw}`r5njawkmIUekPS4CoJ((IE@3_ zW;_Zr44iU;NMwl{CI@-rAa86(-uUi8!0~@gy7iIsN|#NDYJPOQ%r;+fidJ64ZiwR}sW4hDFWDGW_yD!|W;+*c_rEXSHHOt6d0NROs(8r0i#NspkRedb-V@s-t}&JlnWX!(Gb9@}p^ z)ZBI~>`UP*8gBiz^d6R!)*vIJG0&(pOiJ2&OZi~Jh_qNs5h7if%u%Pjso^4@x09;Q z|B06ki=UY$hzO_J#Y0>}RaE3{Rsu|?Br5eh!V*%>|d z;AyYE<}j+Oi_3CV&`yA(a;_)U&~+6Lmuv*o73Ipjx#Rm>7OHHY2uGnLw4JtNbFLDVcLZ zl=$oT_kNLV$W7pTp6y|t8b9_D<^y74shheiwmqKOp&bRWJTR$l5!Ajt{d9vwbrs58 z#i6?POzlfzCOg;|(27vlK^Uh@`Dk&J$Zr&f9+N>Pvyf+ra{#oly@P=Eccb)2V7m@z z=lTomIL)LY#1Jg+|F>Z6l#2J~{GyPZ#zHipjZfLWCmCJe)RW9fMHc7jpKL;Pr>g^htm&WQ?jka+2+GpI5A#~9)W6{@cY zH;g5whj`ZSUC{BO&1Cb#HWGO4h?%rw-XfrTpiI|}VcM{v!Dj58-^(9AsmdU8RexxHIvNCYxtU{DVkEL$K@EtEichFhs~JqdRpL`G339d zQ&;ef;u>0}!vf4LE)YY}tKAzT>(}Z^5nI=)POWP5kjK|7!zs!%HQC>2-iOP4O<4{< z>i!E^&3c{DwOt zcgLb^h>r_cC!N11nNRPiX>&`S^C*~ntH=TPy>-v*WgpE}_HR|HPaDnrj3&Ty9E$UW zu(6ZK`BqWif|#$au14m#8j0$7JkO;97=4V@nqRP_pp^D_R;zRllg6e6gWbLvP1MqKzpsi))v{+@8!tg`d&#N2+`Q)gp+@u!c= zzfb!w;6cQ_{!H!*;&!5q5w{5LY+J)}3 z!zzoUq?r9+kic}RFj;EeAUOJf@gViAs)y-HhtU>CiyW*JEK%rWe&jv}_iMOtZJ0>4 zGem9xjUG^RmFmG;hfoZkD)p1F7;1La6kAbW8%H>Rb?8NP+KruZjFLAR7u(9U8-WYgiBP zQTI*mCS1U7pdA_e9?WO(7Obcv=yEzAkKq*3+VSP|3x`I>+9gcWD1y ziROSfw}d!-Kj5D4DrS2b9JQ{5Q#K4j_!&kjb*17mI3Ug+hB&`93FrFLxG!+i+Z=9& zJWNIE`79N-WPZpMOKm%0iFA1oCo)Loizl#;onZIjrg6Lb5gOiwezt3j(FGkX)UiFZ z96-u!$vEFDkd8WRbhIJr#JpYzP$(pGtdLS4ktQG%M4Q)IFf(PjN(jzU5WKhPtLJn~-(m}+i)B?kz#350T@*pYS+ut0<%^SR7eA|i)n!p`9Q z@Vxj*895ISYC8~W{b}462<7{mYwRMKN*-rS2+RSL2#@jD5lpy_8!0zQGT(Xe5Na1m z-9P0>%~55o^%Lxi(t2Nx5#^j29U7XRtur0YX>>^IJAIZtKL{SfpU$Wz?Vh;0`XlR# zFZ6iO26D5njfM+e``f1v*6R-Nd|Kr1!JgN1{F5{+Z>(mXY9*fmG+nshP`5_fwq{_@ z?ZQ|W8mt+=M*YsZq%)Xzb!k{v15FgveD!n@hlz9?8$?|eXlmkwvoy)z$n!FrJCPl6q2S*1lO_Z3dz}Gz zOMz#>69*!>(fxr)U+Q^-o8`~lE@J(T$r##vi$Q46h-VOX=-xN^?>otROVjQirv3Ru zo;g1*^6XoMko7m{eGx*U&GooJkcCm`yG(ManD4lP@lb&T7je%P(v1W8;`uV;a2FGi z8d&t9{JYLXq={GV5)ZzM1Y!mT#2>;jWJm6jM0H?L%M?oqmu^TAZ3PezR^uYc5;@uy zaIwV`7sIfW-7B5z?xFI2EAwbgze9;T9H!>J;;r1ijkQwgwNqqQ7N}hSbp*<8B z>>#)wIo{fHx5rfx1kXTB@bAqy+ilF&`$q7BZ&70K5A%MI6TXL>u%8SSUb1-xT07x! z8buLH562q#9{k#(aXop{c|9N8!30>F|#zfIBilI~J z2!ZijH4+J4s)Z!+EK)D+6-IxQqJGITK<3iEzo6Ur&$ydym6pstD2Kln=v)88+!N5}Z-K?Zi^Bklc32t% zPWEG8u{cv1vm@oEQ5r^Ja&YpE;@ty%pNUCJv&3HJ+&cUJ&%V6>gxuTJ{1Fsn1Hgys z-{sN{Y%b=4I_Qf-|o#cgypKxsu$865TimeI&&3dwlJegAtRBF(MZs$TOb9gqujf zh%RTTpDCt7$5p;xX2@@|3_^2fR@4}ju;231g* z3$g*gX;@>eYaEiwcBxBlzOf*}D)_v_y@Oz_NjlT(HnG$tj#}hQ!fYai)tT+rB)~mj zzTHq1F1ZlD6?OHS^xO_P;_sCAK=POBYu=ttc-dA{SP@H?^(tSW#wF1Cn%A@LY1vTg z7eB`fq&l8yDz@%7#tUKr-S2#+mEPU&G9|rb|5FYBbOwJnli`oyE3odG1yaUEZ2ta7 z*Msgi;o$Da6}j+qKWo*$)`ja&AVUec=)Q2 zY5(W6Y5UO>P5*){zjl9Si>tZ9_|CHho!@Oa;zZKTd<@!k9Ie^%LIlrge3(s1w9dq?%|J z<2=FPYzD>gX1Y|kXcj{z7XwDyYCq%E73@2d#;dz>wOA}y)4U(LtK}Edylp65R9`U6 zw{?qPCH;-WiInt}# z*Qv)zJnjlNkAuYXG!oDH-{ihXJifa*^@SZ|k?p3;c9AzE_EQ!+B4vT^+sc-<65)Z{ z7!$AVs>^h*tsx=ei-9}qdq_+C<~h<%>Ex6xQc_Wxjxi?r1YA^44KZ*E=y^zS)k#9g zLu?e@YqB~l=LucprB^+E>viVnk&!pE0^4ZO9pnSn(fyj&V!2r(>!)iAfP*SB%DgEn z)tEH)3!b-|SuL!$AfEx2N-^<cJcPi3B)NNp<4fmYaqG!_(nNA)GLaBA*3GmM}kbC7fAF%%mF$A^pHflsG8Q zcSw02MBnCB`vl7KAUfoI`%X}D{m*h=pk%PQS8WRCL*@&gIkt3Q@WPm-%6C~B1c8?Z z(sRS`r9;WkOP)jY9kWhrIwqBbzs)CQy)Wgg${*o!akBtS;B893Rrknx2XO3yz~8O+ za)FGwn$J}ql@zxeMAu29U8b3Cm@Um*A}detUX7d}ueD136X7G0ghjptuX@=Lvo70~ZOsCQeLW z^$qxCb9cP- z<_QTs5MDJWS0~-;Z*Nv`JV5PFF6#ieCPqvHV@5ARSA?7Ae0GtYHYF*{+#KM%4 z)wGM^(KGfRS>R^w5rhz+4>*jXkj)?-JJi)Y}n#~XO$h+fEPXopMG*gT_smpxV z$yg%&h`BD00v={=;yRBy)F=6Pa)`irDkYJh*!L@mK9rL@&D)Mo@i(<)RS`7cpep)K zs-pG3(LDijPULM2caXuB+q(u}!woJ3yAG2`ls2XgLi#^MOxVkis+ zpL}~}r(1OTr7o#UW||{!{g`749z89|$-&FRdMUN#jc{)SoTy(|N~OA{ zHFQveCFi_gWDBjTqDwYODL?z_QfS?{)X9}@8!{J#>1?1n00~=dMpL5QHBaYS%LP5k zTg;`U8XCV`+e%A?lf>&B;PJv2c4VDlIVI}AiVlAhZN4Gpr^H%?8f4`}3#my=4`_4mrcgeYdApCiRIf`x-kG>uwA1F&U!!WK%CwP#E0iKu zt3p?h-M&sSA1`YvOqpou$hMMrtXNwaXJ)u_j^!%(X1(P00EK3#KyF%CRu}4e1Wh^y zcmUG^-!A-3UvP75K66Gt+2Da2m}@DOKm(#4fvYZkEQ8NM=d{I3L1-WA5jdv;&#A!k zOJ_8b*&!>(AAmphnl(LIk%H1-2Ul#uh=qd^>g+2dK@mF!G%swG-j07mphK z9aR7Q^5xWeP4p9AP>lvF3>7kMB`P>L-u5}XtED88Yhy~%;^Bv82ooE99+`whh&+0i zFRaJl6>QszSn8Xt(IMcg`v86Wa{9)aAlDCOJmNYNJ>V?FQpPt8u^ND#98nb(>?E<> zP+)kM!@bLDPbVqnfzMTG0J5B;+Of2*VeR&#8NzFK4jrF@)(*+$me-aJ}dAJOO%kewAgFIlU; zwu@>g>*|q}XBKU7Ld{@ZX^er8Wdc8Mtrs7{fH00pBiJJrIw5bGMq87Sb4RTpfwcwA2|<>BfpfoE$NHaOvN zA87jYqlRg~fE*3HQMrvUU5B#WG2nx=XZmGY7K=B#p`8MTS&|&?Di2qOoNF%xJ)m7a zF_c8C3%~`KK#T(6ut!)Eu2^^bX8>#QKXkT__;P6!kDx$cQ9VYUSn3d#mW z<&##-ZZ4z|-FWTVI90Brr3SrlM)~aIwPTOyf5$OC;6(1o3F)`v(uD*s#QIA3rsq=_ z*07=&I2OOXRJ`)%tCJJw&sR?vM-)d&gkBP|gbTodksY#BWHxhEn!2uSyP5AjbN^4r zxlh6W&bV{qKkqc<$##_dj`PHxpf@IFWzWct_&aK7POG}zo-3&D?LM)tW8WV?w$O`h zX~ONNp78ko2_JUJ`YWDTZwr#x$S&N0#4Rp@ct4Ch-j5U3jsE&Uaee)5dSAqKfAee{ zt`Lc%Kt2zm#AAMvCM->Yj75%c1CFlNhin{Cu#2H(rzo$VlE*DbQ2LKAbC8V-#OSw0 z_oo!qjTp-=I2C?S85Fc3ZzCp zy_%p}r5rY;lMZVImlVw_w?siY6B-enex+|yiotk!DRPP1rSbV1jy+BY)z``KW{^4| z{va{_IEfKtHt*?#G3nZY=O+R3fkw=CFmT0_8D^1+ec$%OR2_t|gD|!YVeDWudlU{| z{|nt093I3QcDHjuDCoUAP$@}T=Rk}z-Hc|Pm%4F8BW9fIHI|ZdN~r-*v_&2}5CT;LFmK?ob<|NNF#N}mAs}?z^vhf6Um%`SWsLvofDT12;|lbS~J1^C}<)%exd&fTBsJ@Q}9ty3h^WI6T|Jk z?d%wh(lSwR`6A=noJ!Uy!nLi32FL)*E0uO&RgcKuu$5g(5OO3#_Q0OIf@mtRKC(C&(xBNK<_k-jyIbZuT50KKMQ^Ec>4Z?GYNZQ>+qsJ6H!uQF&v zVf|yyL2keVv^48&osY+4#lhq#^sSHJAU5n7X6CeHlh)Ohrr)M>7Uh>_J|pxF9RdMS z!he4M?V}MBO?Rb5OdAa>{RSE`vfk?XznWCmW!|6(mXm>!h?RAoMx2tHR;m>Z)$0j| zcVVh(OieJ2I3h#Yh*~vPr6RK_HPqBc!U^GAy+huvu&e2M(XB;~uqHj%x1n2%{$z5BaZku4d+F8Hwt6JO|PASe3_Et@&kq2aad8Li)d!O$!DaaWk5<)8f@;QjZg< zFb;x*r7pT6C4LOBz)o2fqcctFIgT4Xq15v|;jdX}=iOnpeX=uWV<`OThX9>ka~a4#Sp45ou&o~FnYmZAIl1Rpf&NkgEvZer&%<8o|~pLuf^G8v(s#;8ee z;EohPSxahf%pwK|0d>biW$F|uigX@3gz`5irn^KaMI|oaK*YFM^k!PshUbhi7P{_p z8lUqH;hihd95BX~Foy4Wwi~%AOClFerc{KCdxEpf2|PEA9Tf=ofHA%s##rH_eiL@A zfEVje;=aHOZ*zDdQ{QuAl`v^15%Wcwveb_hi(E91hbnag_r=2tZwE6D$iKmm%D&Wp#&zQ21|xzAr@{e(%1toM|k%sOj%O`&Z_)qh5y z_|eJO-j+IX5(e&7nf2+6YC0n0-0JF&tSjDNkl&&Wy2Oqpw#(MrWfq|Ca8@h$x3OAx zF?rfgP^%m1$>t{S2Nb`s9~(>Xx~e}6FkKqIAt_x~OV?-#=&Zoh!P=7){V(BeS(U6y z4%ZA?eaIs4wA>kHIo^W(OPSsV8L@7sz`BtmYmoWs%`PVYg`L>3Me4C2^I@wN31?}N z1uXC~n>&#mapgXDNn`&A>KylhECyfdd4s#<&)x1~{Z0wbbJc7OjzS|2LdSO%I-c*e zA2OmnN(xzjcitB%WDDGcPVCv94A7Cn&X}M2lEu=ESj64H4Sa_?GJf$=NZ>phDdhLY z5LI+hx#}CeX16SXa7rnbDr^m`eQ1JQ6@}D^90>ZB0^xW$Ov;8nr}GkUZ7vjXvSARF z_Rc+s9eXTxyq@9NN(73n2|S08IPijNs+jY8`uty4jv<+x0Br16bbdNXB(j0Chw~0jQlWv{qpG}F$k^= zJ(r6hjz8=5NKB@0C|aaPYdx2j2L4yX(Bj%&%Qm=diYuf|lZ%>CRQ#Vn{O%+SC zBw@ZE3dU21Ggk`Ri9Ijz)A-;;vpecd*L|1-;O-rGGgJw6KLcg<{>c!}Zq5(>G>^-& zv-V!RFOo#!Z!AgJv6sl$bC^(p%Y3D5mMEc^YYWF$!gp={!qX+jBYzit&%4mJPV4%6 zLu}*uC2V73OpB~8b&%N;M!l^;0io#@5aEAqt>!9kk=1*yBl#%&!Y;P!>W+eD(Z{6b-#G;*Bi2LW2kwX?jb3YonD(&v;1NWa>Q2BW6>Q8P_L zzH+O`FS-`;+VE80(taDB1p=vB(U zl=t~%0In3(c#O^fWtY50bHExk?_+pu@5$`PTkDe7*N71cbPCXn1H@KUitF_<{oPFT zXNYZYc@}8=D51#uT0^UYv%z=M0uNU2LKBRJffMKHbg?RnLpO;7=4Fn@d^dC%595#p znHNN9nkK1u_I}3Ez1le>>$oFH^kejL(No*@AJEI0)Yo*H9FtsoUk@K^>OUyxzL$b- z{SS0cFrx2ouAoaJKMGynV`=21FnBH|n&1&rcI*kj*FoZ|14i7zfVZ;+k3)wOdy)u( zIwsof!y=??d&Ci@LhVUP)pi-?`Utl{C|j>u>ypwL{Tk+`p}Y#S3N7`EH84zy;>oq)ousy_hUUxR|K&QW7t;RUXEg0 z^~kiDwEVsYZpX&0da9n6vM4}UIM*o-ZrFDy;+FvF6^0@ z-lMy@vTyWc*%VcEF`uox2?u)18<2Z$MEgB8xQ-K$IGqsVhY zW}}z1?W!y$E1*_7tCQo^KAu&6Co1SP*y-^KDnMG?Xq2Whw!z3+1Trr3WyE!4A3| zze6WBgvlLleUGpS6KpgaSuac`4D?D7SVdnx!7_APv6>d}QnTR0sIpdJ9=Vc`vfda8 zC6_mNFw`ZNYLTrO;Ty)4)zvjR%K*a21w5mZ{_0$C>$}4oF!=T`_?irMx54_Ax?Jeo zhj)2BZcapTOS^s#D>uDDtDezPhn4<>S%y8&NmE7pAZ2NCSZwov#cpKFG;&oM9uWWT zY1n^R%c{idcB9E-Ti{8}|zOf($X2jKUefZzHb>7D>T$4)j^%mz*-eLG=^ zmxauCl*hOYAX-L3#meS93hWo3XxQ1oM8j_>IBe+6@(aZXQNAGSw3^Lzq}3CInVrGm z3mbsWS&LCQ-Qf(EOg>!PP^W+^@>!uwlO`3WIMZMdaVET$6-p7cvx(3$Sh7~=e?nPN zhbS@AgN8a|4f(7lM}%lRlNEBW;dfmU-P@u`UG6su4?_;NN(eg5%vHpf(Bwk((Q~Nq zU66E8m{vg`Wy;IzK}U24)>J>g#l*Ihd>1CWz;Ne|Is+3MmrAFGgLd|5dIz*1+=2$R z6Kr>lS$k{P#^47IUIv(APZPftxPZ=ix8l#u+@8bmozrX_62NUS5-jwiOvH}Mq9h5? z&2nYD2~=@pQVnIFvkxQ zUpQ&(+Ap3?Hgb0`zw9Y~u}w>gBjoY=cUaG=us&7znc{!)%$Tk>QH~)S7I9u(=;Eik zcvaU`-G{{^e$X1RW#`?2>+Ybjn`WL}gk(u|nL~lHMwTya-A2sQE*rgb)VfK82o-h5 zD%2P%K^V2%D+=r~p=3)Xq}MAwdo^U*4Rbi9QR7XqP4k<1BOrlOQy#fG&6wX?Xhb+(Xrzk+ukvqR}4f0_N#g26ksZI zZ1&N7H%xz)On;UQ`}pslHiRs(BSa8qaK_o8%lw49EakD!0wItL+;fC)KX*Nycb}ea zu<>o6qZ??jsKzJegK~oV)pSd{x8B{}e{In|fG6hGsG*$TpsL$GMqTAWx%OAOH<)yD zMV;bdl4fbb+$;l3nnnQw6dy9>WWvjwOof?z@tD-xK@ZBa3c%my)C6xWT~HTFmM`hr z_&~`vGEep=mtc*Y)3^^>CNhE~_jtO{gr zW`ArGPN$gXp{{0SH6tKBpN%zfKD2r|1AI)MSi{ z8%eD{SNnpbyv>tEaXXD-fMm?IL&^Ls@fc4%pK*|QU;t&xGw;PCsa;H2`{B2D)@usS zFI8*(2F=3pgt}o<>YiR3ZfQd#s`a!5vgyL%32Go5s*_e@qJs}v=71FhTC6Eylb1o5ye_Qji$&jK_TTAIJ+KJ!!GubJSN7*z^y)CRz{wG zeVh#)v3+n28es=HeDT>~^bO)N1utl}PHU;Uyu7T6OOryZD?op+owK1KvF}<&uxo&{ z?kvx+Bhb4Vwk>e>@co~Z-~>;#)|3_rj&@F}SWC?&0Dut+!=R7Vk;b01-mpd5(2eQA zVD@2)Kqga|Isjg{og6_;s9|obtBFD!{`u_}25V&jC1JW}1*)nk#e;x9%hu?nC*0t1 zPOa)1M9n}vDyqB`+V>Jhq0|i%yrDK?UplaAR;l_bin+wRXoRQ>HRj^l;)@_Lt%JTX z7DqI_t??X1CZR<-HBPfSu-QXlifczw&5i~uHOq2g0>qGa4VU?c(_Z;5E9g6-H~``B zvme}lX$Hf%8*m!G={-Ty-9|wh2~P7#D`v(hu}B+1H(rNf7~!`VhDoG#)%yE^076)ji8M-Kj2zCN7IS|O z)wSc?r@DS;NT%_hclvnRj+?3DJh7Xp|8PD7%}M<`?zg8^y+!|0{~6@4aP0fz$#9pg z`SwD}o_@mP`zL(ZCF`$v4tM!W(fHee)GaQ8ct0!`-j9>FO{$}ZCGNF%>V1*8{mpF` zY2x{zFJi|12&prIjB)7*<_YEbK_s|HUVL;}w2SGPzq~u8bIXct+uovZy;SV2+{FX2 z5RC*N=3VA>RZdC%Mo#91oP*i%P>KanrM1SYM3D;FBqrnsi=dE1lv#!4%De_izPMf? zk7w3(H75bBGpckYFZl0>qeK;QKjNJwblFg+&Eq$FJ+MRV)Na zl=VqsYo1Js{0>4SReHY+d57@W_5a%>$MuEA#o#TAkET_ksOEBMEgq3ub}le`2xfA; zW62(^=mQP;AE%!i(nrv`>=N>6JptC9lj)9nr7Q1pnd?WmAP0BMoKja!v%I7avh5F( zZD~{6bBXp&Pb@o@fsB;PBHzvcCrLQ;mE=tMPUgFz2ZNkFb5E>;IJ+C->_L)wlq9qM z7rHN!Ot3kRogMiwd~U+x%!9#8d4lP6LdH>siDk-prVf(KE=C3*^wvVhcd`*8=+iHt z<;$d?GY?=K05wQ^Fx`|!5c&}!MzlDil%$mn!vcbmW2yY*-B`pMk-fASo{F|WvgUJ7s+Mx0F6$mt)h)Ujc&4N80 z&a$eg#@E_vNdc}%=AJ_vm!_eUTe_Amx9_3W^cLpDJmrG?>rCFpen^a91qHT>k((Y! z4;ijUkTp6v3)ZFrF$8l3VkF1-!I9SEq1W10t*v(mSU*B=dQ!{n?up#PRdJ9Rf1Ewk zv11#TwCA`a%*F8g<=RELv{j&@fJqrA%#Y!(SlXP)ObRD<<21;;gI)9>NFD^qA1Fw! z|B>#CAQ`$F3zEJAJ3R~_^M&s)U%C;9l(xf=bSLtKqteJf2$IR}36j74d}_V^O?y-R zteT6qn)R0bH%}l^-jE!7(XvmuZgPvFOo?slWQki+CEmPcYQxALo!#$da`ei$j273u z(`d)TNW$WfYp0?(@;Su}0aTXos$Q8536aJ`#*1mypv;Is7c-!D=D5y2ccaNi2$XZO zcbTvovfc4|taLJaiEkEF-s+C%a~$Oo>;Ot=DC*`EYp)?c#WKO^!DI!0T`GKXP018T z(a0OUl!OuuF#JD-uXgDb9q=D=L$|5S2eoi*;b z=4sslkSDRgK?TDByMP0^?6L8@?7G>-WYHH!j>j3F=0(nFw#>vVxT>rQcf4MnT9jkj zy<0(BFH@@Wyf}HWmN*rJN#aSD!7(bB@4)$*#J*sO5=ojSzMaWnuPt#O%-;W&wv#=P zo!;vc&pMr_MK0Jc+Sz1~ljY!I`lK$V_QA#UAWuJyJiY#gy*Kjo<}Rjw%)`)Cg1M=R zVeo>KB_Kz$G!=0c1)=M!17%yhgY+1Ge12!W{v)qjv>KUD#d=pw0UpB1_NEglewa*+ z?dxRfTWuN9?SoXksZ@=lxI(Iio+x->*>hJDooriNHuG3ue>&RV33T=B>{sj`3bI)C zcM@jtfrBi2kYyLLto8r>zg7?%$I@Fj{~x^R*!@blTi$)Npn9v~^@Zt;W!=cTL)Hx< z+ZJi;Fq!#2^Fz)V4`jqVFN%^l3p|xRjecsgMj;;1l;v^={*r}y)AH(hk=ZF?1apXLe6|Y$zbpT zmt{hwp|I`L_S1ua8$Uk*_s5!yhvMxmlkq{geL~^(mdSW$1zYPN*d7GiA1~OxL`PVU zOFt2z!y+yP^IhSv6izu7d9IS&%>tfg2S?b0XuBoR_8{0iO0Ze~E8QExW^+1LCzU)4 zeV6&%bu>9l;zd5o!Y~LEp7@b)U%X(G?4V%ty9xFBn@X+U5NtQ?6C|5_+h=9$lC)WW zuTmrHP&icGv6yzTXTSgU(Evmv@GMwFG1Mxp0c}#aT2BW5MF&d}NR)F5$y^o#j)v6v zM+BsyMuz_wQHO}~)zCX*QT#7-izB!9kxm>*LX#R}%pbG}iUWi^#b`lz@(M}vv3)Q; z%H&Z$>LSKqkDy>acnt&&WyCY{ww8xT+QBffo}2_D6*1c}{r{Mk`9GvQd8YBUPQ;sQ|Bg{pGO}oY`BkOP2 ztB#452y9_x%j=GX=Lm&4Y*m9)ueDxeBxx=;35A*)Eh4$FD|z0SY^5tEj;_s1qgXUe zqBTWDQy#CBBnyy=6wZrjhhZw>CWvzo#RtL@@5Cg%F?Hmr%WI5YflIops>J<4uN^Fx zCcYESX?Z~z*EfntE93jB%c?ms=`K=`b%{gGX!WkVDASJXYF^5&hBc*H{ObDDDM~MlRk=wmsHe#>qni0j^sx6Iss=VV$epA~vUn-sKQu{H zznN&MNr4*Zc>@g@S#N1|!AqFA^0kfmnjkxgO{7VkmUcXzm*PE$b zPy4n1pcJzHOzw*m;`p1Ve9eL^3%rEMECx{|Qi{ci@R%FAVP=DD=Y}tyqB6F_9hO2& z993sw`SwIxYl|d6-Kq`P|^vglX|1uqwd zo0W3M&7@j4WEJGe!1NAx$R=<5jA91r>*2iF9BK#j8zF7?f-$A^h&3<&t}PQJt<<{D zgM4M3K!7s9%1mS(kSj2iJzq}Swa8(yFw6|HSzuL|{OssMl2O+3WFyC#$DH8X&|^tVwGmG^Ws6A>ah!0=0rC*;HqmV&+8p3uF>sg404{KJMY$?tbPS|5 z1aP_w)cQ`}+uT{}egU24=E6Ndn@ymN6UC0SgMbAh44Kbm#u6FYEE9Id;hglMG(13? zorgB-PvgEo8-H`YC;|WH`i{#Y3IFmv0EawMDNEhZmbRV3-Rz}9o6w7Pl6aWZ6(2g~ zh{dd*JD|ZV^MzUOOF64xwXf~|d$WKAin&$u$a)7@B~L=H~mahGh6HE*HQMJni%}XCK~wGGjn?vKe}Gk||Yc zo>X`%FEdOQO3hva`aI5eGqjt{y*E`U$1vx6;Jm4)AEDz3ed~kV=Xyx(+Um`*mVp7F`5~Jr8=Vw!h+sgy}Q>V8te6M?>^`V$_ietJM5#w zvx`~|qQ>Yjt~4*4F_yu* z^S08OE9ga4G#ZBWL6c1v!<=3ZVg?8&QeGs?H>?A~Q?+v;%6tx!xF<2n2B44ddpyzK z&O*^;R8<;0!%na^E}E&58C&b9;Q*{LLNhI@@v&<=-mx7V+u^ZZ{R{;V=m=A+tQa&4 z=484dE(#stIl}Q-04FH(L(DG$SC}2SK@g^K!jpY*2YMpq)l*=h71(F}iP{&|S7&pp zm~>+|h%%Qcn@i>g5of8ClEDrYs8D21>>Sc@{-5@~wYzN`+w%MT3QpY*o!mBLf&^cl zPpKqzD}9ryOgU9`XH90g@uJL*M5;+Cj(e^9-{%~Fq^O4BF=BTN0K{V-iwSL56 zkW4FqiG>(`imZ|aX86^Y*L!4NX+r0d)%SNvg{if%542pROU1YT^8=qz{sjy?PLIi{SI7Du&xXrO}W z#GBAogA~_+siu^c$;Og+G_)=ajm#1U5kf0devTt1uvi79me+NHt6_|>sgOOM+AE&I z0oWWg>3ndNeaR+TW!wNJe0Pd7ZA&;L<0zG!Mnw2L0V6r~i3nIgQs0eOC<8z7+#U`c z036zUppFI(#XATRa(&I9-@MR6b#myu*n__kFQjflJy-FxheHP#ByqPiT| zpDW8Vfm+wuNDl#A;F%G|6L)mGTHg(zpb3({!9JQvqa?B*!z}6p9soHO#_-y^)73N6 zBW+~0+bYdT6=IPFn2fGBMI`oi417~FJ|b2w9Uz=JR_fjbVmblPYiN+r!U0-+-uD0$ zqR{nI7)Avs^!&HC72**-w7xW@#cVjl?m#$VJxnOQj;=1`tL+iSUJ*uRC&vz5HtW%c zorGKB4;8Y&RZNqZ$`Gk$^n$-%*9mL*Z{vI8v&v|4(g%=ksxcr2kW`PU3tj(bkr z?ewm2!$p%*4T;atEDl7=DS z9_7SWQKF?%q3f%o7A<|UWVd%Jm%eV+^51b~#hs>?D&4D8Dea|7pCsY2cldxLsKqQGDreSr%2bB;WE5lkXgj?rd0G9n@~rkZ5TjHV!YUvRx@YL%-b;rDl>-GOU+^KT85FP$axgQ zDhuq=Eo5nL=N+P*_reQs7+Glk3F7GGu`8Y29IzPiL}`7W$FLV@?7ZFwt_+FcKA7!AywcR%2AtPilg)5+6-F1@gJI>J+nNi8SOwB<0GKgDt@Y60nn7*i}FZbl+8Ehqw%6_ zA7w1VP`O+)lK7kv#;72iy4ZO>S2|GAi~B66gdUz3<;^eW&Zk+Pz&4d^R81oY=y4f%kW_anei514n@Hf-u4hM^G zSJIW%avE;JV7MSFta4OhaNtU1{5h@eDAaM?++S^?+dG`!n!T;s@zS#N;Wd-mS8ptI zb0?-n8@f;CUDwf)SQ!Htx{+#rH&@eW&GDM|5UGL{x~?)|GvDXA_&4aw*49202NTU) zzFs@^SVU4`DqKw0JZC-A;5G-;Yvnb=u$9*oO7%ji&XW~Ny>%pyMTo-PKF2(ET@)%W$Y7y~XDAhY$uIMJo{3infniQp^eKW0ba}sjWWNsNCwVro*&~!&FIgi5*8ws8znD)+P*o~*nG*C)j z86HCnbTmh72rHC5)v_ds^V@_g3=l2ymZ^C^6w8?MU-K+;l+>_nLEISwWV#$-YC8Zx z_*9qh2JsS}UK}X{vr&n!$KXO-Utq6aG%{U1`||EEQK%S;MG_L3cpgeR2_gb2iHO1| zrJ4uuqQ^uBugtaiFdhpa^0o&=sS=UPy_hh?1OOtP5}pJ;Nm(ddHw~hIvmOw!!vjQr zYSDG1I~@_yhJfeHss1@aD!Jb)3}PJW{DEOUnTboOoi(^IU&7{V^3>5ch2PEcE1sj5 z3ORx0C__I5lGfRz_Bv0!g2e}b&=`|=YcI|GH#U&LwwDh40i_*B6>n4K7kLmHu0O1` zs{>)aJpbSCJ511DXCrheiEIQ=MQ@tT-idZ9v}Jqlgf(FV&r)^vv;yH4ZeXeoIx#=R z`~JJV)4$tWK@v!GtPPx&#SobtZRiHxV@+JBD`Wt$q=glL$g(u7f$yx2hJ6TIGV0t} zK$RVKL|vY=2^H4ShG1|Wl5+zG(P0n*O~&Nki3yyr>&erP2Ek|G!agT8gVX5j^AC1{ zoZ3g>-zw8j&I?3N0G#ZXcnbFN^ADRP+b>*w&xH3ILo^giq>TKOM4X1Og~09+CsLCn zl@awK6~zxECcJlu#xu)%ef9CflEm0LB(*N*b>opb8fEtFBcD|yn8#e`yqGb<5|076 zR1xt~75ZTsd131H%IpV7)cmTEF={<8EBj`iBUpKPn_HfTo`r)O8Wyz)!PQDx(## zSUj*ZuBEQl*RL4Mjqpg$Fks2LbegtweLDGa$tTX+Z&Hu&?*1%FOJxW{Y~(m<9rny- z0R!A@y;C(hJTY)+R^}(R#`cohLwA*1>Grvnm0q;O%buk1a+^J-Wen|3te*@ywJHH?Fn#V|J@5c!~>X7V*F%{<{bMrdz{ zgnu_w)J?B61H3|{ZG&@Q_RZP9EseMdvQFpcqO-}cgf6RYappO_6LDiFV&gBI3%NBO zMY+22^=`y%+=#C563GQ4O5m9i2auKMSQF~Sk&GmzTnD`y@!;Kvn-Al$AY?|jK*(T8 zR%EJ2un|qm>$AnT4*|tXB`l)jsSTXb)kj@^;FA^S6`%5RQ)2bHnB~)zklY{m*CBl9 zE-}c#>bLIG4Ck`@KW>Pg{XvhbKTJN>dwva5e_f6Ly|j?S?-0D-_qThxi?t7!8KaNT z!!V<(KeOrOf9T?;OpjF42DgjEVURu*uo+8-IBsO(>67c#xk zK>hU(KCD@<`2;YYu@;u6uz%+HgT!r=2p{mktevuVJvmF&KIF-%CS0P_e0MwC>`BRn z7E%4tF1(#*#T0Ljxd!3D-MDv}%R41rfCYqkWNHPyfay3YjNSNet}9Z}&HcE^qkIkb z)3TbH+WzOlRas>W#GhctgQ34id}iH|D>vGVhP|Wv4li{FUbxM|*s--POy=Z8$7{() zXKARU6s}96ICKf6nj^!dPof}Ae4WZ54(WrO3b)t0w4hEV@9Jedho3H`n&8@ji|w!Z zIiN;u){%i5x?a%je-i`wYx){${er{fEj_$|*~gPLeH@*6Y~Z=!!=K!{ZuNd+UAH6N z|5($*7;B}!UKn+xyM~&E0S&uVZ_TH`zG95(lX#4X&-faUO-gCgivmhG8k^j91e5oA|8E|A^ z&xU6v&-oz(XRluzA9OvaUuNhZN?bRhN#X@8Vs4VqhxS)p&HcK?I}3t=n{1<8Ik)t- zGV<=ayY=QDo|OK~t8XE`p5aM`&yp=VXqFMIF_UL_oKlSRSuxQ$ zRydhFq^Fu%+j2X%(tfniOR_e}R_D}x_QPoV(=u2GDf4~e=>+4kbV!8IjCj81i#U}Y z55nhtS{4tWhYmN!x;ZPWv$fIV{~hw(ItMN_`w0~AWm-(;XdUKv169>QJ)P{XAK@YRPpu~> zmO~cP*Dx*$6U3UfH?7R#BXbpaih^(P{` zIuW5!OqCl1B#>c<5xM9}PkfR}H|1dx1g`9p%?|%WWbk`oaYZlC8bsPMxel|*vI z35$6|IE?@b`C&*s<)^+!pL@(u=pCS%>FX99IB#a-32uhOdDEa0;?$3r^EOwLB6~nc z^>P7o$g^7Yz%e$s39eYVE|XSY9lx|9lH&qb6F@Md+1P{&;a9M{eQADX$miO}rukw0 z<=byHasDfuFcn}XQHKLL=kMNrs5`+#a7>U1&?Mq3)JZpF@g3FoO|Z_xLWx7S+CG>V z;Mx#I{RkN4?C^hq`#dvGdq-H*&WW@7UhNn5^#B`a2oZ2$J5$Z@n%}%wkR?UPd;t?7 zonDyFac(uGm=7+hnZQymQn;&?pKs3+7x_0}jUb{tl|e`XtrEh*KoRco1eTg0b(16w zb)+AJH7>K^m`sUqJ&$co5E3T|$28v*qj=*%1*_P1XRLDY^IsDnK-P`lCX4Aeit zYT}qha;I$5Zq%zaZwc(~dkVGrgLx#UP?Y*x<2sj0nMR%($E-lt^w11<*Jbcdlb)2kInXi&FnN-kInvi zxjz`jLf=&hLrF%(V8KE@G8rcD*7dZP2P*;^>yJ_MVi`QPqFg-34}7i{5bL% z@uS2iELEHc#XKUl=8C&Q$7%BP1wxO|TyW#$cF<^7TU>lvLflVF3G3SdMrc6~7#|BT zZv2=Yiv!mSw&!Q}m{6L#NJvEqi#?Cg|zTYwl!6bNqaODjEn_?4uXXp{``^~%!lXo*AwJx zM4CmU_(YxvsKH!(Zu1B~Kvfv1_ai{hFU||NqnB;YC4kIXZc;8QM?fPqpj0D&Qzun+ z>PObhksbm>9K+8~YBKY6EjR3^hWa|IE^Pn-0#*RIxgK@JZ|b{;@=sAoy;}ydi3)A& zZzwNM8Vb_Ni0gEi&(Wz}%L;b-w)l#rkE|y1sK>nD8}t6MGFRpyuQdR!e^Nhj4Fc{; z-Q$cngBfGKK(^Ed)J|~EYCr8>l1wm-uhaG{WD$#zL2rW~31Q_=S#n3%^KXGi{$bjuj932|cW8Fu>x|=_)M}u{@4?>L+ z?dkx)t%?H=Q)V^cTEs+inx@oubr=QD9_vO2s73VNxFXN%2T?hnc=ZLquJJoon};Yk zRa?>&OX^Bb8xC`a*HH}D#xvO<#6|gOKy7-C*-mgnKg9$C0D<@^Z1>q$fWX6znK|CK z*mbF)E!bQNUae`%+l3yv+Z+D#!%)@f9i*!cQW#q^s5kgX32HA4jZ>c3@is4w#wPr0 zM3hd?&ENB1p3Z-H3cuWAI4e)3)B#r{3>0icT6rW6DCS+diLZPvlY~F@IEv#sNp}PP zcD%T_zV6Ny8u&dtd?a|d`BQl;@X+_RhKDR6ZsQ0YV*zG+uKj;}jTf=bMnYsZCxvT*U@^0#VO8VZ0<%Ux z34MVjU>=J+JHfLEJguHkM+B+WJ2L6AeI)ErI1Lw2VLL^Bcn~QYo|EfqJ&?utR6tjs zTJ%JaSs%qwPd%4Lr*3d6uZ1p&t|piaKLkT~GWER;xY=%WC~~GH^<%KFg8)|1z!M}+ z1SgtNUwEEYOvFdvQ1ouYhHo21wH+ZtZ_hE7(H)+|<&|{HV9KcX7d{#w-1uoc7C^|h zKO6V`F!WOql2i-y7c!4<7a(<%av`+z!<6c04+!G}t_6>+YxKxxIW9MiCr~dP`K+t1C~b~aqoi5cO#V5@9CK`Kk0+m=U(w3IS|IsC z|1;MLK^@u~Mp_l-RP!bsO-HJ1-i<3RO#$uu$xJkFCO9uAP;C7k`W%py!nZG1@#~9r zt`GjK6)*>{i}56b1*|E7my`D8RFuV+`B!3yv`p>0Y+7+O&hq91soG{qSPXqPUaI_C`?7)ub^gW-N!wLLY0?zi_wy3cc{RfcKx`P><~_!y9gkbT>0Sa4 zY}LLil#p0=I{}a3vX0|ni~H6=+B1%&YkUb(4DXy69EP+rWa?5(Qc z;H|1!zy6WTs*VX|E56$};#F11%mhjp3#Y;**lE|`#xdU;I#1isDeC#K97fTbBfUA& zn}3VH9W*N|qoqxF)fiCM1bu;suG4+|#`|(wif_Ir2Tsk{ zxpM-nFeSyb05_u94P)Qi0oWu!iFPLyIe6D#Mhdu5) z9Ng!|!R@&3w|W-ukmw@lao!{0yv?7+W5Idh_Q`+D4``?YN!--+2=ii266$%x4JhSq zp8G-s0YcwKSr=nPill>@=f z@y@{cRa8jU0&QvQfo?yF21Tl9l^~c~x67PHSL|PN3 zyLfQAN7bu<1!?Mq#Fq&}Zbp{~<@@k9N|S*5+)ZWgK-(|IforFi=| z#u&;?LK=~Xx)BC}CM5Cwh)5NNTyQD03ZFgjqru@G9KO%;**E7;Eu2?12D%&X@w@=& zbo~i7o9eO{VM~KW0I@44;A+WGc|Jc%gyta66UwCmQY-B-qHcDbf%E53Ti=7kvhkP5rCQ{p>z44!)&Tfm zh_`I$`->|8S{yDalyy)Tr-btXTG2S5aPc(cs#ysoq4y~REDG?q)KGSgj;GPU`462p z1X)5$ZdC)csT=MMBcQN6Xj*k*zbN&@%n>M~ZAGgIR-wNHg$e4D)t>>zz)hd5xyz~m zC*w@ug|N%%27;}i0YgZ}BLWLswE>01ZKuwuP%#^rbwojwsF%e`v=PsJf;U+LiAMQuo8cmw@a`B@N@9%S1x#1ul z3${$y*4Q$PVirUwrYd4en4&2WB8o|nL~hIjNkzb(J+}1y!^M`3Gp9BG9pZe_ZX1MpZ5J(jOKvxN-jOuC)AUDJoKh7}i#>TY+ zE*NEBwDUKef5{N)pvw{Zteke*T%(J>pH9bAP;zcq|7i0N3$kYGEn%sY$yq zXt6Zu3kShw%4Y!mjx5Fv5e-bKi*{hnaG+KL-D*xUwa3%LG=XI^J%3fH(O!znp(p*O5~;PKQ~iMP@~Ty_Qes9)>0?y^S?D39;R)6f`btgVpQZ zSj~(+WR_=B8>x<4#mOQKdM*D*@IM&pX<3X;EZq$5$fczsY8@EHF`~b5Q~*ME7N+T1 zrFV%@Rh5H3ZsVi)JX=>o^F}5eaH3JUr*neY5E-3dkJP@i`p~n&xR?d64RjV#X!FMJ zQ+wIa3upaebx+hfLXCF~`h<^Q?y2hre4RL%tp@5)O}z$Hbqkw!twBFcaWh0j7_7CX z_c~ff8^&!lE+3RwvKgFK!l`ljAP6+`0&bx)lV@aTNhgTZiWEB)ns5mpnq*1%RG0AP zs!p7}#l6!eVYCy>)Kf?~E1Q~5a73#yia0{q0BWZhdX#Xgtt}GnvdT~;vYswBwOf?M zl@WZhheoIiP|YSreF+*3NJZIvQfv*B1-Di~-2>;9on=>-h4VFo?yC%$>lI!!GiOi6 z{o0AcH)DHjuB-_vxEknsfrE0P^6J7&+~otx-hK6O_f^C~tt68~2Jjb4WJr>TQxXOg zU_(q3#^T<6^=R&^Wnb0D_8GVn-fljUM*?qsx_!WXOqFyaFC;RisN)`K68mvV5;yUJ zfCVx0pS`kV?9#*cVIgE|jv;?8s_7n}ZpX`IFzwuJWN?HkOqQH!*2o|*r?BT|Uo(YG zHA;|ck4M{+Py{#&2W?fYgLcxOG6P#X*wz_qR94BVan;p=v`46U1=~mo#hCUQAZv~< z&B3Z^pp-^2*|eA&nRE=-s<~(i6Z^O7(JL%Y#QS*~$nPnmAp?QxF}M)d7uf3;_O!1* z&f6UxVqqG)EDeb8;)F0?g@ng3C5azLG7S=zMnR8<4*WQ8^FcfoDCC9Pb4<80q>;x+ zO7S?)ivoZ`iNH{?G>KWt(lqU%&;fExylR3zmcURGj{mWk%&hL-9zfB#QS7K4MN6=# zgBQlIS!9!uuH~@NZI;(@SWY_9dg{zQBDH%DV8~1waMclzG34dgVa}vM8L-JC4g%0r zj17+-ILJk%AyKHAtAa2kfpj%8HoR+4Ew#e!Wc*TOO>N1;H|4BoyilypYVJpl*US-?1n$*_kGd@}E=P@P0*Oom;7sH3F%F-3pZpl;m}nAztZqyojWG` zueryC(%TTO1ulza+2bZ;YeRR?r{%U~)oKc4OaR14^dcwPT#R4L zJ7M6wo8sGl&N7q6XM4tWNLICOr)gng(bkP|N14yY(3|dn0!;rLM!5U&a=O-!#R@vz zi;iAbr{X@cdJAFq&VBhoHkXY?ndrfkkKhS{?R7NDhIoNdkj7>86hI&PztF}a;(EfX zil7Nb#+CVa19w>D-+2F35YGZp0E<10OqY&J|`&YHD6rO`O=0}|lf(bBSPc)0BJ+Q9xMhuln zsfQS(SUQ7W-hOgW(5%SOeEL=VL(8f2p-^C4y?FiWhnJ{=r^jLh#SENRo%COfl0@_7 zmX<+9fQY|cF9uN>N*H`%XTwWOKdu-1<`!(Ldpg1IYuUW$3?mp9ok4!NPP}5Lw#7q2 z1f$eVeCCrFsScPB0f~ixb;6a2qH!9y)a@PhhXeuX9Xb;?EtlJ(KKcZ}{xMp5PiVY* zl>Z=U4XEv{X_1?L$ecT)SO_ya+u3l!FeX?0u0DLb@c^5-41}4?T z1jeM!s=BF)TMO$<)14FvkI+*EphOB*(E;+_DUte@Od)Y5wG6nVO(>7XNKL7zt*DouuMclBUm}mK3Yf3e> zM$(!>s_b8|MdugddTLtgx$y(n&FT^+adq>Z(L1{oxBQ`9epWhdJX*UVU0~Ss#k!tY zUqv%o=ILLz$U}cmb3I+27(Wb)m5=_xzw*@&D)_JXIxK|-E;hJ*!ylToq6{x{bmSqR~0_JXBB2&fK_gDP*Mn`0H8B4!Tf;x2!60H=5i882MJ^2Gb{8`7(HWyUkdf<>C=My1RC8G8lux1{ zO?;io06u=0QF3d&OJ>SsGCyDFI?BgcK7;-1*Zf?TTATHBz&t;s;rtKlI^t(zq03)W zqqk=kiS9y*yp~fwo~*U%e0Sg`P2T2%#`pFczOQw;(2j?nA<-c9v`!-u2A%@bTqZDVsMa~DycF5g5YpP#SLU9%$&=Ko z6MiTFE0mj(+MjDVD-FY#wl!mmVXwoCR(q^b*+@DJ!5g&vd{(spZV(k2k>vxGF>9XL zh3G!)v%t^N0nKYb#=F6^*IzYeCY@9oF8dAd@jj!<`9<&cg^TYbf zx8Lkj>b%0K0rnFYjkMYMySE?eJI6`oOiKAR=}|63pqkNH*MTN<_9MK zr!LNXa8blv9)cOv-4;=-Sr*qrip@vtC?G{NNa*&iP?0hk28mA?!zd*w1mT>)+aPvXlz2M! zdq{DJna{uRyeh_ziYn$+_Q0YC7KZ>V%63NH3r{Tne2*|9mV%|B7mz5z)f6+7xTf%z zN<5(xl}1AKFyfG4#O5P*B%TR3-kyBU^E}N(#7Ph-%*u0J6xj4gpk3&`zzgBa9!9VO zhY=r3vn=ijM@-t%dmzyRiN^;L_53?fByl5|hxTQl0x7_}RRLk18Jq=qJ9w3T% zqet2V5BC^7N(@wu(CjBZGZg-Y+zvShxI(t!1 z5%Z0mKzj@|3StT!%*Bi!ccz7z!I?w z-`ab6U@VH;$D%w|EXw8&=8<4Ex`TrwKx3Q>}lm?ozltnRn_B>2s zbbxY{Z*y6wI>h{qu3zI~X5-3VLti4j+_us5HDZ%c98wrHa82ii?+EHv+PpIMd0VRy z249ZEmn|QY6{O7O@jSbMwd7U`5SXz-zQ50RYT)B1NeYLhVn8p|~(Mlh2hggJqfBP0$ACDj{AHbvX*Cp9 z6EbTe&ueD{#g@?eaq(3f1qGBXxXMN-(BR}nR$V(;I@dc;sDFv55}i#|kN=)1{;Ma} z8b_fa5y9zYXPnU};Mr(a>UPfU(RHZfAfhTr2@Dq{ER-He(jX*B5-aT~U#leOvlI_V zaO-YfN3$d~rt0pLwvL6^@d<#s%^%8R0d@ZNZbPkwh&2sK0N9SO6cBODV?{jSdlBG0 zN)_!vU37pcY?T##`d}$9R+%`q0(f=lT~ZA|1)`WCv%m@^LDeDGsDYerFD4|{a*xjKRk#1({jflC;Nzu>=wgo&3hNtuqBI06S>FWl1$_dHqTxA`-A zEXWTt;I>45Dv07ldLfZX91#}Kgz&_d#N`Q1m2gAusb`P;;sZP|{#fC-DkmFHiW2&LY9vf~WfoKC8m6?P^RHQ1wx$7jFqYkoFw?+XR(~5IQz7j73kUwr4uE&b-_ab=n@I4$;7-G9g2^n)kBbQa$>*zfD5{zJXg?`X{9e$0Eb zVf#4KjhEu1F&nneES9Mo`5qWqajGR@5%UPAzK^VNu1{mFqd@j%!vRJCoZC#A^GiJ% z+0fE8r(XB78=64S_HZ925ON@lu8|}eoxJD&=ls*#4>mTlgUdN$_elvDe58lkfl~RX zHV-BU#b>zz=M6m@%E)UlG;B1dVMNA2QFJq#dYlSx#+F*Q1+n;$XL-|t3BvZu5bXE9 z;-?o40MikRut5P$Jn?d9fTdQJW7V)KPl_uTE}R>NS9y<4V%PH&ixlw_84;F-3E`ga z!7J2`j=0aIIszxLe;d^Mh+98AnEBGC`EZoy?-}IV~p14FP=^=BBByj|AFN(s5dZ`;Iw+{$l2N)3WN)-UJe$M^@tB|vP zQNAC#v$QLfbA`-S`LI5N$2)LR69{kItxXIjpG^ylh_~=>#Ai7!1$dNi8w9w`e%QmW z$A(`xT7aOYmuD|N|M2?k^JjosLzn<{KEsP|arpA{XERLjk1PuT8`hJu=|O*gaCnYdiVl+;DXM)ci{hvuk%~ zkg*;OJ`x(-{5d@qH0W;60OYx;aD6UF6iP-Imo7<|rbM7<1k)-}LHgX$V0?%Q2X&SY zdRNAi>5hX18duA$!2qv1k(@Rrz$AUQ7vrgVaRqRTE1S1%BRv~FAajz=o1CHFe|x`S zw7@IO0D|qQB~K zMBuVWgejG=_w20}KR!IGr3ox}U0zS7#jB6+obyRhq==mVn2n$lxWIgkYv;x5Ki(31 zTcJxG;=G=fU-gfCG_ivCZi&onz|R;CD4?yhL>r% zRwh5r0A2jJQ!?5V_%Zx+9tAyj=$|wu9Mr=n6U{AyJ35Zxeyhd^o7%jY6KAA{U~i4F zVEc6RPW|r_Qvue>*G%aW43buFoYb?Eyqc+OO5h2pEsrtSHE?6_+yA@p*!;h}#yf{W z5J{MoDuHc_i8v-;`)VRXD*V(Jfs%gDvU+%8zu{emh0@NsU1)YF_!}Mvu%u5Q_;usw z@>qanxIM7+eNT9)_DPt!0b$e=Bne_h0-m_37R;6E*;8P};Q;HlFU# z*I}R~?0i1D1_I%dIQ101@|l-VC6|H(dRTe@u+*dR9f?`pg&Yq(zg_PkNei0s1QPR( z>7e5&4}9 z%7^N|s;#6S#?`lKbWi4vd(pSe3*3mnZEk7UmR3ER+rilm^Pzn%)_{mZo@zHDu1aFU zB0naA28zTgVquUbL7Mh_zJ~+{y*pC({_Fg`b8Z%xCa-jterl+`_ftO-4BY(DJQ^4n zZO`o%a_t6DLL%-#=f$BHA8eK24 z^BV8B1}tcjwR+x#13-0M_Jr=>uETd5kTZ1i?dGv0O_E`~z<>UHeqH_f>z^U}{CPZ< z%SnUXUrqJc_d37YBjEF?U^1c!Nj<>`qiINZA{0rbPJHQUo`&922Yl?-q`j7We^!qL0s7n1I0&BwLQqD+5M8M%7DTAf zB{5GFjRKc5;Xivv;6bwc0vrI?X1EiT4IHTHb74(Gd$tY&ZGsOTOx}f>sXWV(6t`P$ zs?CXh9SeXiL80fg4hH0L=Zn6^V)^UO51!&>@)RHng?X^TG%S zD-zZQ)!MLyiDeOh=9HcKkj+a^q2Q%dIpp_+Wm*;R0^0;&$y8}#S#!J$OSf?qJ^uVY zF{)@4oY5QUyzCtp`3-bld@9NU%#S8oL1oos#IGwDZFxBlVHoBxm72HkM3{8X=6z9p zXi2t9|hl2fvRoc#vta`OEW1qi&?6ZSx@^Xfl&JY`0c93iA2Q`!0x@W63V+0Zz&%qoo8nB}u-#(N5pM=*PE z<2Nr}EV7HhV}T|}OILgYcild16RkuL`6;1kB47gyDTyUbh>WBk`$Ett_4+XAJ`B1K zgYLtik1!1S37mdxzCs_1i4txvQX-;6uqYN#Fn0-K+yfIO62w;?3t0qJMEbd(enhT& zcqYo?;VrgkOR7Rx(DWF?jlm+Ycj)B$${7{X((09sb~XIJDgZ3PvQs&#$h8S(Zew8J z@+`*!05jMF6a0wR=8JJq7h|6FA)(-2;r~f^Jc~ z99Cy9%qf_`{il}P68=#y_Xy`H=LwA|CoJ(`vyd)q7J`N(4TL6skVwK*5RxQ;zc`HpCbi3i zpY#y!0KLqA6eGAH=lqhxLt+Rhoi}=(%8}+E|kx<*_Pv)_pwrG3Q#{HOv5tOZYk^*Xzf+VR3 zh|dF+x}nSc)|35wQJd!1`G_ol-I?e(x@9ub`SBnV@dr%|AV z^!AA^d%WTN@IK3D-|p6`-FT#q1Z{XbNOPAgVM>Q7QLYc2r&5k0Zwb8hSi+@_x#-ab zJwSD`-)#(;$(M*wQh{DXXxgQY#C~P=zdqo5`=?H$$Fh z|1w9T2JKw6?Y7xd*l5el)JUgxfyYEkjLCHHK|=95XBGFhc{XUuP| z);I~TE};u2Fj7cpG{XF{I=2j&Q=QImVoK5434nmt?2lL}%FtbM>;eg0Q!Wm#>6f~O z)MPd_(W#SJIVmda>aqcm`}t>_O-wf!&wUJ_D!?N%oB6Zm?{TQ(&z-hG;HSN zsO}y-2)`^U)BW)Dp-Xf_RQ!8`e(Tv$cRn^=US6<+ ziV`J-;oCa+6`u?2m?=ywSiE3qFn!<{VLwj>R#kurS{R9-2vgM(MTtCy_z z^@{bkLfB1ZgfsfWu7NN!F0ex{a3Wl2Ssf&fUMcE6c=+n-YEW-X16iC7XPMHcIzPo~ z>vv!g;W_;2q|{;t<3`3K0_%D;xSWnhKWxbf=Cep7G$COaq=a!UiAZ!z!q`W_SkGs! z+~ZmLV?yV8qFpq5Zi~{-WVKs~BAtv}($tdEyX#g&9>Zi(iTc3q)?8jR!po5-sr>=6~yav4T#W?9! zexE^4H!51zXEH8u;Q(+lnvHXdk^p&R`IqKr_#6+~XQcUI{pH(l_Ca-C;p_l#$A!&_ z(a!n1w;$@8H>$f6*kUcVZ&4zYf|%iv#0o;U+TODU;B^Q?d^88Sn7DLi9_@}F&CZFl z`d;l9_VoZ82n!z{;3{_3x@T>O-I5p1OvelJp%Fl+i!dKtR5O7^T%>SIi@)9DQLpE^ zzEm#Fo~mt z8nSi;u!|w(q@*E{n#x$mzR<$$k;4H7ZM|vy7tpxrvOPK}q$_lg`jlvjD{!n8;oOZ0 ztipa6Cy8Ql+B+!@1#E0ST1Nvm!tIYYyh!*mN{EN93FcEy0A#pCc|jr=ho05X{&*v# z@gW~?d@Rj+xF>WmX-n@9IC@0!_=uvOe+PHMaig!oi$gz6wICvmBEpzbVEgibB)(1) zCL+&W%69L472o%aW8?8U68I3u+j9%KZWM>i_lTQ@9>9mxBSJ}!DC(vnBH`x? zA3XOd`6?a@PW0Z29$OqTwm3L<#f^wVCfbj6$cUdZNtj4c;E=_{)gk4ft2s@1k2ns< zVX^Ue9Sh<}=nj&qbr^(P5Sl>0F)vJrV4+Kd)*h9S>$_6*h{HQP#PO#V&Z`cI`1w44 zr6Kb^bAIn;j(pJYQf-VmUOA;kstA*&aRs$@smn_}ot4NA%N^zhm}ERDka)wUF*TVZ zmDOWfx>jk43zta~sdHj2#HgziTJoBH-TC>`r;pCq+(45$#Ydy!3a(CTlmd0zS@-OcPJ7d~uWI7;le%QAyiMEbWHv1%|FmgN zhmqku8Iyk}Q>00<3&qpNRG4%!Xda0HJlfM)bzvyn*%E!ty>eG{KDf%hWD`IU+|an- zyHk8JF0i~ULqY((TCYEqMDRE!S_dxm5*~7$_Mm5ndEKu*eptdg>p;-DV33VR z>S*8&+Zyg9ItoMTM?^9n09JGZ5(lwIq{m{#W64slKcDe}Ckl5y{(An&`K{g(-_-Ep z0f5Jpb6?csx2Wf2=dj1lq2?=;!r=?xr^h-y);WBvn1EG@+@86Ws%$LjXdXkJOO>p~T(Z@1q%yMWlV=d0GRC zOejgB6rf}%d=a{SDE()jO%o>G;nLfDG-?6l^<_3vfO)KMyt>RL+wdPZ!g;M=b~(!} zSI2ytcC1c8gI)BT{}|=%+MRgJD_mSG>s`xuT;ZlS?C_-ESwXL*{bZ?+Yt0HvP-m9Y ze_ta?SB>FS!;O5C(v{mT^vJ6V76BZ3tTQ> zQE7bR5=Irj$1Qamx?IA0Y{2jD?(UYQLb`2V?Hc69$>8l)P3v_2?M?eoeVDw>hjU5w zdF5-GHYtix_4V#P@7}_4AyZy`xnJ9si@9}1HN{@-xLmZ0?lo0ksH^eX5#HmGsgDf2 zO2x!YFhQ5cK8a&VNk9Y2W0$2q75fFvy*l|8>g0)kJMnn4G5lPh+hLi^XVW`d5GGIj zo_zd~$j3K-NRLJ`W~(g1xu@%5RspEH=s0fp=#09N>!r#iQ5;f2spdp*<&!8#G3HSQ z@bQBzsoU#avau$UTKhqNy+A_j1=DGqf6%ZZx2@;d*$;*xqr|_Z#)4cI;!+VZ<3vlLHy`Wz%-ufJZEH zY1saWZX0lR?*R{zK@o@sI(ZWdtm*GLvU^kceSGga+l)vk%3;veAg21_Rf5 z@qtTN6^rWfe;Jy247ZfdujkHxfhBiA*+ux$98~B(wfN6$dK&oAzz>}l|M~N$5ARQ` z=K6nV`K5U2yoU91tWRTi;12vGhAA8R&N)wcnbns)WCq={2CJh_MvjVNi!O3I#(tufMsAa~C$);|CC5`Ji7nnd00AjM@0KG28Y!840+k}8kby^qBv5#VZmxspwC~4Iqb~C@!`sEW2bsjrB^;5~f_IGU z7aV`ji1bb?bE=Y~wBl(?`2$dBAni>T0oAk}KTPE6k>0KVD4_(~r3(Ivtc#^(6ovJ? zY2IBr?mmdZqE_;}1?D}FQAKCr{))TV|K+^$iL3JtXzf$Gu43ZAU0!d`_xP^-ZPIvg z^MLOoKk@Lre6LdrskZf-C^&dm_9=q7`8!S}flaZa@1)n!YK5{%oclNu8~1&-79*N~ z|22n3_Z1xDPU57=hI#8p2RrE)kt1Gk-S|4=yfe<`;XB55;G@9Syhjh@7N;msX6fh` zwoYDWc^R#?UfrZqQ&QWjZ6QioOaSeWYfQlH$_x#@^^_(o#*^AY)@BV{SD9uo#1A^kq?qmb9=}d@28%->YlyS_q=UP4TIu`l8NZHNGu-t? zte&(1O8eg!q#IrFsuW#?-kg2TQoHOOX9?|)wmv!Tw$IzwtmpmV_?P?rQ_-PQJR95BXsQiX+2wW$d$V<0%kD)M z)2X`uzWzXLTl|oYOopi{E-uy_^jSB$R6}V(K_e#4ndyR9XZ>Fl_VL&2wW|~_MI+yG z%rkzQWzTkoh#L;sy()9_YF<-D@v?Q|G77i-j=mO|l6r8}?#C!X>vagPA*`*-A5M?M ziQkVYon2bG1=6fZZmOdT@MYgm603)lt}cq1a~Go;Oz*qX>mhJe^BOwPQ#vZsGnJUJ zU+y$Ey2NUKCRBY0bZlw88t=A(!z`_b0uCz&+BwK(z6L-sjaFv%d=%p(+bb?}*r9Ca1s#Y5n9rntJ%Poe>Vz3mC+ zmNGB-QCmOYfokp)Bp8v!Q>KmAqK40yTyi?UfIM#;x@UUQ(l{qY$)bUS8V#(BeZ?X+ z5vmpW6y{RW;mJWaKN8yCu40AEyW_1RSDRd!mNH;hmEPL_{0^tz;Q+-NK9;E(*@yYS zG2mb5HaJl%UI!N>PU=l}`l?fAR@!o-diOfQHL5(-lImPDoU@xpJLjrS{H%NzUwy1`Xml)5ro{B z2K1`SkQv+G1#usTy$yDi+M*FakG<&n)mwjq*oB`M!%u(2Rsu@pTx=B{;EiBKPVk%6 z*`y*AZKS{D?YiV3iBA_7pUbb?^V?Zb6GsBiQ$ieh5*Sj{RUAXk=0I{(`)_dU(yMNJ z@(KH^gaw)Xs)Cb8PO^wn%Dd|k%b16z$IJ_U{Hp8{O|G6+-?BY#PU`XtfTi5aN8{ZUaPim#k-Kb|GWw=z?k4Aj!fGGS`Nc*)nul+|tPZcrp z@)Cd1i>Q_?wyC4tmW%*FB>Bx3?4WaIhJM3!8iXQnxNQWHt`>6QCgL(rPOds=&Jl({ z!D=Yw%>x8^`%*P=y)u1AGI^J%)@XCDTIBxCRZH~3iafW??XG*JH1DI+_6T)&&qCGz z3N*|`V_B1X*mjVv1A>qsAbqzmoTa2a3zmd-Q0$F|wFrVjvT)kwh=gPWyCUvnvC%eP z${o>vkC-1~UuH+L`JhyHA8DjcI)a=clA0dm?l4rVy0o*(1*kt7_)|@@85XIHM zP#^9P%#cD{Kbgu2LQ=rq4@qHAFAdr6ok&`Suay4CU4U$Ciw2rUGq^+L{KIf%R8jtD zn-H9%cP!&FWLP#Z{;lE`InvGg>MdHy@{u_|E-{dF-Ti@RIRDl3vR6Ut)kK_M){qY@ zd^x}*XI3NE;eqLR(vcV%TJdt;GZQfb99Z> zzdM>BG+z$={h0dtlE3`Bv};(*PKXMG2HeSEztCs|_{SrK`r%taJoC9;Av zmEv-bT)mTje0YTbm82cH5(q86OS*|)U4>c4ZpHsB35 zbw3ZkgLJrFyEWXt&SBn%3j1W-&f>!0WW7_kgN5v*38#_*IzZCYKFQupDMVRvkV11x zksP&2TXZKF@EPda)pTb+^(+Grl=xs-X2{knyCt7QYr{9AfiZJ9e6a$Q$WTTn?1irn*ex!gHz#Ym zdN_@n*yVD#T4rE07^FzWArVlbDvtnKJMtH8Q;;mq0Mq5L4IAlzL0Ldz%^Vwyhz}br zI3?5ZBAAT`vsbvGLg?qK|1jNZVBT+?}ag z-|zk5KFIM)Pphp0Gj}BFDJW8LhK6l?N9Ai(*|q z(HgsaQJ!CwYf8_`8Jm47C%GeiMmfPaOT$c>9gW%{wy=?8lXS{w=Saco-xh?T`61o` z$7%nn*&=i;bf>fSY|CQhS-_|#0mcx1m7WRA^SSN8ke~5`r0SV|ozBajVxrXU+P^|R zAsWo3^Kskx_K$pzY1LE<a*t1jek-Mb6^m1^VBdcIlB4yq|9^>>V)Aq;yn30 z=)_22Pm4i-Tu$2Uxc=B{!6u^Tp$7gweP@v0DZ?GBuO(fmozqHb&GWQ7OEzZLIyw*5 z74Ri5%8HI(*A4VaOsl_((wv-P7HGQ(G?}j;XyO|)fZcrhxm<{tHJB!pt77!mvj*fQ zFG)$fum4D<&xT#ntWrP{+mho+Yu(e&Qh|_?*{*nUNa$~gj}6xc;RwWVvFjhP zZ)er}cT}zgvEj2WHEgg&jN!${Ty?q4I(6H6224#J^acUgTp1Nfn+sS2Q6@h~iS@H}g5Qtrf9#Ja}l;8zRb$N58ADA}_7vV9eQ zPBun*N7g)3?b{m%sa*_Ubl5i!<(j>?W{EcDF0i}mO2#e_$$C>P`fxb1fCh!C)d*V_ z4D34VTP#h6$f1}y2Y_YvScDROqZEL}*(P+v(sHY;U880P#&i0W9r9{9~-X zAJT2?pDbe|0Y(QDF6Rn4Yd(8{csPETv{)H!uKn1%Yxd)F0`VJyUwAAD1XWD(+~jK4 zoc7&The^E()|Dhsk`ae%^jIH%udk!;IkUQ3gg>Kt+c1AbS6%#bOL<_*E6Me)2VBDk z(a`nH1zX~}B2aDy{b^vpV=o~X3KFHC5Ow+8>3J_3s%Xo%ArNwKLsxVIA5T69c0ez< zCY;@`7}Fxs!^d62Z#S~(FT4OQI2T~RutsJCiC|-6L zDXfUxrMywakRTQplVBAZD2eO_g6`RG6;g|9PQLDG&BlL|0-SmGDW^}Ga8}doR|fqo zcyzR)16ODFTv7sI3$VR?mE@kq;?*@dBCtiUb6L@qb3x_JhhkYAV$j(rIYfmdO=5U^ zJ_`l?CqbSc`!1Z3@udizF87XBBA*U`;=>KcwK_KyqLp(prSFpOzBx+@2EltuB~7cI$hw<{R#7Z00J z6EGOrORsVNk1@=$I8sW^&6;#U}Dw#Wa-b6}p;;%Df%;d#ljvewjDm z1^jTBU?YYdR1Q{imT>zNXKJ6CKNLPbjzR$Vpx^K%*);xzd?tH?P()sP^cxOXQ91{qL2}#IhYr2Ft;FgfPebh(EWUll^5trF$mZg+`+okV2dU27N0*}>L3Ue5 zm-ToKbF2}NZ7e+Tc)Q$z_y-s-iJ)*UaT1|U@$Gefm$i}tZA}(+q*V~RQY_J{QgH~z zNZPSubi`#s_+1rx#ildCs3~m7Jmv|n0J2DJw_z&Cbh?2Qgugg;j!|#!I8F+Uy^;~q zU-U#NH2O7_3U8q@64V#+LHMdm*-(REaXlGl0`m;3Ca1o?<=}>m{%EC^*W$pNZ(Jxm zYWcS0c0T?tPiYL+MMd@+CPvO0$(#(O{6F!?8MO`bO>?)F($qo@%uL3W`j7YO2?}mI zU1yxpy@O{4t=I{M&a{oDa{8CZZ`IES?IjWmc)*I?npr;@=tWgmL|GCE3LzkOiwU~H z*os_H^N7~_QtTNVjeH7m^a*dnv5D*mJY=bcdgVE8XaUvvPPzenD|zKU4&+U2WBAJT z%+k1NfZjZypLm1ZyrO3R8qNn5I@X=ICvb^~CZf&YXY&=O*u0;OraVMH_s=eA2;nctuh`iM1H6?S!q zH5RHvkIdL}GGL9iD6D-(riu)^cV3a(eWBp+B+(WL-%>sIYUaF34xprGd&o>$Pw7>q zCJ8JiB^f!v;Pt|n!HU%*VD43@n3ZR)%q}ZP(Qf{M3=J439rM%r-_htam~=OJEGcHU z%x(!6R#H~Q&6=>3q@DR27wO@f6j&~Jy0Cb(E(RD}_I>L7!S?XbhXW}pE1P<Q2N z+nV&T`__#xwTwqLv!_Ohn4|Pt!ct!4QnpJjgw z>wcw`HhFku*W1FbcEv~7>Yx*cVn&aT6@X!X#eu<5@w5Hgd%sU0EN^vbX&=|K0{|Jz zCpK@Oc{n-eM^~K4+P5`Da<_B6(X+B*4Kbli2eGC^J}nuC`s5Zz{J#=JDAUPE^od|V zOEht3? z>f%fy{$gP804bwUPSM00Pe!ujR!H$0AVG5+$mAw}(JMF9qYGO0{O*&WBd;!14x%>>rGCR{vZmb(;yHo+$%_>1M9p~J5OG{NCYrNLRRG`|G zSP4El0+kd;g~pbY1g9cjnG4fT*UcF!SbNsOfQOM4%z)qj`&z@yvnk?6Ri3~fmEg$L zJCYEU(@V{C&n{6SbFpy#sA7p|V`;8rgV8CNGjCG+z+M?4ZyKL0yFaGPVQj@EV`Z;+ z!;Hx}Q|a2;yBLLte+KYS+*!k9jun?vAUdrLt63bOUvd4W)d{ZVk2(Bi^qEnzQsqd+Wu z&Jftm4CDSRL@F$()pvenmjt(+jv#JygUflm=$`~6!Yj{c34tq8q4zQLpdnjuTtb@T zBsZSee~%$MaCd;2|Bwz})iC>6r9fU>$mvu2fx5RxSozYCK^U?KXVuvCQll1CO3Ib} zC_ZuN)M%2^GjH(Zst>(YDqseR!HB~}j=ko~h8%1jwNI6#SOkT~x2$h$c>&)v-ZS;trO4nfU#-i9VBfQw^HsVk9RU^GCbtVtclHOu^h!$pU+8 zM{gOklIBIBYyyX6H5D})JM{whVT>vfQ7=oouv*n6?8kG##XR6HRYZ;WI#4D>^SM(7 z?iB^CEZtHwU^YeEDM7bZW}~$fdF>2;`3=+EXrgs&(g;UPh0468)nz5M6s;pkb;d7^ z>aC~uHz@b9i^R}r=sBn4RAlAt#$5Cf87#lC1ut6PCi51m$S~CE<%~A(y!xaFOOq`S z_8kiS#ak0UB3gA-EbnOb#O`r@w^pBFH0h~O!XwPZZp_$(AU zw1A;qV1YjPaMS-XTso*+70Gz8_zb!v-`!m{VHr~Nzeuysy&-dHN(+!F$S^G#qMx6p3QGuK*h?ELZ=RxQGX9B|+FOY06bmY=H- zdn)m3tW|ZpXkA?r>*vf>$_7*Ej+Vz0D4^Swc754{tVSW&!?Br1?SsolX5nis1uu%&G-=$4!vRME+DKR2ICE`Kl=kLGVd$N|ht2-Sy0mUw zg5x^urC*gC=y;_M-ON9qgjOzHhtI#Lws0EPMPPi1i>nN}!Id*L;kaqmo{8X08GRwueePfk0~gkHmTl5$o+OBtzpN z4P^VjIRGURzJeq|kfV*(&iM3_ale_)g}d4E*l;Qdz%l`}tv zBrN$~9nBxlQB`l+PS6p{B7!dHDba)z)?4DsVxx^ReU_jy0On~dP0)au*`@TFjt|sp z6)*LS6(AYQ;YFValuuH49Y_p+b-l&wsfdIm)cEl%_@g;VfLv!+zF%if-`PZs?JAZz{|M>WAyao4m93l4V zPQ1=H@JDX`50QidvN`(ngtL$~D(99{`(YB0t^7flt+1iH;1!flm3sDkFyecFD*@m9 z2TBXw8l)1wUARy8yo>q4raz{VGjf~`vX>wdojAK2F5E>is6<4M*Baz@b4rlA_2vuu z`e|BZ&+$`Er959sAmSqu?I|D_*4F{o?E?CcdZqmhQ^8xW3Nn8&)~&iYy_iA?2X}96)x8HRC&H0r zfWQU(4V!{3w{+Y6j(prJ`Sk6<`h0ku85+GbxzzV!d~UjMw8&BvI2Mo<=phjGT*<7Wd~$;m6hj*L_F^IzAUmn z&ZS<+?a!g%o6xdv=p@ti1}I^G4)Qze9zbt6SW+P3DQC$|2oZt zAYV0=me3qrqlIvll6}7W)f915~wH}a! z06k<=rv9gsU3>L4?O~^$vvRu-`g0?Gc?jIddw0oqt+TU@$)NfuY}Bz2HL+WMV<&<0 zM~nUmbno!jA8liNIlR!8IaQFZoawmM>|vExcdP{>{wf_@}JKsVw!dS zQ>3F--NN#1{`jdxSX#b5`D0*a^{6{&2N3`7RlJ(E$dR?BVC+hFekKSaR zck$d5+K68Hqm@aYDlh}bijc38WQT)adV}_T)XSHh-$UA`{=_!D@ulSVdh!?cImdX9 zcZH?yaS^5s>DX^;?}_gJH^Yj1R!OkT~$ z2C8$@q|G6gX8SpP+>5RaP$qXp@_AopY+&#FDTV{>AoGgV84%l5h@&ii8FBNV0 zp`aAw=kNYbmdJj4SxnXymsLqDSZ&Jz`#F1o)4R%;wc4CV%FIjGS$;tB4WfMkPPtjM z&=!&l4LHKP=Q%;*(`SuPQrpwZy(Nv^>*WKmZ?KFCta|uM8l4k}y*AaYu5__N=vzgq znUBJb+aK-76*<1b%%wx40O-F?m#AKKM-H7PzpeSjFBfWB*uPeHmS#_XWb+ri(C&->LG@2IKv& zc-$jpBoPY%>r1IMFyK1wf1ayIwW+o1AJAAHT5R8z1^(T8(cSw;+2hXM_bsd*TZKnLsOq?YyQBXm#Uj}Jyta`mQu^P`=4FbB}sTg z5CW$-{(r8keAI)R3e*ET>JYHNA%AE|??2$fh=<{TKT;9)#C+23gGzSw$YA#frPey; zw{p8b);_7I89K7bpwmVpvAHSvW;p7Ol?jo~kXF^sG2ds3r~vtYevj|~a^L_F^#56d zxww?v1M|q1U7-{%6zVO)viP|HI17VcEW`$ocYQof{h8)pwiA2s<8^r$rBd`uhA zpnPe1O()KRQKi{~k?Nk+YVU%w>aB9~mMcG+OO?-2aYpMZ^bi$op*yX437)vHXM<3t zoMXbD9s2MPH?H_5zj9@-Zan9HXMKspRr+KI`$VjMzw0mg-_Z^=+hJ5CVCH*()>Fgtabo;RjZqW}WVx zI35WDqqUwniap~_{qZ?KYZMHkeW0;20ti?+$%`7Pbe?=Q>y0fIjTn)$Pr>+-1MIWv zY_dHkgXzm@%Z4>RJ(E8oRkiXP^_AV~OBtytk*J!{k6>X6v0b<+qk=DwxFbA951Pri5$ee?& z<);t}_mFh$xG)s;-=8D+B9`}H3}CH%;@oq9`|3WjSJ8uY?(a%E9xO0hVQzfl;qCMU z05nHL$gPNWX)MwXBHexP5A7%tGkLB*v;I=NWcZs#fafLg^el$wCkE-uF_C5=t8jB< z@;AXuRva0YGb3)e2~Ik>6+Bw=-@2{jm93-rhURgD2uYLDf0Z`=_33{R&?=t^rms@t zl-QQ#FjSFXXep$i(Xx^GO7H&0At#m+J$H=ZWXunw*E*9wW^PdfTVTf_Z(nqO zO+X>@a8iz&f-3*3LLB0*VBcb6<{$voX(XXH`&-VUyV=rN7n3pjZ}!WrB;EOAr0RqA zKj?#qleJS%i=3f;lacsGJ1LIeY;xCNTrj|%fw(uNV&eEPF-4ma7O8;#qw)Crt2M{3 zE$Q2*Dr)l&^9?-A2KS|&B~wBpfMB`+`ralL30=OqB}$x;?RlFWOJ2TvDzl7a(b(u%XT_7MkxBLyl9c%{8CMcyAwSO2WdxhHul?P3f6Y*l!< z#pdCxU^GamAnE4tXG0MdFiI^ND)*& z-sarHfU&bfl|0v;FqdgDGk*>(Ay&@Wl=H6grM^Nud0_|nay673dLY~@juG}!aSx`4 zLr;Rx!uBjZf8pajiE)ire0Mn}Z*s4?%~h-v*W7gMSv(hyUueW)%FDyMn8#E(@^Ud_ zOlu>icOj)XeXz^O$mdOZfQ(e^an$qx6U0*T`Cm|`wU~~oav-)4)C&-0kj-`axGh{C z|Cj&QyOB50`Rc;X`c9*NE^Br~%5%}Nb7dLhEpR#|aP}xJ1}LyPgF_v}1D9ZlM%4%3 zqT>3aZdfwSSi~Z}J*D>OJq=A+Zv(yp%rvPAY*A9mMmp=l;)*RFyMc*$QAD-+B_UcR+mljsEjWLKD&e|G31GfWN~ zQ8|34Sf(fd1{H(mM9ZRC{?}qjEQCbve4X}tR!rDDIr?AiwWZh5{y>ZsA>4=Y$$m>RJCQD+!RNx z551ibyXCq2g$DK?psUv3Qc3lAx)~T+>I@~ZnfRaB0g@G=SBU7sGGgZte5UNdFO(L^ zs1#H0%=paO=2Z%5i&U1Ynzo~rrZp-59xMzL00j~jHvGsf`b7^1Ws(30u=mCSB%o~B zYhs22_0l;%1w!T%@8v{Kk?n!_SL*p^Bki)S<4-I6{=<3J%6xQBe-yA@Q@2+CCErN` zyxz0E;ag`lkUNUwYydCpkOVi-6Ba<39C-`Q_(gco@xeE!B^!3UZEQJ?0)-D{#)j)Dl;Df za)%e!k-|d@#OL3Z?5Hu%tyR&^{aN82;dD|# zHpm-LQjrfKVvM&1E|K)bSK<&0N(k^TEjK6L&2XerjkGnEWtdC)3*P+)R}D0D#xMUc zpF`~dOT%92ylGwUeT-W>74jzTAlmBJmLSb!qPKvkwJ;PRuOVF2R@^HfZHRe-&8h^P zR`x$inK7fB>l{xSI;ZFuGf^;BPL9fndAj*(sh8nz6QU{(B+e(W?o&TR+$v_xGbaqo zDBf^c;FJv<60w%fuf02u5plVpu~jZU2`sh$XkWuxMzhY9ju$c;1V~H75B4FMpq#Wr z@5hpnyk=l?4j{&11>q{Q(tV;=s>@ujf0xV4Tz_qtQK$}Na#kyRYSRgclql#zMEbv= z@61vG7e!VN!-@t}&q8WD$nE8H6bQ{y{uiKQD?JJrk|mIx*v2iJ#;g045jk8C#V^i# zn(T-RT|;BGeB*M*d#9AfZP)S2eGpS{%hfU<@F;Lk61qNve+TKb8k|XxXV3v9vEZ9zPEK85bV~Q7TI@ z=JD;Uf==vE&)e}PtXHiCSZyjx#9J`?Fi>$>`d0m4(S3B9Fy9m4Ya(7VH zOL)ka1OgYmx9&1{_0YL&i+kCjhUf=-FhI2baq9K(iTz*R{P6$Jo0oO%OZ}fW|MGu% z^BdgwV>wuAcpnLKJi-5kU~j%cKm(6NVscaX00u`gZ_Vg42Y_a*LvDeSVFU7OtiHug z?8GsfEVbhc(zrH>74*i=eJ3|nrHMyj>eY3ZVyxlzwO%&`iY~=OKFVJF znIj=|Ypoy&6hOR3NFnq>H(3RnvtD>;yXhLI6&)q;7bD>V>5tK_M%gJ>)9`c6W_2~K zj&VoAY>XX{Y8iMAUg0&_jxtD=q*wWxU_n7WoEr4A0sSB5(XssUD+^ z#R}^9DAbI|_+4#SHR4NRn2eej@%LL}a`3{v(&6L(T>1)9vBlD&9=MB|CQ%LsnrJ0T z{;x6*mLWpUPkj7R=TZo_{fFQo>!p7ir4R=~MJG|2__bF{m8?dG$&zLba9TAnlV(tlJ9;Npmge?KZd}3?xyhX+&-IG9 z*0^fQCM~XAmX+4rs@Raeb#t;+Ecob(O?qV@R3mKQ#e>BG(!C}Y#)V@ z5jI|Li)_(={+ml*Yd2E*9vgq_nMi>Ps4Ae|5^lZG*C>FKLQg42lc# zxI_i!E6`w-K@ns@Z*b9Dv2&-OdABpJH_ISB_7)I=2TbE+H(fg6JU_A~#2r2RN3;e< z2=0F}NC^(2td4Ng!O?<-p%_<*<4S9d(MkI~K3Zm$pF-RC7iD{Kvtd5b;K!8pe$ zvdA^g{*xSSi%S@ESVi6+*N=1g-%ILZ6gy-v~_B7?={>f zUxir+`j{pGVwBjoN@Nb!o}pfg`U?u6h5$J3GOppPfd8;o0YB9gB)4R82T=*tBL&Yw zFdl%eKhBWv+YILu*cT-!Po2bwkHTydR@we4VCU#v{m&{-!fOcHzZbSt&BS4ZaxoHd z8b%^t)OSEDuB72UR2&zr(-7gZC(?E9(t^$qXC8SpN`7S?>dgDbL!>8sNSx;1BIfjZ zd`n?VB5X5wAgd>2$P9>-+6~*SNW%GGRj+C%i1TpZn8!62HUG>hQv?v$YO!eSc9Ku( zE{CR86`+^jOsfNrnKdYOjV~4A*${H$H{tosb@LQ>ro;b{PDi*KfEA#z#2nJMq0<61 z?mK?BIc*n}?gvfzmTh7ytv6dRB(&ikS|m{%23=TJGMm}Je9T#VIw$xp+^b8%2TFw43sh(WW}@1e4(24Q5&sU-G(j0|uTf z1(h^qDJ)tA=CN*WLEU@|%J~vV{QF*7rGiMZX8D@Ec|I59^lB3k-|~`QTd0Ytwwq(G zywjiVp_QfX-(SyAT0(mBN$Y>DIdmJmA;+vM+_xKDU0gPQ%IgU9u6n3W7BS%_GKnA= z;b>y24K@^LDQVo~Hy3nKnLpHu(p{uRF~B0pP{|RT?L;N(*~i@9{?%o|P>6jWk|qDG z4w9k{I9(SvubpdR!#7Zh){p5`4LJ6wC5iI#d*1+n-bfH#$Ew>@HT<|g`$l#+&7{(= zU_QgOU9zSh5Z}^?)Y`=9)<4 z=Pt>P2o{C2i@1)6pOGFs5G7D&2G2PMgL3yu1ra21IV0HdMLmut0k{+q+VMG7H1OY@ zlB5;~Y?=>~ux6i-nhVqCvmD=10fi`{ry8bOe6}lhf?N64cDqF%wm4d9mhZ}tu4DFy zk~awXuXxrK&i!PY#b_6Poj3Vs^*4Gh#3QT@WlI} zD>6r2)hf5?-nk;T} zbR^d=qVi)SP+ zOR4gW5WN0I7_cuNa9c`SuqB$727q3q54j}#+P^nDy2bn9zBFI2VXFE4N%=-WT9>Tr zX%PzF_n7#pnEo2&M&v5Ja$bW4+h~ZvaPEL3vZFY6s$f3AN^_;CfYa(K-MN$>!0LD8 z_tJ9ZYis`Xu*0lA57C`)@X?@II+)T6e2YK*m?C>pFiSY~7>tEZx-it|HE1A~IQUTZ z{PUQNt-T7WzX{%t{(;y|dC6pzWlr-1Npk-vD&7|_fk*IOMDYIKgucW7Fw^5E474DX zZ0~=R2nsl5mB?l%YQ3cA+sp2%eH{{Vw1f1Svuk=QXJ1cpRe+ECKH7b2U*~|I>P8#_+jXFn43uHGD%pPB*aHsCS?vKuHd#4dtTzRc%a+aq2NaM z;gm&ppTHYNG`cS!WzjxHGQYGrA0&y#NfK+H#rr}JnruOm@TD6|5FNb4Nr^99MiScw zS&ZAE2xJ&>{=++$M9~iOrK`NzDo0WAO->}+&rsA-#-xg|eQsLPC00Qgr%5o8`x}2O zS2CtAk)$I5`WQLV`)2?Wa>z`!MU|wah(GI@lV*Y1LI*cVq*_-pb zt5wpbBB)329EA30C>kqE4yNLct z}x`jB)E=!y-T%}Tr&Z}0FS|_T{nB}^<)(%pz4BIuC zo8dtce582S*`*Z&|C%0AH?lspgTI`o3#qS+%M*^mSkw9|nY+!`+m70HA_WPFNyi62@Mbu+;T@n-9GE&&Ip2j`91c_*cQ|wI^{;V0F9&pY0^T zDX}`C4%^lk0jN$Lt+^@#0zZZx!m;}FBx=aJ9x>T zX?4xnL}K<`MO1B)@~wTncNEiY`d(N-hOP}GqG)ZM{eNd)-hI@37W$4u{saGB;9jDDE$W zgjk4jmCR~hqM^pTj^EVkV5d!tMw`=;irpahRd7({f6fXt z`Di2w_^_TU#EFJX`E{0;S);x>>?g6VZdqD4O+0zV+B zXGea>121vyJ+XJaY<1WA6SXgJDB9enCEUoRk_JTB3BVy4#w7L=_z3Wb$<+6}_=k@J zkNq8lLuY5dSO@CY*e_fj3-##U7seanDYNxiuK0&%nglA zf?E|SOmDYkq`qFo`qTPZEoX*C_92xqGgombmw2Oywn=SAN>1r@Q#P&><;#W(9Q%YFB5AJF%BEK)iMm-5 zdIU9SM{z?rB+^_t&SCtP(irO`e~tOI?he$81@zvx157BjXRU=}0F z_5{nCMLU86tf+Aoj~i}8z+SwQ`oeX)3DGy_sxTiF3Czdz$0g_8$(u(RcfAc+Q`eRkJ+> zv;PtTuHyUV{ew}qd^F0IEtwPIC!TcI`KH9?E3B;>&baHmfEmAcr@uF-Z>yPho;s0z z@__m1oyNM>>6`)BBtKJ*V0?92ip^F4G-W@GO5XR=p_nl22el~cU(EXwaOZ5!rkA>m zg~AO9PZJ4)mjr~m0VjdWBG-%3*k?a{+Q>NE!GOE7k6%u2ih5hnn%vZu=odgN)b;gs zB<&tj#;01-X{f*=io6~54IRq+LWcyw=NaJbPE=L|(UoFVUid0es8?%g#Bw#dVJ1kZ z))H(wFSw@d&~_#jKGjoqP}b^emem`n4$bQTti%IF|D}Jwk!&3S1SYBA{UyLdZBDs-GwZ@y9;boc92K?^b{nqgVUBm zL;vw*j*J$l&T3Dz*N=BKd{``8(4=SsI<-`*{&D)LN33U@;g+Q?e4$YxnjKxq;teH5 zHmWQ5qpa#=ldFkhaJ(!t%z9zkwZ2?-wq&Hmo**B1_Aja1KQm*ev-dPNlMjLLH3j4d z{}OP9sNSlxzs$>VW~f@|C5TkG3eY|8ZUc2*f~4CSr*C)=JZz-?QYyLx<;%HHUz#4N z5yo__0B%OsPg3QnT|C0Z7*9qy18Grd_ABH!IqXSk3&9jKCxN64TNI;rV6rqjOOI4W z(W)SENiX@UvA|an9!aAe;P7W*WO(fZ+O>(H&q7vk^ezQyV@2X8m=IN8D^%Z*G6%`= z`$>)9hr7Fv!`I)T zdxOI_58I9-+lxIG5I2?#^J%7p#xx|9JARnjF6Ge>)`QfNyUNYdGD^Q)T#MG*a*AN- z(|6)PEV{f$EyC>G*_P0aQv@g)Xf0E>Eqi<(D*J(nBRy;_CItWKTTJ@Kk{*}e&+02W zo#l#V5pklXjRP#mFKQjb1ZU@kCZCx>YbGkwlCn%-mid`1>ZQC)u&L&nTahYfMd(@U zyI4yt6N&PwK+<;2O{fCWXY^V0Kn7S|N!Ef@JtDtjD-DZ{wkN@A6W1+Ej`G3n zEGVV{wV}N0N`3q3tQ}_r+HG-jq^{{1p8CV6p3Msbpw|>^eurLkOneGpmz>W5CL1=jb(x1X;L@T)Te|Kg>&@@dAq{4rt3ww7Cpk6^jzPz zeWApJZoZwYq-5V0O=a^#}~4g6SiFX+I#Yp42CSe) zc~V{}7^ncT#${Ikd*D7sXkpZln!OlnH7K}-^9L^JDQ)0LsoVH4^BW!6qTB0?ypiLy zwBah?epb%rIjwF4-nYT!S2wW;etGskJ^(!UXPb9vo+C10S+2m@+DYm=jeRLK$$2l% z4bj+*>a_AigTzV-6NRLHs%RB;PybVQ1z86W^Ng%6Y#ylubSzJ!;IE35mo;3$Mz>r8 z2&yU-rv6^%bJClzrsU-v1xa*#%{#8&!*(xNDoWC zd_}M#rPlkz5Etaff4tHQY+#ZKb;@t^~I2|B>_XL4`g z?dCCxkw`qjf`GWb5XAQaWO_xV!MSWhEcd0uE^bhqQn{dRo9G zXJ;I_iOgpRm@ir=p24qf zm3~JHM%D=`X_Y4P*4r7^Jn$+&N#&`TmUyxN#L4H=LSrr2sdn*iMPk`)q4tO7%XeQ5 zfyf(NJOB|X)2!^$I(z@_qxH6pB}4t?SZWEO! z5fdTe1ameggvD-3QrAnogvXH^CIfKTLB(B5l=yr=0VIA?>3|IeZ1BX`z;NF01R!wZ z&`VRv2umXnuF%54A{vmylWF3!$hEz200g@O2-cskeE|fnzcC>2BN|2tcL0d{6@HRB4iO@>iEjrUp?;hafCFI&XKM&J;fF^B{tmjYe>6_W&!;9ZH4cbi zKm<>W2$0F`oWt6x(TVEW4G58U2R87S7rRkp6PYrk3raE8M+%Y#(x!IcusC^~L&78* zPX=7DWn8fSZ0$>iS9^26U+xM!Z~;ZhAcn!C5#T8rGN_7%sbG<9+j77KJ7_-m2i~8U z+?9&*$~q}$*KkSZQpdSx)cQwVzdD2?>Z?-gdY*trBMJ!otxZ9WVhuj{aLcj1@|$WzJ<{&U_-yV zr1jP^57@!evYYx3rJH+SOfr@=)|vLZ|15cVd2?T_+rK`=slP8t=A7?Gar&(er0eg| zy#aF0=0MKl%F&kiNg{~P1CJ!BZIgrr5l`b#a{9xQI7NZ8gQ*70?fSms4SGIR&#k%# zrO%-Bd19r{1!ld=&+CcIb6yI$6CNT-V#i)gDWM4*oPO#_!aUAMC`1|su`gsI2M>|m z(fO=DUwZ=;g3b9J1rL&dapF4&6@oY+jKvqj! zF`~Wp6Bn%eb6PjE?n9lme~RL3`)9g%nn_$!i%(wxVL&s?=Tb0^)F$ocs#o6EtL$I2 z68P~c6Q;wN>?hQLBgsvPFKr*hwjdxLjS?2~Byhv%h3DwA-TM<~K z+Z3a}9Dwm64bw<+<_%#>LGbb%k$(U9{$vYINLSO04-QC!1JXJUNVxRA)%gh5(i8e0 z37&8#jeH^~hvO}l9$|iz63L=Oz|j_`K{WUu?VSISV?Ti5eg;9LJMXrK+Ux{MP{0%_>rr5A@baF)wMjO7m7A^-mns$cgn_v%4iK;B69BHuXF>hd!)b6lL5m$ zJBC|AVoTG0%j&m*vJmOHdwD=c+3fhhu}A8EM=`>BCvrzls6IQcdXV6QSU(A$P+=Fi zlu{Nk!UBgA-*>3ax8-|r#5^i#9EXF#Zg&)Rb{yOf_CA|cyfvH$H4ZrMnQ-3vyK!%D z-saxrws1HAJt#O$Y~l++35&v*xJkrZKM;VJlL6=LAbr5;BKw;Hc7Ipix7J7Pn+5;r zBCj`rdYGF{B`4L+y_RwP(#dJt93Kn2u0e9BVgpDx1MH#ci+ic+Q1>RMvu52Syo0Hn-f4WX_$7tl39=c>qENOb^1l3-e$25B!8_V=a7my^5ny`4EU#kII-Z z!PHb$O+XN-TQfksYh)o9EXH1 zW@HwrO=9WWggaguxDoe*MEvlWG~B_6#}6eYf;}_aP*`7RjS5JWTen^thQ6`tuA~M_ zGRd%1LN4?hEINhZwQ?M+anoe=WH~ePa=xxZJX?=2`*96zRk^?bK4yRk<+_OU!vaSx zH?(f^9=D0*1R&R9+-3tddAL%Q9S$AfR0zhaK~K4xwq}@HHK}*ln~6?ihhUWG`Bs0T zAcFs`@!v;h>feiB9xZ-(1iySjRV7V1mjM+d41^@U6fTJaCnSNi6Hj=QCkY+k;#$he zC&r3);N6cEm(SPjsVoC;0Ef?{vRr>x?hQQLLPj;_r?KaGBozrGJ{KNIWD<~wr4i@0 z6WYErz{7a=;NhD#-DVfk^0Ue(taH$wmTj)7C&+MoCTRr+fX>Q`$!yzO93H_1T@`W**U`HXT^tpZ;9NOZnWr#lS|!ybZf5gF>0wP4Sxozy=So|K z$&eQv(H&S5>ApdznqRj7R*F_Ps=O-;lL#8xS+|LTDF*LWm|z*Iga$PeYb7urcZ1cc%LZ9&1 zrNp;gPT&IaK_Yhp&l5q+q%&}V>`bzlwP$NzP=Xt6juKMtiXe;#6R`_}XA2U$VMsXj zc|yI!al(Nh%-un+{xjz`Z73HnOxjUvQT{5+ zb2MNXJq2dH0+BtZ^8yb8G`{Hu0VL252QU2RzJzhMMl;$>jt~BLb#na2AE!no^Rt@9 zgRgP;`j0=z;1CT{yAqjK5grpA0SZR_V z@$z6c+bOe|?|(x;r(u(a-c7SwIagV~OL|ej>e`+m&G+}ikml~bA#MGAx;JQWbDdEH zgJ#>2M{I`yl%{ShW~i{iN|b77b&Q>)|cYAZ$)82ZcK{OuwvfYx=%Gj-1^dX9P~X=TkOSv^4v+J<@# zAoAt8NWt2|A`~(!&3d@$DD};JZ?x)2-DtzA^5QNkIF>cN3`94$;ou~hH(9>miW7Ix z#;N6hKZ~5G$Ff;`Py^R7%$1cAnN~2)rHg9DNHzyE(0)ea9}dX3k<%HAYrj9)4B6_k zar=2%Pa3-T@U`xKS+EA)?rJV%|4*m)cRlHU=)VHns&4LL%A3LF?fx#WU<0CBuX}Q} zDE7~GDYTz4jHdf=rFyxFf3K3`-k-Fd_CD2@yk7cPnJ8qW5#o!#dft2ZSpmTQTEegM zY|+dAzrAm5ZW~wA{Jy_})$?JJDZ>Ft@Rq$)xt;W!%(T;HKb(6 zr)vNEzApe$l&sj1B{{OpnL24p;spdi;CXM)Gp#vJq4wkTWyMEbgF3Pz{CjZ%Jq}l3 z800KYB28k+GT5`FCMnG`k|i<=qD)C1=%Ms@kGKM}`?C3PFYLC$6Kw0{NG~};H=>-$ z!oeJQBy(i_xARcUk#O@;WUxgeds(9XC#b#s%VfXKN=`!qG12bk#A7V zoFOpT#15Gw8^L_H^*u`O)|TIz$PrS7K4!%BzqqSpGx77YvN z>Q@#;5y12&1Jza!)997F5xOQC4DD(RT}}983h?#&Q{lcTc*U8Peu&Y%C`#a;K#(*O zoM`5UA_%l%BHgXv)qoM##fZs0TByq_>4tzX8I(^StKmY)W(VKck9(9INnznYaW3|t@~zhxJ!^{B!kUei`C4H#IjK%&JSqiS4C zD^u)iOD|w+M`Io_hMHmC1-9jqBL#J@q4+G5YK#ZYD=BPqx~J?_RE#n65%V+PLPb>% z3^Y4spb@;eG}FZREUhn_PdMx{#tC?R?fyeBX>qGuG!xY6Yo;X^#}-TSi&rpdh?yC$ zHpGcR=%-1nVKr5L4*$dv@=(pdT|7CIEqKDjkz`$osA4 zveZZ3*^T*#TRMQh=|!!Z|14pP$3S+o(9UD;jk_8GH&fBd%MqO8jd5$lTv}Ds(4O)J z@am*O3Y(=zJ#wmfHzsi+uQe=XV?2J!>kB=#9!k5BqEoY~jgRtz7g$nLOs%iegzw?& z)=vs8HuHI1K>M?n9Q9co6JmuGI@qkX0BCXvxVDB{)<|h`WXpCxV<3XKe} z3UrUGim^nZaH)@>V{Nk}jLMO{sl7qdG70IgvYaWnT#@6nfB{m+-g!0BaMx;vB`H@$ zU5!U(0^x(%E`e*ByPNj^@!`GUc(KFVdLM0XVeTq45zjJwmF;WX@-^+ClYxnnG)uwO1e(nGD)8?rN-?Sk7Fp~+3QWC|m=`x>6!Xv3jp3)#pRg52= zz6Ig?cUcgQ+{}#PX*HhKRkvvq5K2-H|iwV*Pl93SpID5i* zobI(K)_+M4#G=T2wy{N#25C$wV?@eW6GjuvGgk@GzD%VIm=^rmCrGFJNRIyT%?Izr zN9)#oqnj_&YJzF3(@Iu=-?wjLv~YXb*61=4@P1D35Zg9gZS5SJAN%r#E!Sl$#*I0z zMFXd|_}}`jON72=_d#YLdu(nz&~tX7$}pf~BbrNqovLRWc<-hgSuMpB8@vS8ZaDFDVEI_%UVoz$QrQ;l#gpKxr;6d7l=!36C!g$vt z7w&UrfiqL)C?3g|jD69+DMI^}$I0B;3@CJg9$&zQ1e=I4QS5nWI3C#}u<;i#XRi4T zd?oM&!plKl{Czf>bS8{@rcSPX^|N6Acg7CV?!%Er=)E)8?3{B~!x2O)$V@r3gK$<8 z%+;P-Z7y2kdd7g?*~HjGM!*xA17lhI0~O>Qx9L3kVUD&B0EQM`uy=!ghkbz!dE8;+ zxhg$U^dlRDdBY3~f6hlmS#UF2ZeZr@TwaAMUT5$1)a`A%+hEdQUHv%gDh$)?&~2!1 zrgQ5k&azMiB#AN!@C^3XEM<~pT4q9IjOHqO;_2LX8&L1u+J7SD>Ke?aXgj^NJD&Gp zCdxvRU$`{6-IGaqTax7mm{LcNJp<_7$y&I?)_i;UT0Y(N_^0=c|NN1>-*8JhDUC^G zlyO=hy2VM54)*jT+0*MU*oR_I2b+t^=2B8Yb4g?_Qo=%-5YBl@L@IJWQc1uf{p{`O zG~DZg;}2b-pLcGI;vKN{o^-UfEz70%_e#vuxw&nHO)j%%+QQ;inHD20o&+-&rU5`A z?6c;mvtTNb&lY`#uqGqb9n@--$ zVAu=Oq*bK2x0~Vo4QSaTo8^f+uRJ$ucnjIyUAO3=D|_ez#v5G1g_ z4}t_+KtY2f!A>O!G@~ktbJ$I(Mk;`qa4j_vT4!<0BH<^&0E+e=6s+1}ooSoZqTp5rch zZYbr>&DDY|Qgx_MH&N+?|Vhm&B0_PHkk=9|6xB*dsF5$~f zv_L;W!~4x$nZ(gTN`(%Z3Pnl{N z1D!dBm*(x2F+sLO@(}G>*7F_-_*-l47L`4t{SOjTc4wt#yD)oit#0%7#+?o0KGbb) zO!Tq-qI?i`LV8T;=9QZw4W!PK42-NOAT0JJ0lO+DL6U}CsZfVe^6c$|D0(u?ZyyaE z>n1!OXb8A;nHDuqtEy}knO-e<2YwN=HF)BLZWFWd`sfh^OTw(AnDcxy;SKsSvE*>7 zkr~#}d9)5$UJF=nd41ExUoG(nP7?rybNfXUV>oI}OX7T0AlN3*>NdZ;EWX$}#AENI zrMENMY4Cs;QTD*LKzTH4b}Ske*k@I(Ow$ad#b9eZo~`j>nW(rwdsm92Jebw)JMv-U z>^O+nvHS1$WZLe|sL2HlM5;oP_!|9exlaU_iUfY7f-v_J=;VRdc#k;i{N!#}`_awx z?Xi&f$rG?*4$p9XA|pN6Ef2C=)?arI#cuJVjqR3L1XPB8MB+Hl2up+{oP~n$K*nLD ze4(>vPf(b}bpPy@-(3=9Yg-^OVevg`irY_R9d{X-ZDShSm?LYjNK+u`%1Ct!5)kgs z#(XxttZG|pXHRO5Fkuyo?v9KG$DH8I8^IFG$3-);b%y}RCRL3WZSUJ>J2`S08mclt z@#-#P@B7cbDk>1phN{R zC5*)Yp#tg?9T34J-=5poU<>q@)iY__!ktC> zOoctd@ac*YTHfZ~-0Ax<^~i&u@Fny+8rY(mYuSu?51LRw02XeeynfE06Hl(SkJ z{*7_vA`Y^G9qY!uW-oW>6^%0)M1BqyWu#zhpWt2;&5R(!)i&!U->*hbI%0@&1f2CPqPv02C7&o^E%ZFHF*Avv0= zpsAJ&*g5j%Rpp)dwRe(Fk-SP^VYtm=$N`$5mk}@W&qzAlGzEBdkp1iYOGz9K^K95sVu z!c&@&ELM4-IF-I13}yGx{zqUx@abij%(#O%Y|pniM~~3lx?@D;Fz*1Im4LcRWzr(8 zxCF9tI*8c`$`u!vi(t;U6noLxjY6*-Z>oz{TCj$(VEDaugtB8JT5Nn((_RLrVG?k$ zO+yeY^jsj%JSXOS8ZuzO+LcLTwUoFO!pY;-v8J1))2tFmSxLt%i*ae_(`xEsr`%o` z9%qbHLVfzzj&irX(44H+P%SL$D_fQTSy%HWxGsK3)Yodax!&nTePQT}9A4_K$?bqk zSPiWExqE`y1kO?zT~}JnE-nBroA~;)u4eGAz!a=ZuI{%Z!APTDH{HDqzPDlR7JJ(f zvqR)s+x7OGyK3dA9eJXLX@qJks7u$_*neG_sXKu;t9d@82Jp0>TbpViG}vOanz4w7 zEYPsMxk_TD_fU_4>m&5E{%CiL*>3Gz0@~FnjkP{VT+d7mRR59|pSnj;Gb22_j7hBS zgYD(6E^1U+{o`jE-2UO7z>TBZ^BHzKw%yJS{H2>6R(fIj(m})C;apuU998AHJ$i~a z-<^IK6D&-VkdZLSLc(&ziBK#cQo|m^snBVj9e@Jy0a6*H+1-vwyV~O7(^WHm!s^ZK z`6ttC@J~LHe{%iT^iVX3{bXansG=ZGM5c+R3_1^miL*e4B*}dlW=WXwIDGbu=fNHV z#`hCkzS`aS`yG=@@X%hS=3^VFHY(tzwBp#aKNa&b0|ayLM|@&YUNbAEb_>6>y1*W{ zkPXos_P5DYgiBw;1pqisEr}=x_^7mZg~4H46@H6ZoX>Sgnj^0mqXsU14@ef3Sj;IV z(Z4-o-3oRTjv8Z-xtwF-9+Jg~byXJ^SedM?!>eoKVx4-Y;#9ZNPKyF)M}|MkT)dcb zlwzPAFz^%svnf#F<8d{EaX0Ewrak}HbpHRnT^*0rAS;UFEtS`P#Kk#`*7OjIJS8knB;jeS2#*sU zhDj=QlI#|_4gkjc$tQLZIyg7V{l1MUN0@w>FCrqXp5m`tH3j>}-0Sm%F z3<9Wo2w%?6|K`0g#+UYtR>+T5J;esKs;9TYfXC+NE$N=l40(?Y%SkD-2wO@CDNQ@r7ze!2&^ z_IawG2Ent{K8*9N5#H=7#%wJO~P-0-!RC6kohr5 zV4EN;3Vk9(7?C^-1^g0dslTjp&@l>KjouG$Y6(j!Ih60E6`I#j=&E+_Q#${ zIuSU4*gHMHdV3u=bxe-Te2zHsGCL()JCH|AoB0R!k0m69UWL09(yZgq2KchT4tE!A z>y2QLuB!6NrZIF?Tz2Wg5$nO!E+zvwvG0n%>ym9G0Z(_%e#e=L>=JF%plK>u7^OUS zsjf53q-ndz1v{|h5a*?R*dZpc7cqfwcS+YF%avwk4;B=l45fr8aZW_a{V0)n7Q_dT zbUpap_rvf0=<*BcUE}^Mtco=($Y<4+S@*V-ZJ+LV&;$QI{RQKybR6beOtKIB{U7nc z$1wO9?)NbSPr%2p_QrfLK8AR6M!{IiJPuRhi^L}^$pVt8kP^XCmh!~+eX0f@1KU3z z!yoTYy%&EJ^%M=Ixtic;g6aDgFK?#`KC%M>+jmFWBK|zY+%`>D#9myHt_V+};RLmi zvbdW}L^qBlK93ztoEBq~90*VK@y!Qw?MKQJ?8;q+G{M0oU|a&;|M>4-lv29-$Nz>u z`m~z~-;Sp~I1qa4#_I=bcNa^I5=x~=eWG&42#YyKTIPg=VUlEN9)((@haF3OvL21V z&%VpJwFcaltH|NzPr#+|=mstw4BR1zzI_9C{Z;y44BTW3l=&*j<2)uTkHNsz0VAo7 zIEjK-25FFndBC2%ft&52OwviqOgLvc?KA#-mrT+oWTzeRB}ZaFA}@=wqYDBf#d3=_ zm&L>x!V7YfYZ05CEwOmEF-3{ILU=0Jq4fg!K%cruH+{uLIJBr+OBBAnLC(x$?-vZ( zf90b|sga6Rj~B>8e?u!BOZMcZ~DO=^u4{jSN54fe?JhR*8ok-cMgis{dm@UwBYwW(!qIzCem=7;GQXLU9bW@TMe zXtw<}o0e7erQ-RrD;K~irUN*K1R!P zO?QE1Qf+&s9pGE!t#+eFlC{?Iu3+lAnYW7E^)B|-K|gdG+^lwjeU`UZzJZ!`lS(=& zf=qJ3h!R2(#zPd;Nj339kG79*Z$GIM;D$+d+0lj&D?tOyI9G8WQAE3bQFcoabC5Azu!$-nULFFDc4fh2E z(w1Bc6GV}BwVIF;*2&TwqACpBwBi6=GMxzq;c0lxw0*+k#gCoWy*=1vo)Y|@3lbgm zF}LA%N4Zk~lL!J_660J(Y5^pxF@P+9qIzsIJFSqrf%fB@_W2ygf_=jIquIxD0izir zbOcy&V%2fH`8SpHJc(UE`TUuEtNKr z^vLw^3UKA38*n*m8+C12N;7@ZAk0$3VZ7usOoh+W74O*qy*7bfnV-`jr#{KzEGNv5 z6O!g}OlXn@374TzDjT5J4})GGy7_-E`dWV^4+VWCo6ER|g8G@HIZ2}!psS>k2&JJ1 zQ%QYB1MahU@K0v@tHbnbbpd<*;|MU#9a#XnFvjZkd*dsa0my&@ov^%<1YOrf)X`2G zvP_#%veK_}T8-fV1Ahzz>F|-5)s1msdZ+*n*sR13>H&}uitbqndd!sQyEPFhH{xLq41S8I*T+qP!D^G)MwLvLs-H2^kX}N=|Y=3Imb)I+DSFF&+(L ztl%A8h8?SD)Yl%wgK_R`9{%JZ4@8hgLzKF%E^~!hgwzH{KxWQ`9{uef)1&x|iV>J66^LiVe zbwMJGELmA`%(gY`;x?$ZP#N5dDCN!(VJeJsOCEmYUDVZVf~dh2=Nv8Yn)lLFpQ#W} z82+f_%NNUXIz~*VCyvv8?{_LY7|?8gwLYVTlWmeD4!r%kot?{s=HDy&vpeQRSV?2X zVopM)W5U7+cBNcIBu{h7sK|M;Ot(HLf&Wk?@bn%f@DsNJ?m!7V9hATyOKE5Q*YZ%5 z!09IOzY(7_WU5OIyGMQVdhz2!P~p-Q7UAL4h8T47LDy$|atpBVDL=P$I;RHWEU!~P z@v95?k}kfWxGS#uw!o=N|I0Vlm7nye`NLG){K{`&rmwo=|6AId;W$LE-+Szio?_(- zWya_Ox_s(!^Jg)={8wH5Qs`2(ZJ>Q93WM~in(}hhkBy!pgu4YNo6G7N2JMdmolnI- z40JQS(PG`zFFLGCr+hL+PtS@eoW7?05cUIJn3YrZzBgy-whwu8W(C1J7V@=yDF}j> z&j8)V)7NL!KZ>&CucBk>y*R@Z>}l0p{#R2;R(kM-_uIMmAD&M?`|NZ4(xhkWKehPx zV)`lyljAV9kvClH^oaekQ+-VPa zW52VXyXWn7arf22YcAcS@^204J!9f$$6>NjLF?R;_<4q9T%S#Okj0L?d>v^Sa2isQ zgn=Z!uQ_s&#YE>BRaE+UnmvqG_U`*Gt%8%u-2ClZaqz0++W6b}9L!H`_TA%vvc6?# zT)n^Lr*O9~#spY;)4;eKP44g8hwMxDJmOkoobGsxlPuViF}{Qs_Ua{2aYe(}c5!jD7+}Qn zZMFD{gsH{Ly|dm;$3bU`!Q1lgqn7BvXe4%HX%fu(edS`cNAAiCR0;C{plA3C+FFb* z9c@1(6DK3`FQm5-JpI~n^xhn|uf#D*bz&|~0g%K+8xcK!_x8+t)7dQE1UY3af3D4$g0qTojzZ6d5@hEQ z%$PQtV*x!@7clMzKp$g={|h|lYxBPMB8_%VymrreI|K=@o%#%8oKHWS@9h!x=wo~Y zlg^Ke-)lEhZVYQHouncybOb3!E%2^tRTnRrM0K$EVO?1;Z)r#e9 zHB4B4ybcB?gqv$B0~*kRGNJ;Rp&&KDggi_DZRIRiROm2B2bi#jn#v~%UsGP+ct1M= zcz_0P+A^|TpoFeQjgP(CcOP)VfD?9%6L3m2pDj_MMGCtE0ZGC`8LFJ5S~9{EXGA1X zO420FqsUiU@0yu@00HZOfc3}gU_ij;)#`qh`b;GWiG=W>^K$6MER&cG&P0$!GGqe? z$o5baspY17#GT*Wa@g*N?S9AGy`#mt*C)^gvUkVn8c?(?C2S`u4GH5sB4AVo#LqLH zYQfUTXS?Kd9k9SUSYZ9pIv6alxp+Yu_+jp&WI>)_+OHoF&Vzu&0I9N6iX=$YfCboI z#|_T-xR}f=Z{DL}gKyk_015+8*fCI;R$uh^^QbrJ_5m|UDs+^GKG8OMtraY!G$mOq z!Whge#nODh4Eur^)*r2d!3^ofm>~}0FjEQin++o5Dd9m1f5}h;L6T6F1p{V?o@i?2 zhu_XWc^_T+-5Zz6_<-a}bDi(aunfBl%cHHQSlT(%{siY-^MypqA+K`CtK9#*%Fs+T zcZ3QI1Cuz5BG*I^VnN&aFy(ft7QGrIuwM!HZRLyNzNk4QxfNS zLRg>@B4Wu&5^A1Fffylq?g$|X<2^(ONCJttprvMeYu3$QtBYn6;<%Pl7X20yZ_!=f zuFGY0;WblOKO3ZuE1Ef>ze1rOlrS=kN$3`^B1`UyctL%I3d7w3Zn*lvPOPgN+{X2| z0brr8P=5&}p2wa1^E0J?`{7&pnv`sP#WG9scCD|bNG#Zq#I?Wj`l5L)%Ug_clj<6V z>r$8BIK|9*Vx~IG^xbj5sW9|~&=_VGjIfOPB&9qeX^>DQl0b{tf9f1?(VZM{(3x0H z{`QJDt2IR*!UPxXm0m-1jh-R6l;p&#%lOahXctT913;Zep& zm`lb2mWCn|1E@>)57hn5g!tMG_WOmVmO!1oOwGsEduFs)3_?5h>`zAB;g{de&pRbe zqtsx95MhVr<;_1(haNLIxXoDN!U{tmE`)xE7fVh%jRt#StB!eHDD7SGy3lYu0KfLA zrcFu0L?k1t-peaOg?QAGv~uOVRdZKfUex-U12!}=RTzg{FA?fJ1_H|#-CnlOKN~wW zd2STQ5df}eAl$#!jpntyJobKX3=ADtW6~XI%YKcUv+sahp^x%NmM2o_1{=DA0CPW_NkN|Hn&kmIP=t|AgK9kN)kvCXHR;O*P|UaLllO4MCS@O{GI-UtjjJ}#Qky%OOc zd9BMED{1xZCcv(5V>e_RR|z9J~Q~(oC<_-P2ikH&@#_LBI28*NV%(beg0LW>gmL%>{+E$B3o<5s zrqc&PgYT}GAM&Nv%$I^0a(BMer+Q}iM&7`1loi-g-tSWk_7_{soq|RTxl@mnJGK5h zdN9au^Mv?_b0pkK38%S2qDesnr8x;%n1wpaq!RksBfoeL-F7{asIznLw>&p_@t26H zTtd|*$gjsWB+WJFKDsLRazk}9o|ZS>6e*E#H9ae2T{VE^+O{mPD82Zzs@0MA0Snze zV14tE_x7vQ60=3-)r)Y{MJGR6*RKNlJewfU#7czkzF=icoS7Q->O>w?K~K(D%;$u@BhAt6I+TmLnoV4K<~&8g0B}SN4JJ*L+Bny-We;+%->N{FKmJgH z^2AF}3Oket+|6HVtEDFx+&TVI-&Dtqer0d)YQvfn%6!EX^GOyV4|=ErBDf!tC{8KQ zlSm6W)ST=^&B^*Bbtq^f*gSe4&@hX9#z-WYM!wsKa2+X<#F^Gfr*%9meF#VuXQN-Q%vyJ>x}kycV6u7Mak=g4@<*0zeZ77wi+IH|fo%+Y~2u zdi~u^X8e8DjCbft%Ht$TlOQLtN+ZH34~d9qKqOUx&VB0ZEEtIE_KmpCr}sqae?fD^ zERw6A>49D(I>hE5%Zs%Bi+L!xE~K0DnnZCZGbV_Pg(57=Gm;5EAz>6yDMf^uP6JCZ zeJUk2j-csrs)$QdA7arL3JO$hjc(zdqghc-{OvN2mICj{6R@(Xs;V1P9J9I-WhemI zSpi6MYZ48$AKR<_h_V>V2Eu5l{dl^yAKx>G2ZJ&;XDmr6%|n`|B%=u@d)8rmYBFWuv&_()&qiN7Z^0uUlgkHqY66RI|pjJM%mUNbV zE1bl$L@8e1z7RPQENAn}n2FVI*gw zH-?bHch5<{O2`naC%-XI!GcNLc+fFEt%!? zU(D|>7TNMgE~UCH{9Kvue{N=hNq%<6zq}=;B%AtsF4f%-FLosjUGU25!EnO=Pw%~A z|ANaGfca33AAW_h;otE{{e~`I;a6n&dwD-phHs=iRyqm?7P!%FHf zQaM#BB{T~ZVLS~26{Y=9!;V&J*xcSW0QdP8bN|_nMJVpe z{ckshzg5UTwd`HoBwR}mCF%bOglpG-Ne@MaB26~8mw1*XK~9OJX+l_-NRl!5M}~f; zq^2s4*mJj+(tzz@DRl+r$mTK>C!W1fkF*bLBNKzYrAuLt?8t9Sh8@QWft3MOOuhr# zs;X^@yjSD)*J#faDVjJe9AKb=`PqDJ@3|NT?%fyqtn!))ED2chT#6q$PnY=+*9_&( zukR@^L5U%6#G;2T*evw?W&)aaVVuGXY=w?o@f=zQ5T;*DV4}Ou@;vh3idVe8!KXv^ zpt4_^E^m$u5m8ka7dB1N)*F}s!y1U$w6cz2(>_-f(cysxYY)(&3>|x|h3Q;Zaxem* z1O561gVECppJ!eyKU5&>v;v_qvuhdInv_HG$2Myb1VG~Bx|)ou$+4_PuV#}A>!yHK zk0zxi<`rwmv?4h?>&}r@on>tJ_v`&iR>P zP^HGCcl@UQ=f*25>53jq8a!;d_Ws!L77U4-1ucxmU_m&eGz)^`uAYruEYzFu>E$)Q z>EF(1mf^W@$HI8)k!KO^$giqGJ-C(=8!F4fgkF0ZAYCbEF^1gRLTrefK$A%cxbSB!xg!OKe{Fgr=0UV+ z2a`)cu83hx9O1}jON`AQ2)1;S?id434Gz@nshpUXrq4QQet3~lYA7c&8d6*KYPT0lN=XeT zC4H6RA$}4Z`?2}#8=W>k!!J_%P5koP+?I=%aZH!rch$$C!%S2l!&D_iE1eJ~R8EA? zC}AwhXslxyG5YkKxW0dv6W3{vn^8Qq9Qxbw;rjlLeYor%AMRj-}V<>&KJtr=E zfD`v<827D|S*7XS<9-H9WI-;g3Hrdk-fXYXDoqc=b07XVYtt2v+-q;HzcL?)y_xy( z=AQd3l`*D?1%VG;7Gx3OX~>9_Jd`rbm1fUA(;WcQR()e1q%{(&H~IYm&)X%rJJ^0t9{^Tzwya*W{ekO?`W)@SC)dP>C}hN z%Bl=ZoIj~F_F+@?FQ$q{8j>I|_jqCb;d2%sn@Qlp47En{0#91@_?x@Ba$;@EiPsJS ztajWx0j8CHd23x++D1!Egq)ZKCW9G+SdTA^$p~H19sxTr7>`&YS6Q9x!S}vH-}}@} z`c1v;52(>fxF04eiHX#qA}rMb238db5|$)c%#&2or(WG3-w8dtHNiWPOVrMrB#p$o zHaO_rz;k)|-lDld_ut%D$$l_rbZ~3=&6dVG8OD0Z585oIwf;JMC^km0xzGYtsfv6N zl2pl%FrLLEO=$ooN3L=(F=Cpi!N!R9&&K%p=7aa*qgBs*qnj^N>nAbcqL&uE{=hI7 zwyq6S-D=CR`Pm_FdNgJzjdbsm>8lB?L&-P7F~3KI%5(LXz$CWw~v zQBfA$bmVOdsKPg_3kdb9YfSWEo^xdG+?jVS+}3t)*P^9rwZv*oSu4#(9DPGBdI9nec%K$}-HKYEk~y_TU6VJ7!)t&^VYemg=O+r>3qN z%pWzw_t6|}9|sI@ykPGJcw{S8`~^1taTng1kJu2o`*D%GFif*D7j+VwZ)gK?#7uC5|-Dw4p@Ni4#EFs>*Olx0N3GUYMnj3wE#ccoqoTrrNoK+}YOuV!SID73MWei&@FB zx*q)`hLxkf;N#*SriDjyPYh-^Tk9T-cwJn9sXj6>XG2}zB?v>$HdgUwu^CM({AmtY z3W_T*qsxk0%#Qpb*t8q`=GglapK9c&&rBg3%xrbjmf9Vm^9WmoIo!rGpi$WdJyi=$ z!n&`e78xHzdu2m2itS!8aEsa4u1RK2nM)h#Qehkh3Z4qb#kIqgy>XKhUiQ<9kzK#_ zQP_p)$R!Xj&M|Wed}SY1k8yo)N~pCP_|_eG+`HGn}ITSOO&~p zpVJ_xKFQ(?nbqQiqKkkQa?%!*LtUr>6Vuhq^b1NkA z69xZAXeKkTLJ~0HQii;_IgPZ464gm|JXf5?lAVv=_VHNF%0p}8qw%tb##4S+zue3XsQ$Ck$l{W448@9rAl~ABV3s9fe~f*r`@1A^(%&$jC(xiONv|@C1OO`P|xsK z@|0`8n+JiN(ql?DubNH+!Kg?>l29L6x>BE{dG3=ui(-v|cqQq8os#``fc=iat{yja zsjsYuW``cJdxP}j&aq@-ap<_wUjgp{@{*TF-pq#ijDFOZ&ufb@nY$Pj7{Z>fsw+KX zT*_(&C~wNY=*p$uPr6Rf9YMFdRX=9#PHm2Ry{5Zfb4^25QNt7JT8L3O!yS677{dnU zY?AWo>gVYt#_TZEeqo~X?Z}xR{FDS4M2Uzgn%>&0+aNcj$k$0)f38LRG zZM?PMW8*&L?&7dDR`m$G0|p1ja;aw9Gd?;P+q}4#)lR4D06bVW=m=f#*^IpvuNoXz zTXJ0aN$M*aMI@4OjQL+V$y6GUT+*CJDT9qW9UNDC@3>lj7!L(}`CFh!6+V@Dk`g7L z%UIxRl7>Db8B3+_Yc6z_JbUo9j})nAg{&*AG4p<&p?m4=_ySST`IOfV_jK}I)=jZK z5B<0k`NqiA*}1uq$tUwx-~GsI+S_{{s%u@J8wPoM)mF3fkHWO-^q;)8qQ)4&@L>V~ zqIM~f9q2N7PK*5VnAxW%Wp%R0lO5r^!=cCCyBr!W%+*~@tc$=kJ&w_0daHC1F6vxPM-~@Bj~eGC&WZh~4Lo=s zpnD5e`v70aMz(rLg^5wux)X%L_rcJ;8-=6?a>-A536mB!ud*yI3e+7KVyPgCjE9L!sIhh@B#res%KUop(N|DnoDh$E?IG zcu|z-h(l*SUa8dKgB{cr+>FGV(&to$y3)vH43`t@IP^O3m8NluV)lE4e%ba%nrLYf&k z_J1$DHUHwn$M+#jrM+{z z&TOyF+>Zxb`AE2O{rB=10KS)y&)Q);gN%*1`Jc8Q{wna-JE9B*VvzPhQXPPZJ=0=`}N9{g2M) zD)c44Dy*bc8#G5GaN7e5cfI9!ZT85;I`~3&%HjPjC+LDUyz_t7ok0AknABH|wwm*| z=)eE!q`yzitM9$Qz2|lNV%aZWZUK9KljQ6>d?(=nD9axp{0x%2;pZpE(D0^RMZDjq zXcHG(~*oaWS4{Tis;yL9sAd*Q26o)-7@# z{J%R&W$2IX!|`~>iQL{|9wvDG;;)}hU;p)&Ti^fs3vA^-fBQ3LfBiKYnM4UV-S8JL z9|bmP81#;MxjT<@=nEzjKO=b{7_5tVOn4>~$)(Oh8EBrzPrj^*-G%yk3Hx2H`j!A7 z+i``}eS(zj(z#-(+g_Q~p@>sH0RXuEyLvDHaC709C=DVJ3PH3Kk}w6GC#Z}`u7V)e z38yj~c!rX2f5jFK*`9d9(yHjh(>S`o#pL$R`ZrMdI-*@n{t7%_=PJh5U=;M zN=-?(BSt@JlSCc0;_n}S9U$J1gm?=>_*_t4n1-pQIwXD?QNr*a&U~K)I+c;&j0&DU zag=wUqGtZeJcir)R=;3Q`e`-UUOAJ$BAsD?dOLFXt^Ix;4Ak44SBddVhkh(b6#5CK zoeCnT3JA{tKc`A684OS_N%s%xeSn2)Y$SlrDrK>gV~@6qbcHME`5Cs7n-WL>vsYap|E)hCMQX$+p#;7r4n*a!zTbjD0 zajOOF5?lxV%pX#4gjoQu{cq-o+9w7~xVoC2PeomQnP-ryqM4NZ#!`2+Uyk_27^YJD z5#9(xD%F0jnlJ62jh{ zdg}O+hIa;+=Vbd^@*{>jjw$>1;L61%_!qZSZZDkdM^7M)^iUHDp5ovSrp1Fyi}jc0 ULoqGFCDyS252ti$R7;5k0Bqt4ng9R* diff --git a/x-pack/test/siem_cypress/es_archives/prebuilt_rules_loaded/mappings.json b/x-pack/test/siem_cypress/es_archives/prebuilt_rules_loaded/mappings.json index 99ef5863ba6c8..f4278c4d4318f 100644 --- a/x-pack/test/siem_cypress/es_archives/prebuilt_rules_loaded/mappings.json +++ b/x-pack/test/siem_cypress/es_archives/prebuilt_rules_loaded/mappings.json @@ -11,12 +11,13 @@ "migrationMappingPropertyHashes": { "action": "6e96ac5e648f57523879661ea72525b7", "action_task_params": "a9d49f184ee89641044be0ca2950fa3a", + "agent_actions": "ed270b46812f0fa1439366c428a2cf17", "agent_configs": "38abaf89513877745c359e7700c0c66a", "agent_events": "3231653fafe4ef3196fe3b32ab774bf2", - "agents": "75c0f4a11560dbc38b65e5e1d98fc9da", + "agents": "c3eeb7b9d97176f15f6d126370ab23c7", "alert": "7b44fba6773e37c806ce290ea9b7024e", "apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd", - "apm-telemetry": "e8619030e08b671291af04c4603b4944", + "apm-telemetry": "3525d7c22c42bc80f5e6e9cb3f2b26a2", "application_usage_totals": "c897e4310c5f24b07caaff3db53ae2c1", "application_usage_transactional": "965839e75f809fefe04f92dc4d99722a", "canvas-element": "7390014e1091044523666d97247392fc", @@ -29,7 +30,7 @@ "dashboard": "d00f614b29a80360e1190193fd333bab", "datasources": "d4bc0c252b2b5683ff21ea32d00acffc", "enrollment_api_keys": "28b91e20b105b6f928e2012600085d8f", - "epm-package": "75d12cd13c867fd713d7dfb27366bc20", + "epm-package": "0be91c6758421dd5d0f1a58e9e5bc7c3", "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e", "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1", "index-pattern": "66eccb05066c5a89924f48a9e9736499", @@ -50,6 +51,7 @@ "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4", "search": "181661168bbadd1eff5902361e2a0d5c", "server": "ec97f1c5da1a19609a60874e5af1100c", + "siem-detection-engine-rule-actions": "90eee2e4635260f4be0a1da8f5bc0aa0", "siem-detection-engine-rule-status": "ae783f41c6937db6b7a2ef5c93a9e9b0", "siem-ui-timeline": "ac8020190f5950dd3250b6499144e7fb", "siem-ui-timeline-note": "8874706eedc49059d4cf0f5094559084", @@ -106,6 +108,25 @@ } } }, + "agent_actions": { + "properties": { + "agent_id": { + "type": "keyword" + }, + "created_at": { + "type": "date" + }, + "data": { + "type": "flattened" + }, + "sent_at": { + "type": "date" + }, + "type": { + "type": "keyword" + } + } + }, "agent_configs": { "properties": { "datasources": { @@ -179,26 +200,6 @@ "access_api_key_id": { "type": "keyword" }, - "actions": { - "properties": { - "created_at": { - "type": "date" - }, - "data": { - "type": "text" - }, - "id": { - "type": "keyword" - }, - "sent_at": { - "type": "date" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, "active": { "type": "boolean" }, @@ -361,7 +362,7 @@ "agent": { "properties": { "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -371,23 +372,31 @@ "framework": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } }, "language": { "properties": { + "composite": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { - "ignore_above": 256, + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, "type": "keyword" } } @@ -395,15 +404,15 @@ "runtime": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -417,7 +426,7 @@ "agent": { "properties": { "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -427,15 +436,15 @@ "framework": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -443,15 +452,15 @@ "language": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -459,15 +468,15 @@ "runtime": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -481,7 +490,7 @@ "agent": { "properties": { "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -491,15 +500,15 @@ "framework": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -507,15 +516,15 @@ "language": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -523,15 +532,15 @@ "runtime": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -545,7 +554,7 @@ "agent": { "properties": { "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -555,15 +564,15 @@ "framework": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -571,15 +580,15 @@ "language": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -587,15 +596,15 @@ "runtime": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -609,7 +618,7 @@ "agent": { "properties": { "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -619,15 +628,15 @@ "framework": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -635,15 +644,15 @@ "language": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -651,15 +660,15 @@ "runtime": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -673,7 +682,7 @@ "agent": { "properties": { "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -683,15 +692,15 @@ "framework": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -699,15 +708,15 @@ "language": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -715,15 +724,15 @@ "runtime": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -737,7 +746,7 @@ "agent": { "properties": { "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -747,15 +756,15 @@ "framework": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -763,15 +772,15 @@ "language": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -779,15 +788,15 @@ "runtime": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -801,7 +810,7 @@ "agent": { "properties": { "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -811,15 +820,15 @@ "framework": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -827,15 +836,15 @@ "language": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -843,15 +852,15 @@ "runtime": { "properties": { "composite": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "name": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" }, "version": { - "ignore_above": 256, + "ignore_above": 1024, "type": "keyword" } } @@ -1565,15 +1574,6 @@ "properties": { "buildNum": { "type": "keyword" - }, - "dateFormat:tz": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" } } }, @@ -1750,6 +1750,9 @@ }, "type": "nested" }, + "internal": { + "type": "boolean" + }, "name": { "type": "keyword" }, @@ -2332,6 +2335,36 @@ } } }, + "siem-detection-engine-rule-actions": { + "properties": { + "actions": { + "properties": { + "action_type_id": { + "type": "keyword" + }, + "group": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "params": { + "dynamic": "true", + "type": "object" + } + } + }, + "alertThrottle": { + "type": "keyword" + }, + "ruleAlertId": { + "type": "keyword" + }, + "ruleThrottle": { + "type": "keyword" + } + } + }, "siem-detection-engine-rule-status": { "properties": { "alertId": { @@ -2708,9 +2741,6 @@ } } }, - "spaceId": { - "type": "keyword" - }, "telemetry": { "properties": { "allowChangingOptInStatus": { @@ -2931,2774 +2961,4 @@ } } } -} - -{ - "type": "index", - "value": { - "aliases": { - ".siem-signals-default": { - "is_write_index": true - } - }, - "index": ".siem-signals-default-000001", - "mappings": { - "dynamic": "false", - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "properties": { - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "client": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "instance": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "container": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "stack_trace": { - "doc_values": false, - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "doc_values": false, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "log": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "integer" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "doc_values": false, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "message": { - "norms": false, - "type": "text" - }, - "network": { - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "observer": { - "properties": { - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "process": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "command_line": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "properties": { - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "signal": { - "properties": { - "ancestors": { - "properties": { - "depth": { - "type": "long" - }, - "id": { - "type": "keyword" - }, - "rule": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "original_event": { - "properties": { - "action": { - "type": "keyword" - }, - "category": { - "type": "keyword" - }, - "code": { - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "kind": { - "type": "keyword" - }, - "module": { - "type": "keyword" - }, - "original": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "outcome": { - "type": "keyword" - }, - "provider": { - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "original_time": { - "type": "date" - }, - "parent": { - "properties": { - "depth": { - "type": "long" - }, - "id": { - "type": "keyword" - }, - "index": { - "type": "keyword" - }, - "rule": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "created_at": { - "type": "date" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "enabled": { - "type": "keyword" - }, - "false_positives": { - "type": "keyword" - }, - "filters": { - "type": "object" - }, - "from": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "immutable": { - "type": "keyword" - }, - "index": { - "type": "keyword" - }, - "interval": { - "type": "keyword" - }, - "language": { - "type": "keyword" - }, - "max_signals": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "note": { - "type": "text" - }, - "output_index": { - "type": "keyword" - }, - "query": { - "type": "keyword" - }, - "references": { - "type": "keyword" - }, - "risk_score": { - "type": "keyword" - }, - "rule_id": { - "type": "keyword" - }, - "saved_id": { - "type": "keyword" - }, - "severity": { - "type": "keyword" - }, - "size": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "reference": { - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "reference": { - "type": "keyword" - } - } - } - } - }, - "timeline_id": { - "type": "keyword" - }, - "timeline_title": { - "type": "keyword" - }, - "to": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "status": { - "type": "keyword" - } - } - }, - "source": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_agent": { - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "settings": { - "index": { - "lifecycle": { - "name": ".siem-signals-default", - "rollover_alias": ".siem-signals-default" - }, - "number_of_replicas": "1", - "number_of_shards": "1" - } - } - } } \ No newline at end of file From 7882e0c3a817bafc9716647add8d8555c20899f8 Mon Sep 17 00:00:00 2001 From: Nathan Reese Date: Mon, 6 Apr 2020 21:26:10 -0600 Subject: [PATCH 02/36] [Maps] Always show current zoom level (#62684) Co-authored-by: Elastic Machine --- .../view_control/view_control.js | 27 +++++++++++-------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/x-pack/legacy/plugins/maps/public/connected_components/widget_overlay/view_control/view_control.js b/x-pack/legacy/plugins/maps/public/connected_components/widget_overlay/view_control/view_control.js index 445e5be542ffb..19b60221ead36 100644 --- a/x-pack/legacy/plugins/maps/public/connected_components/widget_overlay/view_control/view_control.js +++ b/x-pack/legacy/plugins/maps/public/connected_components/widget_overlay/view_control/view_control.js @@ -5,28 +5,33 @@ */ import _ from 'lodash'; -import React from 'react'; +import React, { Fragment } from 'react'; import { EuiText } from '@elastic/eui'; import { DECIMAL_DEGREES_PRECISION } from '../../../../common/constants'; import { FormattedMessage } from '@kbn/i18n/react'; export function ViewControl({ mouseCoordinates, zoom }) { - if (!mouseCoordinates) { - return null; + let latLon; + if (mouseCoordinates) { + latLon = ( + + + + {' '} + {_.round(mouseCoordinates.lat, DECIMAL_DEGREES_PRECISION)},{' '} + + + {' '} + {_.round(mouseCoordinates.lon, DECIMAL_DEGREES_PRECISION)},{' '} + + ); } return (
- - - {' '} - {_.round(mouseCoordinates.lat, DECIMAL_DEGREES_PRECISION)},{' '} - - - {' '} - {_.round(mouseCoordinates.lon, DECIMAL_DEGREES_PRECISION)},{' '} + {latLon} {' '} From 3f11d9c84b3463127858dee244660a7b07880e81 Mon Sep 17 00:00:00 2001 From: Nathan Reese Date: Mon, 6 Apr 2020 21:26:55 -0600 Subject: [PATCH 03/36] [Maps] do not show circle border when symbol size is zero (#62644) Co-authored-by: Elastic Machine --- .../styles/vector/properties/dynamic_size_property.js | 10 +++++++--- .../styles/vector/properties/static_size_property.js | 8 ++++++-- .../maps/public/layers/styles/vector/vector_style.js | 7 +++++-- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/maps/public/layers/styles/vector/properties/dynamic_size_property.js b/x-pack/plugins/maps/public/layers/styles/vector/properties/dynamic_size_property.js index 8b3f670bfa528..71ac25f0c6e61 100644 --- a/x-pack/plugins/maps/public/layers/styles/vector/properties/dynamic_size_property.js +++ b/x-pack/plugins/maps/public/layers/styles/vector/properties/dynamic_size_property.js @@ -99,9 +99,13 @@ export class DynamicSizeProperty extends DynamicStyleProperty { } } - syncCircleStrokeWidthWithMb(mbLayerId, mbMap) { - const lineWidth = this.getMbSizeExpression(); - mbMap.setPaintProperty(mbLayerId, 'circle-stroke-width', lineWidth); + syncCircleStrokeWidthWithMb(mbLayerId, mbMap, hasNoRadius) { + if (hasNoRadius) { + mbMap.setPaintProperty(mbLayerId, 'circle-stroke-width', 0); + } else { + const lineWidth = this.getMbSizeExpression(); + mbMap.setPaintProperty(mbLayerId, 'circle-stroke-width', lineWidth); + } } syncCircleRadiusWithMb(mbLayerId, mbMap) { diff --git a/x-pack/plugins/maps/public/layers/styles/vector/properties/static_size_property.js b/x-pack/plugins/maps/public/layers/styles/vector/properties/static_size_property.js index 2383a5932cb9b..d86556c6218cf 100644 --- a/x-pack/plugins/maps/public/layers/styles/vector/properties/static_size_property.js +++ b/x-pack/plugins/maps/public/layers/styles/vector/properties/static_size_property.js @@ -35,8 +35,12 @@ export class StaticSizeProperty extends StaticStyleProperty { mbMap.setLayoutProperty(symbolLayerId, 'icon-size', this._options.size / halfIconPixels); } - syncCircleStrokeWidthWithMb(mbLayerId, mbMap) { - mbMap.setPaintProperty(mbLayerId, 'circle-stroke-width', this._options.size); + syncCircleStrokeWidthWithMb(mbLayerId, mbMap, hasNoRadius) { + if (hasNoRadius) { + mbMap.setPaintProperty(mbLayerId, 'circle-stroke-width', 0); + } else { + mbMap.setPaintProperty(mbLayerId, 'circle-stroke-width', this._options.size); + } } syncCircleRadiusWithMb(mbLayerId, mbMap) { diff --git a/x-pack/plugins/maps/public/layers/styles/vector/vector_style.js b/x-pack/plugins/maps/public/layers/styles/vector/vector_style.js index ae5d148e43cfd..b044c98d44d41 100644 --- a/x-pack/plugins/maps/public/layers/styles/vector/vector_style.js +++ b/x-pack/plugins/maps/public/layers/styles/vector/vector_style.js @@ -543,8 +543,11 @@ export class VectorStyle extends AbstractStyle { setMBPaintPropertiesForPoints({ alpha, mbMap, pointLayerId }) { this._fillColorStyleProperty.syncCircleColorWithMb(pointLayerId, mbMap, alpha); this._lineColorStyleProperty.syncCircleStrokeWithMb(pointLayerId, mbMap, alpha); - this._lineWidthStyleProperty.syncCircleStrokeWidthWithMb(pointLayerId, mbMap); - this._iconSizeStyleProperty.syncCircleRadiusWithMb(pointLayerId, mbMap); + const hasNoRadius = + !this._iconSizeStyleProperty.isDynamic() && + this._iconSizeStyleProperty.getOptions().size === 0; + this._lineWidthStyleProperty.syncCircleStrokeWidthWithMb(pointLayerId, mbMap, hasNoRadius); + this._iconSizeStyleProperty.syncCircleRadiusWithMb(pointLayerId, mbMap, hasNoRadius); } setMBPropertiesForLabelText({ alpha, mbMap, textLayerId }) { From dc013cb80f4256f7ffbcb8b814efee8590fc4a8a Mon Sep 17 00:00:00 2001 From: Nathan Reese Date: Mon, 6 Apr 2020 21:27:47 -0600 Subject: [PATCH 04/36] [Maps] Allow updating requestType for ESGeoGridSource (#62365) * [Maps] Allow updating requestType for ESGeoGridSource * re-add import removed from last merge Co-authored-by: Elastic Machine --- .../data_request_descriptor_types.d.ts | 17 ++++++++++++++++- .../es_geo_grid_source/create_source_editor.js | 3 +-- .../es_geo_grid_source/es_geo_grid_source.js | 6 ++++++ .../es_geo_grid_source/render_as_select.tsx | 7 +++++++ .../es_geo_grid_source/update_source_editor.js | 10 ++++++++++ .../maps/public/layers/sources/source.js | 4 ---- .../public/layers/sources/vector_source.d.ts | 3 +++ .../maps/public/layers/sources/vector_source.js | 4 ++++ 8 files changed, 47 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/maps/common/descriptor_types/data_request_descriptor_types.d.ts b/x-pack/plugins/maps/common/descriptor_types/data_request_descriptor_types.d.ts index ca0e474491780..ceba2fe56db12 100644 --- a/x-pack/plugins/maps/common/descriptor_types/data_request_descriptor_types.d.ts +++ b/x-pack/plugins/maps/common/descriptor_types/data_request_descriptor_types.d.ts @@ -5,6 +5,7 @@ */ /* eslint-disable @typescript-eslint/consistent-type-definitions */ +import { RENDER_AS, SORT_ORDER, SCALING_TYPES } from '../constants'; import { MapExtent, MapQuery } from './map_descriptor'; // Global map state passed to every layer. @@ -18,12 +19,26 @@ export type MapFilters = { zoom: number; }; +type ESSearchSourceSyncMeta = { + sortField: string; + sortOrder: SORT_ORDER; + scalingType: SCALING_TYPES; + topHitsSplitField: string; + topHitsSize: number; +}; + +type ESGeoGridSourceSyncMeta = { + requestType: RENDER_AS; +}; + +export type VectorSourceSyncMeta = ESSearchSourceSyncMeta | ESGeoGridSourceSyncMeta; + export type VectorSourceRequestMeta = MapFilters & { applyGlobalQuery: boolean; fieldNames: string[]; geogridPrecision: number; sourceQuery: MapQuery; - sourceMeta: unknown; + sourceMeta: VectorSourceSyncMeta; }; export type VectorStyleRequestMeta = MapFilters & { diff --git a/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/create_source_editor.js b/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/create_source_editor.js index 4aec390bec745..265606dc87e0f 100644 --- a/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/create_source_editor.js +++ b/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/create_source_editor.js @@ -9,7 +9,6 @@ import React, { Fragment, Component } from 'react'; import PropTypes from 'prop-types'; import { SingleFieldSelect } from '../../../components/single_field_select'; -import { RENDER_AS } from '../../../../common/constants'; import { getIndexPatternService, getIndexPatternSelectComponent } from '../../../kibana_services'; import { NoIndexPatternCallout } from '../../../components/no_index_pattern_callout'; import { i18n } from '@kbn/i18n'; @@ -155,7 +154,7 @@ export class CreateSourceEditor extends Component { } _renderRenderAsSelect() { - if (this.state.requestType === RENDER_AS.HEATMAP || !this.state.indexPattern) { + if (!this.state.indexPattern) { return null; } diff --git a/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/es_geo_grid_source.js b/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/es_geo_grid_source.js index dec802ac3cf1a..04f944396ab35 100644 --- a/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/es_geo_grid_source.js +++ b/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/es_geo_grid_source.js @@ -70,6 +70,12 @@ export class ESGeoGridSource extends AbstractESAggSource { ); } + getSyncMeta() { + return { + requestType: this._descriptor.requestType, + }; + } + async getImmutableProperties() { let indexPatternTitle = this.getIndexPatternId(); try { diff --git a/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/render_as_select.tsx b/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/render_as_select.tsx index c82781ede186f..899f4a797ea75 100644 --- a/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/render_as_select.tsx +++ b/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/render_as_select.tsx @@ -27,7 +27,12 @@ const options = [ export function RenderAsSelect(props: { renderAs: RENDER_AS; onChange: (newValue: RENDER_AS) => void; + isColumnCompressed?: boolean; }) { + if (props.renderAs === RENDER_AS.HEATMAP) { + return null; + } + function onChange(selectedOptions: Array>) { if (!selectedOptions || !selectedOptions.length) { return; @@ -46,6 +51,7 @@ export function RenderAsSelect(props: { label={i18n.translate('xpack.maps.source.esGeoGrid.showAsLabel', { defaultMessage: 'Show as', })} + display={props.isColumnCompressed ? 'columnCompressed' : 'row'} > ); diff --git a/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/update_source_editor.js b/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/update_source_editor.js index cd494db3897fb..c0d6cba3a024a 100644 --- a/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/update_source_editor.js +++ b/x-pack/plugins/maps/public/layers/sources/es_geo_grid_source/update_source_editor.js @@ -15,6 +15,7 @@ import { FormattedMessage } from '@kbn/i18n/react'; import { EuiPanel, EuiSpacer, EuiTitle } from '@elastic/eui'; import { isMetricCountable } from '../../util/is_metric_countable'; import { indexPatterns } from '../../../../../../../src/plugins/data/public'; +import { RenderAsSelect } from './render_as_select'; export class UpdateSourceEditor extends Component { state = { @@ -65,6 +66,10 @@ export class UpdateSourceEditor extends Component { this.props.onChange({ propName: 'resolution', value: e }); }; + _onRequestTypeSelect = requestType => { + this.props.onChange({ propName: 'requestType', value: requestType }); + }; + _renderMetricsPanel() { const metricsFilter = this.props.renderAs === RENDER_AS.HEATMAP @@ -113,6 +118,11 @@ export class UpdateSourceEditor extends Component { resolution={this.props.resolution} onChange={this._onResolutionChange} /> + diff --git a/x-pack/plugins/maps/public/layers/sources/source.js b/x-pack/plugins/maps/public/layers/sources/source.js index 368de421e23ce..3029a5c091202 100644 --- a/x-pack/plugins/maps/public/layers/sources/source.js +++ b/x-pack/plugins/maps/public/layers/sources/source.js @@ -111,10 +111,6 @@ export class AbstractSource { return 0; } - getSyncMeta() { - return {}; - } - isJoinable() { return false; } diff --git a/x-pack/plugins/maps/public/layers/sources/vector_source.d.ts b/x-pack/plugins/maps/public/layers/sources/vector_source.d.ts index 1400654297e01..d597e64277186 100644 --- a/x-pack/plugins/maps/public/layers/sources/vector_source.d.ts +++ b/x-pack/plugins/maps/public/layers/sources/vector_source.d.ts @@ -12,6 +12,7 @@ import { ESSearchSourceResponseMeta, MapExtent, VectorSourceRequestMeta, + VectorSourceSyncMeta, } from '../../../common/descriptor_types'; export type GeoJsonFetchMeta = ESSearchSourceResponseMeta; @@ -31,6 +32,7 @@ export interface IVectorSource extends ISource { getFields(): Promise; getFieldByName(fieldName: string): IField; + getSyncMeta(): VectorSourceSyncMeta; } export class AbstractVectorSource extends AbstractSource implements IVectorSource { @@ -43,4 +45,5 @@ export class AbstractVectorSource extends AbstractSource implements IVectorSourc getFields(): Promise; getFieldByName(fieldName: string): IField; + getSyncMeta(): VectorSourceSyncMeta; } diff --git a/x-pack/plugins/maps/public/layers/sources/vector_source.js b/x-pack/plugins/maps/public/layers/sources/vector_source.js index 7ff1c735c8613..7f97b1b21d189 100644 --- a/x-pack/plugins/maps/public/layers/sources/vector_source.js +++ b/x-pack/plugins/maps/public/layers/sources/vector_source.js @@ -151,4 +151,8 @@ export class AbstractVectorSource extends AbstractSource { getSourceTooltipContent(/* sourceDataRequest */) { return { tooltipContent: null, areResultsTrimmed: false }; } + + getSyncMeta() { + return {}; + } } From 04586263791175a14805680602e9310cc3dbe508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Marcondes?= <55978943+cauemarcondes@users.noreply.github.com> Date: Tue, 7 Apr 2020 08:08:00 +0100 Subject: [PATCH 05/36] fixing bug (#62577) --- .../app/Settings/CustomizeUI/CustomLink/Title.tsx | 2 +- .../components/app/Settings/CustomizeUI/index.tsx | 4 ++-- .../apm/public/components/app/Settings/index.tsx | 4 ++-- .../TransactionActionMenu/CustomLink/index.test.tsx | 2 +- .../shared/TransactionActionMenu/CustomLink/index.tsx | 2 +- .../TransactionActionMenu/TransactionActionMenu.tsx | 11 +++++++---- 6 files changed, 14 insertions(+), 11 deletions(-) diff --git a/x-pack/legacy/plugins/apm/public/components/app/Settings/CustomizeUI/CustomLink/Title.tsx b/x-pack/legacy/plugins/apm/public/components/app/Settings/CustomizeUI/CustomLink/Title.tsx index 17ec42b3e2016..07af7b0c0e7db 100644 --- a/x-pack/legacy/plugins/apm/public/components/app/Settings/CustomizeUI/CustomLink/Title.tsx +++ b/x-pack/legacy/plugins/apm/public/components/app/Settings/CustomizeUI/CustomLink/Title.tsx @@ -28,7 +28,7 @@ export const Title = () => ( 'xpack.apm.settings.customizeUI.customLink.info', { defaultMessage: - "These links will be shown in the 'Actions' context menu for the transaction detail." + 'These links will be shown in the Actions context menu for transactions.' } )} /> diff --git a/x-pack/legacy/plugins/apm/public/components/app/Settings/CustomizeUI/index.tsx b/x-pack/legacy/plugins/apm/public/components/app/Settings/CustomizeUI/index.tsx index 1cd1298fdd549..350f2185fb3c8 100644 --- a/x-pack/legacy/plugins/apm/public/components/app/Settings/CustomizeUI/index.tsx +++ b/x-pack/legacy/plugins/apm/public/components/app/Settings/CustomizeUI/index.tsx @@ -14,8 +14,8 @@ export const CustomizeUI = () => { <>

- {i18n.translate('xpack.apm.settings.customizeUI', { - defaultMessage: 'Customize UI' + {i18n.translate('xpack.apm.settings.customizeApp', { + defaultMessage: 'Customize app' })}

diff --git a/x-pack/legacy/plugins/apm/public/components/app/Settings/index.tsx b/x-pack/legacy/plugins/apm/public/components/app/Settings/index.tsx index f33bb17decd4e..2bb85876686bf 100644 --- a/x-pack/legacy/plugins/apm/public/components/app/Settings/index.tsx +++ b/x-pack/legacy/plugins/apm/public/components/app/Settings/index.tsx @@ -57,8 +57,8 @@ export const Settings: React.FC = props => { isSelected: pathname === '/settings/apm-indices' }, { - name: i18n.translate('xpack.apm.settings.customizeUI', { - defaultMessage: 'Customize UI' + name: i18n.translate('xpack.apm.settings.customizeApp', { + defaultMessage: 'Customize app' }), id: '3', href: getAPMHref('/settings/customize-ui', search), diff --git a/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/index.test.tsx b/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/index.test.tsx index 2dab8d63f99b2..9d1eeb9a3136d 100644 --- a/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/index.test.tsx +++ b/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/index.test.tsx @@ -28,7 +28,7 @@ describe('Custom links', () => { ); expectTextsInDocument(component, [ - 'No custom links found. Set up your own custom links i.e. a link to a specific Dashboard or external link.' + 'No custom links found. Set up your own custom links, e.g., a link to a specific Dashboard or external link.' ]); expectTextsNotInDocument(component, ['Create']); }); diff --git a/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/index.tsx b/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/index.tsx index b32d8f0d9582c..38b672a181fce 100644 --- a/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/index.tsx +++ b/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/index.tsx @@ -55,7 +55,7 @@ export const CustomLink = ({ {i18n.translate('xpack.apm.customLink.empty', { defaultMessage: - 'No custom links found. Set up your own custom links i.e. a link to a specific Dashboard or external link.' + 'No custom links found. Set up your own custom links, e.g., a link to a specific Dashboard or external link.' })} diff --git a/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/TransactionActionMenu.tsx b/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/TransactionActionMenu.tsx index 048ed662ec502..e3fbcf8485d54 100644 --- a/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/TransactionActionMenu.tsx +++ b/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/TransactionActionMenu.tsx @@ -85,7 +85,13 @@ export const TransactionActionMenu: FunctionComponent = ({ urlParams }); + const closePopover = () => { + setIsActionPopoverOpen(false); + setIsCustomLinksPopoverOpen(false); + }; + const toggleCustomLinkFlyout = () => { + closePopover(); setIsCustomLinkFlyoutOpen(isOpen => !isOpen); }; @@ -111,10 +117,7 @@ export const TransactionActionMenu: FunctionComponent = ({ )} { - setIsActionPopoverOpen(false); - setIsCustomLinksPopoverOpen(false); - }} + closePopover={closePopover} isOpen={isActionPopoverOpen} anchorPosition="downRight" button={ From 2e0d9002576490dc05310aebc643f24f020f6dea Mon Sep 17 00:00:00 2001 From: Shahzad Date: Tue, 7 Apr 2020 09:16:45 +0200 Subject: [PATCH 06/36] =?UTF-8?q?[Uptime]Abstracted=20'access:uptime-read'?= =?UTF-8?q?=20tag=20into=20a=20wrapper=20for=E2=80=A6=20(#62576)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * abstract access headers * updated code --- .../server/rest_api/create_route_with_auth.ts | 2 +- .../server/rest_api/dynamic_settings.ts | 4 +-- .../rest_api/index_state/get_index_pattern.ts | 3 -- .../rest_api/index_state/get_index_status.ts | 3 -- .../uptime/server/rest_api/monitors/index.ts | 2 +- .../rest_api/monitors/monitor_locations.ts | 3 -- .../monitors/{status.ts => monitor_status.ts} | 3 -- .../rest_api/monitors/monitors_details.ts | 3 -- .../rest_api/monitors/monitors_durations.ts | 3 -- .../overview_filters/get_overview_filters.ts | 4 --- .../uptime/server/rest_api/pings/get_all.ts | 3 -- .../rest_api/pings/get_ping_histogram.ts | 3 -- .../uptime/server/rest_api/pings/get_pings.ts | 3 -- .../rest_api/snapshot/get_snapshot_count.ts | 5 +-- .../rest_api/telemetry/log_page_view.ts | 3 -- .../plugins/uptime/server/rest_api/types.ts | 1 + .../server/rest_api/uptime_route_wrapper.ts | 35 +++++++++---------- 17 files changed, 22 insertions(+), 61 deletions(-) rename x-pack/plugins/uptime/server/rest_api/monitors/{status.ts => monitor_status.ts} (95%) diff --git a/x-pack/plugins/uptime/server/rest_api/create_route_with_auth.ts b/x-pack/plugins/uptime/server/rest_api/create_route_with_auth.ts index 41527d76432cb..966dc20e27a7e 100644 --- a/x-pack/plugins/uptime/server/rest_api/create_route_with_auth.ts +++ b/x-pack/plugins/uptime/server/rest_api/create_route_with_auth.ts @@ -16,7 +16,7 @@ export const createRouteWithAuth = ( const licenseCheckHandler: UMRouteHandler = async (customParams, context, request, response) => { const { statusCode, message } = libs.license(context.licensing.license); if (statusCode === 200) { - return await handler(customParams, context, request, response); + return handler(customParams, context, request, response); } switch (statusCode) { case 400: diff --git a/x-pack/plugins/uptime/server/rest_api/dynamic_settings.ts b/x-pack/plugins/uptime/server/rest_api/dynamic_settings.ts index 2235379ba6f03..3f4e2fc345182 100644 --- a/x-pack/plugins/uptime/server/rest_api/dynamic_settings.ts +++ b/x-pack/plugins/uptime/server/rest_api/dynamic_settings.ts @@ -19,9 +19,6 @@ export const createGetDynamicSettingsRoute: UMRestApiRouteFactory = (libs: UMSer method: 'GET', path: '/api/uptime/dynamic_settings', validate: false, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ dynamicSettings }, _context, _request, response): Promise => { return response.ok({ body: dynamicSettings, @@ -35,6 +32,7 @@ export const createPostDynamicSettingsRoute: UMRestApiRouteFactory = (libs: UMSe validate: { body: schema.object({}, { unknowns: 'allow' }), }, + writeAccess: true, options: { tags: ['access:uptime-write'], }, diff --git a/x-pack/plugins/uptime/server/rest_api/index_state/get_index_pattern.ts b/x-pack/plugins/uptime/server/rest_api/index_state/get_index_pattern.ts index cec5bb1be245f..689a75c5903a6 100644 --- a/x-pack/plugins/uptime/server/rest_api/index_state/get_index_pattern.ts +++ b/x-pack/plugins/uptime/server/rest_api/index_state/get_index_pattern.ts @@ -12,9 +12,6 @@ export const createGetIndexPatternRoute: UMRestApiRouteFactory = (libs: UMServer method: 'GET', path: API_URLS.INDEX_PATTERN, validate: false, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, _request, response): Promise => { try { return response.ok({ diff --git a/x-pack/plugins/uptime/server/rest_api/index_state/get_index_status.ts b/x-pack/plugins/uptime/server/rest_api/index_state/get_index_status.ts index 9c94ef92f9b6e..8ed73d90b2389 100644 --- a/x-pack/plugins/uptime/server/rest_api/index_state/get_index_status.ts +++ b/x-pack/plugins/uptime/server/rest_api/index_state/get_index_status.ts @@ -12,9 +12,6 @@ export const createGetIndexStatusRoute: UMRestApiRouteFactory = (libs: UMServerL method: 'GET', path: API_URLS.INDEX_STATUS, validate: false, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, _request, response): Promise => { try { return response.ok({ diff --git a/x-pack/plugins/uptime/server/rest_api/monitors/index.ts b/x-pack/plugins/uptime/server/rest_api/monitors/index.ts index 7da717b50c149..51b39037049b5 100644 --- a/x-pack/plugins/uptime/server/rest_api/monitors/index.ts +++ b/x-pack/plugins/uptime/server/rest_api/monitors/index.ts @@ -6,4 +6,4 @@ export { createGetMonitorDetailsRoute } from './monitors_details'; export { createGetMonitorLocationsRoute } from './monitor_locations'; -export { createGetStatusBarRoute } from './status'; +export { createGetStatusBarRoute } from './monitor_status'; diff --git a/x-pack/plugins/uptime/server/rest_api/monitors/monitor_locations.ts b/x-pack/plugins/uptime/server/rest_api/monitors/monitor_locations.ts index befa5fd7e0e55..66ce9871506d4 100644 --- a/x-pack/plugins/uptime/server/rest_api/monitors/monitor_locations.ts +++ b/x-pack/plugins/uptime/server/rest_api/monitors/monitor_locations.ts @@ -19,9 +19,6 @@ export const createGetMonitorLocationsRoute: UMRestApiRouteFactory = (libs: UMSe dateEnd: schema.string(), }), }, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response): Promise => { const { monitorId, dateStart, dateEnd } = request.query; diff --git a/x-pack/plugins/uptime/server/rest_api/monitors/status.ts b/x-pack/plugins/uptime/server/rest_api/monitors/monitor_status.ts similarity index 95% rename from x-pack/plugins/uptime/server/rest_api/monitors/status.ts rename to x-pack/plugins/uptime/server/rest_api/monitors/monitor_status.ts index 9bccd64c4bd65..9cf1340fb9409 100644 --- a/x-pack/plugins/uptime/server/rest_api/monitors/status.ts +++ b/x-pack/plugins/uptime/server/rest_api/monitors/monitor_status.ts @@ -20,9 +20,6 @@ export const createGetStatusBarRoute: UMRestApiRouteFactory = (libs: UMServerLib dateEnd: schema.string(), }), }, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response): Promise => { const { monitorId, dateStart, dateEnd } = request.query; const result = await libs.requests.getLatestMonitor({ diff --git a/x-pack/plugins/uptime/server/rest_api/monitors/monitors_details.ts b/x-pack/plugins/uptime/server/rest_api/monitors/monitors_details.ts index b14eb2c138a75..1cc010781457e 100644 --- a/x-pack/plugins/uptime/server/rest_api/monitors/monitors_details.ts +++ b/x-pack/plugins/uptime/server/rest_api/monitors/monitors_details.ts @@ -19,9 +19,6 @@ export const createGetMonitorDetailsRoute: UMRestApiRouteFactory = (libs: UMServ dateEnd: schema.maybe(schema.string()), }), }, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response): Promise => { const { monitorId, dateStart, dateEnd } = request.query; return response.ok({ diff --git a/x-pack/plugins/uptime/server/rest_api/monitors/monitors_durations.ts b/x-pack/plugins/uptime/server/rest_api/monitors/monitors_durations.ts index 10008c4f6c7ea..9743ced13350a 100644 --- a/x-pack/plugins/uptime/server/rest_api/monitors/monitors_durations.ts +++ b/x-pack/plugins/uptime/server/rest_api/monitors/monitors_durations.ts @@ -20,9 +20,6 @@ export const createGetMonitorDurationRoute: UMRestApiRouteFactory = (libs: UMSer dateEnd: schema.string(), }), }, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response): Promise => { const { monitorId, dateStart, dateEnd } = request.query; return response.ok({ diff --git a/x-pack/plugins/uptime/server/rest_api/overview_filters/get_overview_filters.ts b/x-pack/plugins/uptime/server/rest_api/overview_filters/get_overview_filters.ts index 05376f061c05f..deac05f36c8dc 100644 --- a/x-pack/plugins/uptime/server/rest_api/overview_filters/get_overview_filters.ts +++ b/x-pack/plugins/uptime/server/rest_api/overview_filters/get_overview_filters.ts @@ -28,10 +28,6 @@ export const createGetOverviewFilters: UMRestApiRouteFactory = (libs: UMServerLi tags: arrayOrStringType, }), }, - - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response) => { const { dateRangeStart, dateRangeEnd, locations, schemes, search, ports, tags } = request.query; diff --git a/x-pack/plugins/uptime/server/rest_api/pings/get_all.ts b/x-pack/plugins/uptime/server/rest_api/pings/get_all.ts index d64c76fc18a80..c76892103da6b 100644 --- a/x-pack/plugins/uptime/server/rest_api/pings/get_all.ts +++ b/x-pack/plugins/uptime/server/rest_api/pings/get_all.ts @@ -23,9 +23,6 @@ export const createGetAllRoute: UMRestApiRouteFactory = (libs: UMServerLibs) => status: schema.maybe(schema.string()), }), }, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response): Promise => { const { dateRangeStart, dateRangeEnd, location, monitorId, size, sort, status } = request.query; diff --git a/x-pack/plugins/uptime/server/rest_api/pings/get_ping_histogram.ts b/x-pack/plugins/uptime/server/rest_api/pings/get_ping_histogram.ts index cbd9ada027b31..dceef5ecb7848 100644 --- a/x-pack/plugins/uptime/server/rest_api/pings/get_ping_histogram.ts +++ b/x-pack/plugins/uptime/server/rest_api/pings/get_ping_histogram.ts @@ -21,9 +21,6 @@ export const createGetPingHistogramRoute: UMRestApiRouteFactory = (libs: UMServe filters: schema.maybe(schema.string()), }), }, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response): Promise => { const { dateStart, dateEnd, statusFilter, monitorId, filters } = request.query; diff --git a/x-pack/plugins/uptime/server/rest_api/pings/get_pings.ts b/x-pack/plugins/uptime/server/rest_api/pings/get_pings.ts index 8129ad70e6d7d..cde9a8c4e47ea 100644 --- a/x-pack/plugins/uptime/server/rest_api/pings/get_pings.ts +++ b/x-pack/plugins/uptime/server/rest_api/pings/get_pings.ts @@ -23,9 +23,6 @@ export const createGetPingsRoute: UMRestApiRouteFactory = (libs: UMServerLibs) = status: schema.maybe(schema.string()), }), }, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response): Promise => { const { dateRangeStart, dateRangeEnd, location, monitorId, size, sort, status } = request.query; diff --git a/x-pack/plugins/uptime/server/rest_api/snapshot/get_snapshot_count.ts b/x-pack/plugins/uptime/server/rest_api/snapshot/get_snapshot_count.ts index 4fda95bbf86da..d870f49280117 100644 --- a/x-pack/plugins/uptime/server/rest_api/snapshot/get_snapshot_count.ts +++ b/x-pack/plugins/uptime/server/rest_api/snapshot/get_snapshot_count.ts @@ -7,7 +7,7 @@ import { schema } from '@kbn/config-schema'; import { UMServerLibs } from '../../lib/lib'; import { UMRestApiRouteFactory } from '../types'; -import { API_URLS } from '../../../../../legacy/plugins/uptime/common/constants/rest_api'; +import { API_URLS } from '../../../../../legacy/plugins/uptime/common/constants'; export const createGetSnapshotCount: UMRestApiRouteFactory = (libs: UMServerLibs) => ({ method: 'GET', @@ -20,9 +20,6 @@ export const createGetSnapshotCount: UMRestApiRouteFactory = (libs: UMServerLibs statusFilter: schema.maybe(schema.string()), }), }, - options: { - tags: ['access:uptime-read'], - }, handler: async ({ callES, dynamicSettings }, _context, request, response): Promise => { const { dateRangeStart, dateRangeEnd, filters, statusFilter } = request.query; const result = await libs.requests.getSnapshotCount({ diff --git a/x-pack/plugins/uptime/server/rest_api/telemetry/log_page_view.ts b/x-pack/plugins/uptime/server/rest_api/telemetry/log_page_view.ts index 1f6f052019870..331c76ca31db5 100644 --- a/x-pack/plugins/uptime/server/rest_api/telemetry/log_page_view.ts +++ b/x-pack/plugins/uptime/server/rest_api/telemetry/log_page_view.ts @@ -27,7 +27,4 @@ export const createLogPageViewRoute: UMRestApiRouteFactory = () => ({ body: result, }); }, - options: { - tags: ['access:uptime-read'], - }, }); diff --git a/x-pack/plugins/uptime/server/rest_api/types.ts b/x-pack/plugins/uptime/server/rest_api/types.ts index 8bb1e8a6a86c0..aecb099b7bed5 100644 --- a/x-pack/plugins/uptime/server/rest_api/types.ts +++ b/x-pack/plugins/uptime/server/rest_api/types.ts @@ -24,6 +24,7 @@ import { UMServerLibs } from '../lib/lib'; */ export interface UMServerRoute { method: string; + writeAccess?: boolean; handler: T; } diff --git a/x-pack/plugins/uptime/server/rest_api/uptime_route_wrapper.ts b/x-pack/plugins/uptime/server/rest_api/uptime_route_wrapper.ts index 676aced23a25e..7ede9d39c5f2c 100644 --- a/x-pack/plugins/uptime/server/rest_api/uptime_route_wrapper.ts +++ b/x-pack/plugins/uptime/server/rest_api/uptime_route_wrapper.ts @@ -7,21 +7,20 @@ import { UMKibanaRouteWrapper } from './types'; import { savedObjectsAdapter } from '../lib/saved_objects'; -export const uptimeRouteWrapper: UMKibanaRouteWrapper = uptimeRoute => { - return { - ...uptimeRoute, - handler: async (context, request, response) => { - const { callAsCurrentUser: callES } = context.core.elasticsearch.dataClient; - const { client: savedObjectsClient } = context.core.savedObjects; - const dynamicSettings = await savedObjectsAdapter.getUptimeDynamicSettings( - savedObjectsClient - ); - return await uptimeRoute.handler( - { callES, savedObjectsClient, dynamicSettings }, - context, - request, - response - ); - }, - }; -}; +export const uptimeRouteWrapper: UMKibanaRouteWrapper = uptimeRoute => ({ + ...uptimeRoute, + options: { + tags: ['access:uptime-read', ...(uptimeRoute?.writeAccess ? ['access:uptime-write'] : [])], + }, + handler: async (context, request, response) => { + const { callAsCurrentUser: callES } = context.core.elasticsearch.dataClient; + const { client: savedObjectsClient } = context.core.savedObjects; + const dynamicSettings = await savedObjectsAdapter.getUptimeDynamicSettings(savedObjectsClient); + return uptimeRoute.handler( + { callES, savedObjectsClient, dynamicSettings }, + context, + request, + response + ); + }, +}); From 91a0010668345bb85d21bd127b4876047c957769 Mon Sep 17 00:00:00 2001 From: MadameSheema Date: Tue, 7 Apr 2020 09:19:08 +0200 Subject: [PATCH 07/36] [SIEM] Adds sort rules Cypress test (#62700) * adds 'singal detection rules' spec * adds 'Sorts by activated rules' test * implements 'Sort by activated rules' * refactors code * fixes index --- .../signal_detection_rules.spec.ts | 62 +++++++++++++++++++ .../cypress/screens/signal_detection_rules.ts | 12 ++++ .../cypress/tasks/signal_detection_rules.ts | 23 ++++++- 3 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 x-pack/legacy/plugins/siem/cypress/integration/signal_detection_rules.spec.ts diff --git a/x-pack/legacy/plugins/siem/cypress/integration/signal_detection_rules.spec.ts b/x-pack/legacy/plugins/siem/cypress/integration/signal_detection_rules.spec.ts new file mode 100644 index 0000000000000..1559285d508ed --- /dev/null +++ b/x-pack/legacy/plugins/siem/cypress/integration/signal_detection_rules.spec.ts @@ -0,0 +1,62 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { + FIFTH_RULE, + FIRST_RULE, + RULE_NAME, + SECOND_RULE, + SEVENTH_RULE, +} from '../screens/signal_detection_rules'; + +import { goToManageSignalDetectionRules } from '../tasks/detections'; +import { esArchiverLoad, esArchiverUnload } from '../tasks/es_archiver'; +import { loginAndWaitForPageWithoutDateRange } from '../tasks/login'; +import { + activateRule, + sortByActivatedRules, + waitForLoadElasticPrebuiltDetectionRulesTableToBeLoaded, + waitForRuleToBeActivated, +} from '../tasks/signal_detection_rules'; + +import { DETECTIONS } from '../urls/navigation'; + +describe('Signal detection rules', () => { + before(() => { + esArchiverLoad('prebuilt_rules_loaded'); + }); + + after(() => { + esArchiverUnload('prebuilt_rules_loaded'); + }); + + it('Sorts by activated rules', () => { + loginAndWaitForPageWithoutDateRange(DETECTIONS); + goToManageSignalDetectionRules(); + waitForLoadElasticPrebuiltDetectionRulesTableToBeLoaded(); + cy.get(RULE_NAME) + .eq(FIFTH_RULE) + .invoke('text') + .then(fifthRuleName => { + activateRule(FIFTH_RULE); + waitForRuleToBeActivated(); + cy.get(RULE_NAME) + .eq(SEVENTH_RULE) + .invoke('text') + .then(seventhRuleName => { + activateRule(SEVENTH_RULE); + waitForRuleToBeActivated(); + sortByActivatedRules(); + + cy.get(RULE_NAME) + .eq(FIRST_RULE) + .should('have.text', fifthRuleName); + cy.get(RULE_NAME) + .eq(SECOND_RULE) + .should('have.text', seventhRuleName); + }); + }); + }); +}); diff --git a/x-pack/legacy/plugins/siem/cypress/screens/signal_detection_rules.ts b/x-pack/legacy/plugins/siem/cypress/screens/signal_detection_rules.ts index 09fbc2132302c..f74f5c26ddc2e 100644 --- a/x-pack/legacy/plugins/siem/cypress/screens/signal_detection_rules.ts +++ b/x-pack/legacy/plugins/siem/cypress/screens/signal_detection_rules.ts @@ -18,6 +18,10 @@ export const DELETE_RULE_BULK_BTN = '[data-test-subj="deleteRuleBulk"]'; export const ELASTIC_RULES_BTN = '[data-test-subj="show-elastic-rules-filter-button"]'; +export const FIFTH_RULE = 4; + +export const FIRST_RULE = 0; + export const LOAD_PREBUILT_RULES_BTN = '[data-test-subj="load-prebuilt-rules"]'; export const LOADING_INITIAL_PREBUILT_RULES_TABLE = @@ -31,18 +35,26 @@ export const RISK_SCORE = '[data-test-subj="riskScore"]'; export const RELOAD_PREBUILT_RULES_BTN = '[data-test-subj="reloadPrebuiltRulesBtn"]'; +export const SECOND_RULE = 1; + export const RULE_CHECKBOX = '.euiTableRow .euiCheckbox__input'; export const RULE_NAME = '[data-test-subj="ruleName"]'; export const RULE_SWITCH = '[data-test-subj="rule-switch"]'; +export const RULE_SWITCH_LOADER = '[data-test-subj="rule-switch-loader"]'; + export const RULES_TABLE = '[data-test-subj="rules-table"]'; export const RULES_ROW = '.euiTableRow'; +export const SEVENTH_RULE = 6; + export const SEVERITY = '[data-test-subj="severity"]'; export const SHOWING_RULES_TEXT = '[data-test-subj="showingRules"]'; +export const SORT_RULES_BTN = '[data-test-subj="tableHeaderSortButton"]'; + export const THREE_HUNDRED_ROWS = '[data-test-subj="tablePagination-300-rows"]'; diff --git a/x-pack/legacy/plugins/siem/cypress/tasks/signal_detection_rules.ts b/x-pack/legacy/plugins/siem/cypress/tasks/signal_detection_rules.ts index cfc490526d84e..a404f1142cba7 100644 --- a/x-pack/legacy/plugins/siem/cypress/tasks/signal_detection_rules.ts +++ b/x-pack/legacy/plugins/siem/cypress/tasks/signal_detection_rules.ts @@ -15,13 +15,22 @@ import { LOADING_INITIAL_PREBUILT_RULES_TABLE, LOADING_SPINNER, PAGINATION_POPOVER_BTN, + RELOAD_PREBUILT_RULES_BTN, RULE_CHECKBOX, RULE_NAME, + RULE_SWITCH, + RULE_SWITCH_LOADER, RULES_TABLE, + SORT_RULES_BTN, THREE_HUNDRED_ROWS, - RELOAD_PREBUILT_RULES_BTN, } from '../screens/signal_detection_rules'; +export const activateRule = (rulePosition: number) => { + cy.get(RULE_SWITCH) + .eq(rulePosition) + .click({ force: true }); +}; + export const changeToThreeHundredRowsPerPage = () => { cy.get(PAGINATION_POPOVER_BTN).click({ force: true }); cy.get(THREE_HUNDRED_ROWS).click(); @@ -71,6 +80,13 @@ export const selectNumberOfRules = (numberOfRules: number) => { } }; +export const sortByActivatedRules = () => { + cy.get(SORT_RULES_BTN).click({ force: true }); + waitForRulesToBeLoaded(); + cy.get(SORT_RULES_BTN).click({ force: true }); + waitForRulesToBeLoaded(); +}; + export const waitForLoadElasticPrebuiltDetectionRulesTableToBeLoaded = () => { cy.get(LOADING_INITIAL_PREBUILT_RULES_TABLE).should('exist'); cy.get(LOADING_INITIAL_PREBUILT_RULES_TABLE).should('not.exist'); @@ -81,6 +97,11 @@ export const waitForPrebuiltDetectionRulesToBeLoaded = () => { cy.get(RULES_TABLE).should('exist'); }; +export const waitForRuleToBeActivated = () => { + cy.get(RULE_SWITCH_LOADER).should('exist'); + cy.get(RULE_SWITCH_LOADER).should('not.exist'); +}; + export const waitForRulesToBeLoaded = () => { cy.get(LOADING_SPINNER).should('exist'); cy.get(LOADING_SPINNER).should('not.exist'); From 355cacff7c4a6b9ad70fd2b2651cb8be412085b0 Mon Sep 17 00:00:00 2001 From: Shahzad Date: Tue, 7 Apr 2020 09:19:36 +0200 Subject: [PATCH 08/36] [Uptime] Improve Telemetry test (#62428) * removed unnecessary filter * update condition * added a unit test for mix state * fix types * fix type * updated test * update * updates test * updates tests * updates tests * updated type Co-authored-by: Elastic Machine --- .../uptime/common/constants/rest_api.ts | 2 +- .../uptime/public/hooks/use_telemetry.ts | 2 +- .../telemetry/kibana_telemetry_adapter.ts | 26 ++-- .../server/lib/adapters/telemetry/types.ts | 1 + .../rest_api/telemetry/log_page_view.ts | 17 ++- .../api_integration/apis/uptime/rest/index.ts | 1 + .../apis/uptime/rest/telemetry_collectors.ts | 129 ++++++++++++++++++ .../apis/uptime/telemetry_collectors.ts | 21 --- 8 files changed, 162 insertions(+), 37 deletions(-) create mode 100644 x-pack/test/api_integration/apis/uptime/rest/telemetry_collectors.ts delete mode 100644 x-pack/test/api_integration/apis/uptime/telemetry_collectors.ts diff --git a/x-pack/legacy/plugins/uptime/common/constants/rest_api.ts b/x-pack/legacy/plugins/uptime/common/constants/rest_api.ts index 86e2b03e13f22..dffa131870db1 100644 --- a/x-pack/legacy/plugins/uptime/common/constants/rest_api.ts +++ b/x-pack/legacy/plugins/uptime/common/constants/rest_api.ts @@ -15,7 +15,7 @@ export enum API_URLS { PING_HISTOGRAM = `/api/uptime/ping/histogram`, SNAPSHOT_COUNT = `/api/uptime/snapshot/count`, FILTERS = `/api/uptime/filters`, - logPageView = `/api/uptime/logPageView`, + LOG_PAGE_VIEW = `/api/uptime/log_page_view`, ML_MODULE_JOBS = `/api/ml/modules/jobs_exist/`, ML_SETUP_MODULE = '/api/ml/modules/setup/', diff --git a/x-pack/legacy/plugins/uptime/public/hooks/use_telemetry.ts b/x-pack/legacy/plugins/uptime/public/hooks/use_telemetry.ts index fc0e0ce1c3e88..13fe523332ae5 100644 --- a/x-pack/legacy/plugins/uptime/public/hooks/use_telemetry.ts +++ b/x-pack/legacy/plugins/uptime/public/hooks/use_telemetry.ts @@ -30,6 +30,6 @@ export const useUptimeTelemetry = (page?: UptimePage) => { dateEnd: dateRangeEnd, autoRefreshEnabled: !autorefreshIsPaused, }; - apiService.post(API_URLS.logPageView, params); + apiService.post(API_URLS.LOG_PAGE_VIEW, params); }, [autorefreshInterval, autorefreshIsPaused, dateRangeEnd, dateRangeStart, page]); }; diff --git a/x-pack/plugins/uptime/server/lib/adapters/telemetry/kibana_telemetry_adapter.ts b/x-pack/plugins/uptime/server/lib/adapters/telemetry/kibana_telemetry_adapter.ts index 3b2696ba23f7c..fa792429f102e 100644 --- a/x-pack/plugins/uptime/server/lib/adapters/telemetry/kibana_telemetry_adapter.ts +++ b/x-pack/plugins/uptime/server/lib/adapters/telemetry/kibana_telemetry_adapter.ts @@ -5,7 +5,7 @@ */ import moment from 'moment'; -import { ISavedObjectsRepository } from 'kibana/server'; +import { ISavedObjectsRepository, SavedObjectsClientContract } from 'kibana/server'; import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; import { PageViewParams, UptimeTelemetry } from './types'; import { APICaller } from '../framework'; @@ -54,6 +54,9 @@ export class KibanaTelemetryAdapter { } public static countPageView(pageView: PageViewParams) { + if (pageView.refreshTelemetryHistory) { + this.collector = {}; + } const bucketId = this.getBucketToIncrement(); const bucket = this.collector[bucketId]; if (pageView.page === 'Overview') { @@ -94,7 +97,7 @@ export class KibanaTelemetryAdapter { public static async countNoOfUniqueMonitorAndLocations( callCluster: APICaller, - savedObjectsClient: ISavedObjectsRepository + savedObjectsClient: ISavedObjectsRepository | SavedObjectsClientContract ) { const dynamicSettings = await savedObjectsAdapter.getUptimeDynamicSettings(savedObjectsClient); const params = { @@ -161,24 +164,27 @@ export class KibanaTelemetryAdapter { const monitorNameStats: any = result?.aggregations?.monitor_name; const locationNameStats: any = result?.aggregations?.observer_loc_name; const uniqueMonitors: any = result?.aggregations?.monitors.buckets; - const bucket = this.getBucketToIncrement(); - this.collector[bucket].no_of_unique_monitors = numberOfUniqueMonitors; - this.collector[bucket].no_of_unique_observer_locations = numberOfUniqueLocations; - this.collector[bucket].no_of_unique_observer_locations = numberOfUniqueLocations; - this.collector[bucket].monitor_name_stats = { + const bucketId = this.getBucketToIncrement(); + const bucket = this.collector[bucketId]; + + bucket.no_of_unique_monitors = numberOfUniqueMonitors; + bucket.no_of_unique_observer_locations = numberOfUniqueLocations; + bucket.no_of_unique_observer_locations = numberOfUniqueLocations; + bucket.monitor_name_stats = { min_length: monitorNameStats?.min_length ?? 0, max_length: monitorNameStats?.max_length ?? 0, - avg_length: +monitorNameStats?.avg_length.toFixed(2), + avg_length: +(monitorNameStats?.avg_length?.toFixed(2) ?? 0), }; - this.collector[bucket].observer_location_name_stats = { + bucket.observer_location_name_stats = { min_length: locationNameStats?.min_length ?? 0, max_length: locationNameStats?.max_length ?? 0, avg_length: +(locationNameStats?.avg_length?.toFixed(2) ?? 0), }; - this.collector[bucket].monitor_frequency = this.getMonitorsFrequency(uniqueMonitors); + bucket.monitor_frequency = this.getMonitorsFrequency(uniqueMonitors); + return bucket; } private static getMonitorsFrequency(uniqueMonitors = []) { diff --git a/x-pack/plugins/uptime/server/lib/adapters/telemetry/types.ts b/x-pack/plugins/uptime/server/lib/adapters/telemetry/types.ts index 059bea6cc3215..ee3360ecc41b1 100644 --- a/x-pack/plugins/uptime/server/lib/adapters/telemetry/types.ts +++ b/x-pack/plugins/uptime/server/lib/adapters/telemetry/types.ts @@ -10,6 +10,7 @@ export interface PageViewParams { dateEnd: string; autoRefreshEnabled: boolean; autorefreshInterval: number; + refreshTelemetryHistory?: boolean; } export interface Stats { diff --git a/x-pack/plugins/uptime/server/rest_api/telemetry/log_page_view.ts b/x-pack/plugins/uptime/server/rest_api/telemetry/log_page_view.ts index 331c76ca31db5..4b2db71037071 100644 --- a/x-pack/plugins/uptime/server/rest_api/telemetry/log_page_view.ts +++ b/x-pack/plugins/uptime/server/rest_api/telemetry/log_page_view.ts @@ -8,10 +8,11 @@ import { schema } from '@kbn/config-schema'; import { KibanaTelemetryAdapter } from '../../lib/adapters/telemetry'; import { UMRestApiRouteFactory } from '../types'; import { PageViewParams } from '../../lib/adapters/telemetry/types'; +import { API_URLS } from '../../../../../legacy/plugins/uptime/common/constants'; export const createLogPageViewRoute: UMRestApiRouteFactory = () => ({ method: 'POST', - path: '/api/uptime/logPageView', + path: API_URLS.LOG_PAGE_VIEW, validate: { body: schema.object({ page: schema.string(), @@ -19,12 +20,20 @@ export const createLogPageViewRoute: UMRestApiRouteFactory = () => ({ dateEnd: schema.string(), autoRefreshEnabled: schema.boolean(), autorefreshInterval: schema.number(), + refreshTelemetryHistory: schema.maybe(schema.boolean()), }), }, - handler: async ({ callES, dynamicSettings }, _context, _request, response): Promise => { - const result = KibanaTelemetryAdapter.countPageView(_request.body as PageViewParams); + handler: async ( + { savedObjectsClient, callES, dynamicSettings }, + _context, + request, + response + ): Promise => { + await KibanaTelemetryAdapter.countNoOfUniqueMonitorAndLocations(callES, savedObjectsClient); + const pageViewResult = KibanaTelemetryAdapter.countPageView(request.body as PageViewParams); + return response.ok({ - body: result, + body: pageViewResult, }); }, }); diff --git a/x-pack/test/api_integration/apis/uptime/rest/index.ts b/x-pack/test/api_integration/apis/uptime/rest/index.ts index f89bec589847e..9b0cd61c22462 100644 --- a/x-pack/test/api_integration/apis/uptime/rest/index.ts +++ b/x-pack/test/api_integration/apis/uptime/rest/index.ts @@ -42,6 +42,7 @@ export default function({ getService, loadTestFile }: FtrProviderContext) { loadTestFile(require.resolve('./snapshot')); loadTestFile(require.resolve('./dynamic_settings')); + loadTestFile(require.resolve('./telemetry_collectors')); }); describe('with real-world data', () => { before('load heartbeat data', async () => await esArchiver.load('uptime/full_heartbeat')); diff --git a/x-pack/test/api_integration/apis/uptime/rest/telemetry_collectors.ts b/x-pack/test/api_integration/apis/uptime/rest/telemetry_collectors.ts new file mode 100644 index 0000000000000..b2ec96be0f288 --- /dev/null +++ b/x-pack/test/api_integration/apis/uptime/rest/telemetry_collectors.ts @@ -0,0 +1,129 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from '@kbn/expect'; +import { FtrProviderContext } from '../../../ftr_provider_context'; +import { API_URLS } from '../../../../../legacy/plugins/uptime/common/constants'; +import { makeChecksWithStatus } from '../graphql/helpers/make_checks'; + +export default function({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + const es = getService('legacyEs'); + + describe('telemetry collectors', () => { + before('generating data', async () => { + await getService('esArchiver').load('uptime/blank'); + + const observer = { + geo: { + name: 'US-East', + location: '40.7128, -74.0060', + }, + }; + + const observer2 = { + geo: { + name: 'US', + location: '40.7128, -74.0060', + }, + }; + + await makeChecksWithStatus( + es, + 'upMonitorId', + 1, + 1, + 60 * 1000, + { + observer: {}, + monitor: { + name: 'Elastic', + }, + }, + 'up' + ); + + await makeChecksWithStatus( + es, + 'downMonitorId', + 1, + 1, + 120 * 1000, + { + observer, + monitor: { + name: 'Long Name with 22 Char', + }, + }, + 'down' + ); + + await makeChecksWithStatus(es, 'noGeoNameMonitor', 1, 1, 60 * 1000, { observer: {} }, 'down'); + await makeChecksWithStatus( + es, + 'downMonitorId', + 1, + 1, + 1, + { + observer, + monitor: { + name: 'Elastic', + }, + }, + 'down' + ); + + await makeChecksWithStatus(es, 'mixMonitorId', 1, 1, 1, { observer: observer2 }, 'down'); + }); + + after('unload heartbeat index', () => getService('esArchiver').unload('uptime/blank')); + + it('should receive expected results after calling monitor/overview logging', async () => { + // call monitor page + await supertest + .post(API_URLS.LOG_PAGE_VIEW) + .set('kbn-xsrf', 'true') + .send({ + page: 'Monitor', + autorefreshInterval: 100, + dateStart: 'now/d', + dateEnd: 'now/d', + autoRefreshEnabled: true, + refreshTelemetryHistory: true, + }) + .expect(200); + + // call overview page + const { body: result } = await supertest + .post(API_URLS.LOG_PAGE_VIEW) + .set('kbn-xsrf', 'true') + .send({ + page: 'Overview', + autorefreshInterval: 60, + dateStart: 'now/d', + dateEnd: 'now-30', + autoRefreshEnabled: true, + }) + .expect(200); + + expect(result).to.eql({ + overview_page: 1, + monitor_page: 1, + no_of_unique_monitors: 4, + settings_page: 0, + monitor_frequency: [120, 0.001, 60, 60], + monitor_name_stats: { min_length: 7, max_length: 22, avg_length: 12 }, + no_of_unique_observer_locations: 3, + observer_location_name_stats: { min_length: 2, max_length: 7, avg_length: 4.8 }, + dateRangeStart: ['now/d', 'now/d'], + dateRangeEnd: ['now/d', 'now-30'], + autoRefreshEnabled: true, + autorefreshInterval: [100, 60], + }); + }); + }); +} diff --git a/x-pack/test/api_integration/apis/uptime/telemetry_collectors.ts b/x-pack/test/api_integration/apis/uptime/telemetry_collectors.ts deleted file mode 100644 index e33c6120557bb..0000000000000 --- a/x-pack/test/api_integration/apis/uptime/telemetry_collectors.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FtrProviderContext } from '../../ftr_provider_context'; - -export default function({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - - describe('telemetry collectors', () => { - it('should receive a 200 for overview page logging', async () => { - await supertest.get('/api/uptime/logOverview').expect(200); - }); - - it('should receive a 200 for monitor page logging', async () => { - await supertest.get('/api/uptime/logMonitor').expect(200); - }); - }); -} From 8429a8ede93c19934ef70424259010c35c68bc3c Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Tue, 7 Apr 2020 09:24:21 +0200 Subject: [PATCH 09/36] Fix old pathes in eslintrc (#62580) --- .eslintrc.js | 31 +++++-------------------------- 1 file changed, 5 insertions(+), 26 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index e66331594b4ae..3c173e5244009 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -552,29 +552,6 @@ module.exports = { }, }, - /** - * Graph overrides - */ - { - files: ['x-pack/legacy/plugins/graph/**/*.js'], - globals: { - angular: true, - $: true, - }, - rules: { - 'block-scoped-var': 'off', - camelcase: 'off', - eqeqeq: 'off', - 'guard-for-in': 'off', - 'new-cap': 'off', - 'no-loop-func': 'off', - 'no-redeclare': 'off', - 'no-shadow': 'off', - 'no-unused-vars': 'off', - 'one-var': 'off', - }, - }, - /** * ML overrides */ @@ -771,7 +748,7 @@ module.exports = { * Lens overrides */ { - files: ['x-pack/legacy/plugins/lens/**/*.ts', 'x-pack/legacy/plugins/lens/**/*.tsx'], + files: ['x-pack/legacy/plugins/lens/**/*.{ts,tsx}', 'x-pack/plugins/lens/**/*.{ts,tsx}'], rules: { '@typescript-eslint/no-explicit-any': 'error', }, @@ -885,8 +862,10 @@ module.exports = { * TSVB overrides */ { - files: ['src/legacy/core_plugins/metrics/**/*.js'], - excludedFiles: 'src/legacy/core_plugins/metrics/index.js', + files: [ + 'src/plugins/vis_type_timeseries/**/*.{js,ts,tsx}', + 'src/legacy/core_plugins/vis_type_timeseries/**/*.{js,ts,tsx}', + ], rules: { 'import/no-default-export': 'error', }, From 64f27ca34e0daaaacb63240676e836a4d8e187cc Mon Sep 17 00:00:00 2001 From: James Gowdy Date: Tue, 7 Apr 2020 08:47:39 +0100 Subject: [PATCH 10/36] [ML] Show better file structure finder explanations (#62316) * [ML] Show better file structure finder explanations * more typescript changes * changing function format * fixing some types * fixing translation id * fix boom error reporting * changes based on review Co-authored-by: Elastic Machine --- x-pack/plugins/ml/common/types/errors.ts | 1 + .../ml/common/types/file_datavisualizer.ts | 65 ++++++++++++++ .../{about_panel.js => about_panel.tsx} | 14 ++-- .../about_panel/{index.js => index.ts} | 0 ...welcome_content.js => welcome_content.tsx} | 25 +++--- ...alysis_summary.js => analysis_summary.tsx} | 11 +-- .../analysis_summary/{index.js => index.ts} | 0 ...mental_badge.js => experimental_badge.tsx} | 6 +- .../experimental_badge/{index.js => index.ts} | 0 .../explanation_flyout/explanation_flyout.tsx | 82 ++++++++++++++++++ .../index.js => explanation_flyout/index.ts} | 2 +- .../{file_contents.js => file_contents.tsx} | 16 ++-- .../file_contents/{index.js => index.ts} | 0 .../file_datavisualizer_view.js | 45 ++++++---- ...or_callouts.js => file_error_callouts.tsx} | 45 ++++++++-- .../import_errors/{errors.js => errors.tsx} | 36 ++++---- .../import_errors/{index.js => index.ts} | 0 ...import_progress.js => import_progress.tsx} | 34 +++++--- .../components/import_progress/index.ts | 7 ++ .../{advanced.js => advanced.tsx} | 46 +++++++--- ...import_settings.js => import_settings.tsx} | 22 ++++- .../import_settings/{index.js => index.ts} | 0 .../import_settings/{simple.js => simple.tsx} | 13 ++- .../{import_summary.js => import_summary.tsx} | 46 +++++++--- .../import_summary/{index.js => index.ts} | 0 .../components/import_view/import_view.js | 1 - .../importer/{importer.js => importer.ts} | 84 +++++++++++++------ ...mporter_factory.js => importer_factory.ts} | 8 +- .../importer/{index.js => index.ts} | 0 ...essage_importer.js => message_importer.ts} | 31 ++++--- ...{ndjson_importer.js => ndjson_importer.ts} | 11 +-- .../results_view/{index.js => index.ts} | 0 .../{results_view.js => results_view.tsx} | 50 +++++++++-- .../components/utils/{index.js => index.ts} | 0 .../file_based/components/utils/overrides.js | 21 ----- .../components/utils/{utils.js => utils.ts} | 40 ++++++--- .../services/ml_api_service/datavisualizer.ts | 5 +- .../ml/server/client/elasticsearch_ml.ts | 4 +- .../plugins/ml/server/client/error_wrapper.ts | 8 +- .../file_data_visualizer.ts | 37 ++------ .../file_data_visualizer/import_data.ts | 39 +++------ .../models/file_data_visualizer/index.ts | 9 +- .../ml/server/routes/file_data_visualizer.ts | 12 +-- 43 files changed, 609 insertions(+), 267 deletions(-) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/{about_panel.js => about_panel.tsx} (91%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/{index.js => index.ts} (100%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/{welcome_content.js => welcome_content.tsx} (90%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/analysis_summary/{analysis_summary.js => analysis_summary.tsx} (89%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/analysis_summary/{index.js => index.ts} (100%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/experimental_badge/{experimental_badge.js => experimental_badge.tsx} (84%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/experimental_badge/{index.js => index.ts} (100%) create mode 100644 x-pack/plugins/ml/public/application/datavisualizer/file_based/components/explanation_flyout/explanation_flyout.tsx rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/{import_progress/index.js => explanation_flyout/index.ts} (78%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/{file_contents.js => file_contents.tsx} (83%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/{index.js => index.ts} (100%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_datavisualizer_view/{file_error_callouts.js => file_error_callouts.tsx} (73%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/{errors.js => errors.tsx} (85%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/{index.js => index.ts} (100%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/{import_progress.js => import_progress.tsx} (92%) create mode 100644 x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/index.ts rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/{advanced.js => advanced.tsx} (85%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/{import_settings.js => import_settings.tsx} (82%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/{index.js => index.ts} (100%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/{simple.js => simple.tsx} (88%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/{import_summary.js => import_summary.tsx} (86%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/{index.js => index.ts} (100%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/{importer.js => importer.ts} (73%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/{importer_factory.js => importer_factory.ts} (76%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/{index.js => index.ts} (100%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/{message_importer.js => message_importer.ts} (76%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/{ndjson_importer.js => ndjson_importer.ts} (71%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/{index.js => index.ts} (100%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/{results_view.js => results_view.tsx} (58%) rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/{index.js => index.ts} (100%) delete mode 100644 x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/overrides.js rename x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/{utils.js => utils.ts} (79%) diff --git a/x-pack/plugins/ml/common/types/errors.ts b/x-pack/plugins/ml/common/types/errors.ts index 63e222490082b..284250bd5ce55 100644 --- a/x-pack/plugins/ml/common/types/errors.ts +++ b/x-pack/plugins/ml/common/types/errors.ts @@ -9,6 +9,7 @@ export interface ErrorResponse { statusCode: number; error: string; message: string; + attributes?: any; }; name: string; } diff --git a/x-pack/plugins/ml/common/types/file_datavisualizer.ts b/x-pack/plugins/ml/common/types/file_datavisualizer.ts index bc03f82673a1f..f771547b97811 100644 --- a/x-pack/plugins/ml/common/types/file_datavisualizer.ts +++ b/x-pack/plugins/ml/common/types/file_datavisualizer.ts @@ -4,6 +4,21 @@ * you may not use this file except in compliance with the Elastic License. */ +export interface InputOverrides { + [key: string]: string; +} + +export type FormattedOverrides = InputOverrides & { + column_names: string[]; + has_header_row: boolean; + should_trim_fields: boolean; +}; + +export interface AnalysisResult { + results: FindFileStructureResponse; + overrides?: FormattedOverrides; +} + export interface FindFileStructureResponse { charset: string; has_header_row: boolean; @@ -28,4 +43,54 @@ export interface FindFileStructureResponse { need_client_timezone: boolean; num_lines_analyzed: number; column_names: string[]; + explanation?: string[]; + grok_pattern?: string; + multiline_start_pattern?: string; + exclude_lines_pattern?: string; + java_timestamp_formats?: string[]; + joda_timestamp_formats?: string[]; + timestamp_field?: string; + should_trim_fields?: boolean; +} + +export interface ImportResponse { + success: boolean; + id: string; + index?: string; + pipelineId?: string; + docCount: number; + failures: ImportFailure[]; + error?: any; + ingestError?: boolean; +} + +export interface ImportFailure { + item: number; + reason: string; + doc: Doc; +} + +export interface Doc { + message: string; +} + +export interface Settings { + pipeline?: string; + index: string; + body: any[]; + [key: string]: any; +} + +export interface Mappings { + [key: string]: any; +} + +export interface IngestPipelineWrapper { + id: string; + pipeline: IngestPipeline; +} + +export interface IngestPipeline { + description: string; + processors: any[]; } diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/about_panel.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/about_panel.tsx similarity index 91% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/about_panel.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/about_panel.tsx index edecc925591d3..2bddf0de0499d 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/about_panel.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/about_panel.tsx @@ -6,7 +6,7 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; import { EuiFlexGroup, @@ -23,7 +23,11 @@ import { import { WelcomeContent } from './welcome_content'; -export function AboutPanel({ onFilePickerChange }) { +interface Props { + onFilePickerChange(files: FileList | null): void; +} + +export const AboutPanel: FC = ({ onFilePickerChange }) => { return ( @@ -54,9 +58,9 @@ export function AboutPanel({ onFilePickerChange }) { ); -} +}; -export function LoadingPanel() { +export const LoadingPanel: FC = () => { return ( @@ -79,4 +83,4 @@ export function LoadingPanel() { ); -} +}; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/welcome_content.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/welcome_content.tsx similarity index 90% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/welcome_content.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/welcome_content.tsx index 73d12122879f8..c56ab021e2f2f 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/welcome_content.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/about_panel/welcome_content.tsx @@ -5,7 +5,8 @@ */ import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; +import { i18n } from '@kbn/i18n'; import { EuiFlexGroup, @@ -19,7 +20,14 @@ import { import { ExperimentalBadge } from '../experimental_badge'; -export function WelcomeContent() { +export const WelcomeContent: FC = () => { + const toolTipContent = i18n.translate( + 'xpack.ml.fileDatavisualizer.welcomeContent.experimentalFeatureTooltip', + { + defaultMessage: "Experimental feature. We'd love to hear your feedback.", + } + ); + return ( @@ -32,16 +40,7 @@ export function WelcomeContent() { id="xpack.ml.fileDatavisualizer.welcomeContent.visualizeDataFromLogFileTitle" defaultMessage="Visualize data from a log file {experimentalBadge}" values={{ - experimentalBadge: ( - - } - /> - ), + experimentalBadge: , }} /> @@ -144,4 +143,4 @@ export function WelcomeContent() { ); -} +}; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/analysis_summary/analysis_summary.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/analysis_summary/analysis_summary.tsx similarity index 89% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/analysis_summary/analysis_summary.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/analysis_summary/analysis_summary.tsx index b3bf4ea4daf83..b80db3b27fa7e 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/analysis_summary/analysis_summary.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/analysis_summary/analysis_summary.tsx @@ -5,11 +5,12 @@ */ import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; import { EuiTitle, EuiSpacer, EuiDescriptionList } from '@elastic/eui'; +import { FindFileStructureResponse } from '../../../../../../common/types/file_datavisualizer'; -export function AnalysisSummary({ results }) { +export const AnalysisSummary: FC<{ results: FindFileStructureResponse }> = ({ results }) => { const items = createDisplayItems(results); return ( @@ -28,10 +29,10 @@ export function AnalysisSummary({ results }) { ); -} +}; -function createDisplayItems(results) { - const items = [ +function createDisplayItems(results: FindFileStructureResponse) { + const items: Array<{ title: any; description: string | number }> = [ { title: ( = ({ tooltipContent }) => { return ( ); -} +}; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/experimental_badge/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/experimental_badge/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/experimental_badge/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/experimental_badge/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/explanation_flyout/explanation_flyout.tsx b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/explanation_flyout/explanation_flyout.tsx new file mode 100644 index 0000000000000..8e44a296126b6 --- /dev/null +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/explanation_flyout/explanation_flyout.tsx @@ -0,0 +1,82 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React, { FC } from 'react'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { + EuiFlyout, + EuiFlyoutFooter, + EuiFlexGroup, + EuiFlexItem, + EuiFlyoutHeader, + EuiButtonEmpty, + EuiTitle, + EuiFlyoutBody, + EuiSpacer, + EuiText, + EuiSubSteps, +} from '@elastic/eui'; +import { FindFileStructureResponse } from '../../../../../../common/types/file_datavisualizer'; + +interface Props { + results: FindFileStructureResponse; + closeFlyout(): void; +} +export const ExplanationFlyout: FC = ({ results, closeFlyout }) => { + const explanation = results.explanation!; + return ( + + + +

+ +

+
+
+ + + + + + + + + + + + +
+ ); +}; + +const Content: FC<{ explanation: string[] }> = ({ explanation }) => ( + <> + + + + + +
    + {explanation.map((e, i) => ( +
  • + {e} + +
  • + ))} +
+
+
+ +); diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/explanation_flyout/index.ts similarity index 78% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/explanation_flyout/index.ts index f75d869f4667c..e288050403887 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/index.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/explanation_flyout/index.ts @@ -4,4 +4,4 @@ * you may not use this file except in compliance with the Elastic License. */ -export { ImportProgress, IMPORT_STATUS } from './import_progress'; +export { ExplanationFlyout } from './explanation_flyout'; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/file_contents.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/file_contents.tsx similarity index 83% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/file_contents.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/file_contents.tsx index ed5ab57a2588d..6564b9a1f4d83 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/file_contents.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/file_contents.tsx @@ -5,13 +5,19 @@ */ import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; import { EuiTitle, EuiSpacer } from '@elastic/eui'; import { MLJobEditor, ML_EDITOR_MODE } from '../../../../jobs/jobs_list/components/ml_job_editor'; -export function FileContents({ data, format, numberOfLines }) { +interface Props { + data: string; + format: string; + numberOfLines: number; +} + +export const FileContents: FC = ({ data, format, numberOfLines }) => { let mode = ML_EDITOR_MODE.TEXT; if (format === ML_EDITOR_MODE.JSON) { mode = ML_EDITOR_MODE.JSON; @@ -35,7 +41,7 @@ export function FileContents({ data, format, numberOfLines }) { id="xpack.ml.fileDatavisualizer.fileContents.firstLinesDescription" defaultMessage="First {numberOfLines, plural, zero {# line} one {# line} other {# lines}}" values={{ - numberOfLines: numberOfLines, + numberOfLines, }} />
@@ -51,9 +57,9 @@ export function FileContents({ data, format, numberOfLines }) { /> ); -} +}; -function limitByNumberOfLines(data, numberOfLines) { +function limitByNumberOfLines(data: string, numberOfLines: number) { return data .split('\n') .slice(0, numberOfLines) diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_contents/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_datavisualizer_view/file_datavisualizer_view.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_datavisualizer_view/file_datavisualizer_view.js index 12e5a14b51871..02f14a9e4553e 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_datavisualizer_view/file_datavisualizer_view.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/file_datavisualizer_view/file_datavisualizer_view.js @@ -17,9 +17,9 @@ import { BottomBar } from '../bottom_bar'; import { ResultsView } from '../results_view'; import { FileCouldNotBeRead, FileTooLarge } from './file_error_callouts'; import { EditFlyout } from '../edit_flyout'; +import { ExplanationFlyout } from '../explanation_flyout'; import { ImportView } from '../import_view'; import { MAX_BYTES } from '../../../../../../common/constants/file_datavisualizer'; -import { isErrorResponse } from '../../../../../../common/types/errors'; import { readFile, createUrlOverrides, @@ -42,12 +42,14 @@ export class FileDataVisualizerView extends Component { fileSize: 0, fileTooLarge: false, fileCouldNotBeRead: false, - serverErrorMessage: '', + serverError: null, loading: false, loaded: false, results: undefined, + explanation: undefined, mode: MODE.READ, isEditFlyoutVisible: false, + isExplanationFlyoutVisible: false, bottomBarVisible: false, hasPermissionToImport: false, }; @@ -78,8 +80,9 @@ export class FileDataVisualizerView extends Component { fileSize: 0, fileTooLarge: false, fileCouldNotBeRead: false, - serverErrorMessage: '', + serverError: null, results: undefined, + explanation: undefined, }, () => { if (files.length) { @@ -128,7 +131,7 @@ export class FileDataVisualizerView extends Component { console.log('overrides', overrides); const { analyzeFile } = ml.fileDatavisualizer; const resp = await analyzeFile(lessData, overrides); - const serverSettings = processResults(resp.results); + const serverSettings = processResults(resp); const serverOverrides = resp.overrides; this.previousOverrides = this.overrides; @@ -172,6 +175,7 @@ export class FileDataVisualizerView extends Component { this.setState({ results: resp.results, + explanation: resp.explanation, loaded: true, loading: false, fileCouldNotBeRead: isRetry, @@ -179,19 +183,13 @@ export class FileDataVisualizerView extends Component { } catch (error) { console.error(error); - let serverErrorMsg; - if (isErrorResponse(error) === true) { - serverErrorMsg = `${error.body.error}: ${error.body.message}`; - } else { - serverErrorMsg = JSON.stringify(error, null, 2); - } - this.setState({ results: undefined, + explanation: undefined, loaded: false, loading: false, fileCouldNotBeRead: true, - serverErrorMessage: serverErrorMsg, + serverError: error, }); // as long as the previous overrides are different to the current overrides, @@ -216,6 +214,16 @@ export class FileDataVisualizerView extends Component { this.hideBottomBar(); }; + closeExplanationFlyout = () => { + this.setState({ isExplanationFlyoutVisible: false }); + this.showBottomBar(); + }; + + showExplanationFlyout = () => { + this.setState({ isExplanationFlyoutVisible: true }); + this.hideBottomBar(); + }; + showBottomBar = () => { this.setState({ bottomBarVisible: true }); }; @@ -252,14 +260,16 @@ export class FileDataVisualizerView extends Component { loading, loaded, results, + explanation, fileContents, fileName, fileSize, fileTooLarge, fileCouldNotBeRead, - serverErrorMessage, + serverError, mode, isEditFlyoutVisible, + isExplanationFlyoutVisible, bottomBarVisible, hasPermissionToImport, } = this.state; @@ -281,7 +291,7 @@ export class FileDataVisualizerView extends Component { {fileCouldNotBeRead && loading === false && ( - + )} @@ -289,9 +299,12 @@ export class FileDataVisualizerView extends Component { {loaded && ( this.showEditFlyout()} + showExplanationFlyout={() => this.showExplanationFlyout()} + disableButtons={isEditFlyoutVisible || isExplanationFlyoutVisible} /> )} + {isExplanationFlyoutVisible && ( + + )} + {bottomBarVisible && loaded && ( = ({ fileSize, maxFileSize }) => { const fileSizeFormatted = numeral(fileSize).format(FILE_SIZE_DISPLAY_FORMAT); const maxFileSizeFormatted = numeral(maxFileSize).format(FILE_SIZE_DISPLAY_FORMAT); @@ -67,9 +73,15 @@ export function FileTooLarge({ fileSize, maxFileSize }) { {errorText} ); +}; + +interface FileCouldNotBeReadProps { + error: ErrorResponse; + loaded: boolean; } -export function FileCouldNotBeRead({ error, loaded }) { +export const FileCouldNotBeRead: FC = ({ error, loaded }) => { + const message = error.body.message; return ( - {error !== undefined &&

{error}

} + {message} + {loaded && ( -

+ <> + -

+ )}
); -} +}; + +export const Explanation: FC<{ error: ErrorResponse }> = ({ error }) => { + if (!error.body.attributes?.body?.error?.suppressed?.length) { + return null; + } + const reason: string = error.body.attributes.body.error.suppressed[0].reason; + return ( + <> + + {reason.split('\n').map((m, i) => ( +
{m}
+ ))} + + ); +}; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/errors.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/errors.tsx similarity index 85% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/errors.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/errors.tsx index 6629c0109feaf..f723ad1a752bf 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/errors.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/errors.tsx @@ -5,13 +5,24 @@ */ import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; +import { i18n } from '@kbn/i18n'; import { EuiCallOut, EuiAccordion } from '@elastic/eui'; -import { IMPORT_STATUS } from '../import_progress'; +import { IMPORT_STATUS, Statuses } from '../import_progress'; -export function ImportErrors({ errors, statuses }) { +interface ImportError { + msg: string; + more?: string; +} + +interface Props { + errors: any[]; + statuses: Statuses; +} + +export const ImportErrors: FC = ({ errors, statuses }) => { return ( {errors.map((e, i) => ( @@ -19,9 +30,9 @@ export function ImportErrors({ errors, statuses }) { ))} ); -} +}; -function title(statuses) { +function title(statuses: Statuses) { switch (IMPORT_STATUS.FAILED) { case statuses.readStatus: return ( @@ -82,7 +93,7 @@ function title(statuses) { } } -function ImportError(error, key) { +function ImportError(error: any, key: number) { const errorObj = toString(error); return ( @@ -106,7 +117,7 @@ function ImportError(error, key) { ); } -function toString(error) { +function toString(error: any): ImportError { if (typeof error === 'string') { return { msg: error }; } @@ -118,7 +129,7 @@ function toString(error) { if (typeof error.error === 'object') { if (error.error.msg !== undefined) { // this will catch a bulk ingest failure - const errorObj = { msg: error.error.msg }; + const errorObj: ImportError = { msg: error.error.msg }; if (error.error.body !== undefined) { errorObj.more = error.error.response; } @@ -139,11 +150,8 @@ function toString(error) { } return { - msg: ( - - ), + msg: i18n.translate('xpack.ml.fileDatavisualizer.importErrors.unknownErrorMessage', { + defaultMessage: 'Unknown error', + }), }; } diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_errors/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/import_progress.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/import_progress.tsx similarity index 92% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/import_progress.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/import_progress.tsx index 272ec2979ad2f..533fec4ac50c8 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/import_progress.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/import_progress.tsx @@ -6,17 +6,31 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; import { EuiStepsHorizontal, EuiProgress, EuiSpacer } from '@elastic/eui'; -export const IMPORT_STATUS = { - INCOMPLETE: 'incomplete', - COMPLETE: 'complete', - FAILED: 'danger', -}; +export enum IMPORT_STATUS { + INCOMPLETE = 'incomplete', + COMPLETE = 'complete', + FAILED = 'danger', +} + +export interface Statuses { + reading: boolean; + readStatus: IMPORT_STATUS; + parseJSONStatus: IMPORT_STATUS; + indexCreatedStatus: IMPORT_STATUS; + ingestPipelineCreatedStatus: IMPORT_STATUS; + indexPatternCreatedStatus: IMPORT_STATUS; + uploadProgress: number; + uploadStatus: IMPORT_STATUS; + createIndexPattern: boolean; + createPipeline: boolean; + permissionCheckStatus: IMPORT_STATUS; +} -export function ImportProgress({ statuses }) { +export const ImportProgress: FC<{ statuses: Statuses }> = ({ statuses }) => { const { reading, readStatus, @@ -271,9 +285,9 @@ export function ImportProgress({ statuses }) { )} ); -} +}; -function UploadFunctionProgress({ progress }) { +const UploadFunctionProgress: FC<{ progress: number }> = ({ progress }) => { return (

@@ -290,4 +304,4 @@ function UploadFunctionProgress({ progress }) { )} ); -} +}; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/index.ts b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/index.ts new file mode 100644 index 0000000000000..9b0c6ca2264cb --- /dev/null +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_progress/index.ts @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { ImportProgress, IMPORT_STATUS, Statuses } from './import_progress'; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/advanced.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/advanced.tsx similarity index 85% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/advanced.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/advanced.tsx index 14cbe67662ed6..a79a7d36f3294 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/advanced.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/advanced.tsx @@ -6,7 +6,7 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; import { EuiFieldText, @@ -20,7 +20,25 @@ import { import { MLJobEditor, ML_EDITOR_MODE } from '../../../../jobs/jobs_list/components/ml_job_editor'; const EDITOR_HEIGHT = '300px'; -export function AdvancedSettings({ +interface Props { + index: string; + indexPattern: string; + initialized: boolean; + onIndexChange(): void; + createIndexPattern: boolean; + onCreateIndexPatternChange(): void; + onIndexPatternChange(): void; + indexSettingsString: string; + mappingsString: string; + pipelineString: string; + onIndexSettingsStringChange(): void; + onMappingsStringChange(): void; + onPipelineStringChange(): void; + indexNameError: string; + indexPatternNameError: string; +} + +export const AdvancedSettings: FC = ({ index, indexPattern, initialized, @@ -36,7 +54,7 @@ export function AdvancedSettings({ onPipelineStringChange, indexNameError, indexPatternNameError, -}) { +}) => { return ( } - disabled={createIndexPattern === false || initialized === true} isInvalid={indexPatternNameError !== ''} error={[indexPatternNameError]} > @@ -133,9 +150,15 @@ export function AdvancedSettings({ ); +}; + +interface JsonEditorProps { + initialized: boolean; + data: string; + onChange(): void; } -function IndexSettings({ initialized, data, onChange }) { +const IndexSettings: FC = ({ initialized, data, onChange }) => { return ( } - disabled={initialized === true} fullWidth > ); -} +}; -function Mappings({ initialized, data, onChange }) { +const Mappings: FC = ({ initialized, data, onChange }) => { return ( } - disabled={initialized === true} fullWidth > ); -} +}; -function IngestPipeline({ initialized, data, onChange }) { +const IngestPipeline: FC = ({ initialized, data, onChange }) => { return ( } - disabled={initialized === true} fullWidth > ); -} +}; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/import_settings.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/import_settings.tsx similarity index 82% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/import_settings.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/import_settings.tsx index ba637c472333d..02cf647caaf16 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/import_settings.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/import_settings.tsx @@ -5,14 +5,32 @@ */ import { i18n } from '@kbn/i18n'; -import React from 'react'; +import React, { FC } from 'react'; import { EuiTabbedContent, EuiSpacer } from '@elastic/eui'; import { SimpleSettings } from './simple'; import { AdvancedSettings } from './advanced'; -export const ImportSettings = ({ +interface Props { + index: string; + indexPattern: string; + initialized: boolean; + onIndexChange(): void; + createIndexPattern: boolean; + onCreateIndexPatternChange(): void; + onIndexPatternChange(): void; + indexSettingsString: string; + mappingsString: string; + pipelineString: string; + onIndexSettingsStringChange(): void; + onMappingsStringChange(): void; + onPipelineStringChange(): void; + indexNameError: string; + indexPatternNameError: string; +} + +export const ImportSettings: FC = ({ index, indexPattern, initialized, diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/simple.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/simple.tsx similarity index 88% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/simple.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/simple.tsx index 271b9493aa1f3..1e716824729e3 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/simple.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_settings/simple.tsx @@ -6,11 +6,20 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; import { EuiFieldText, EuiFormRow, EuiCheckbox, EuiSpacer } from '@elastic/eui'; -export const SimpleSettings = ({ +interface Props { + index: string; + initialized: boolean; + onIndexChange(): void; + createIndexPattern: boolean; + onCreateIndexPatternChange(): void; + indexNameError: string; +} + +export const SimpleSettings: FC = ({ index, initialized, onIndexChange, diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/import_summary.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/import_summary.tsx similarity index 86% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/import_summary.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/import_summary.tsx index 0e67807a39fd9..6ee17d401bd70 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/import_summary.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/import_summary.tsx @@ -5,11 +5,29 @@ */ import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; +import React, { FC } from 'react'; import { EuiSpacer, EuiDescriptionList, EuiCallOut, EuiAccordion } from '@elastic/eui'; -export function ImportSummary({ +interface Props { + index: string; + indexPattern: string; + ingestPipelineId: string; + docCount: number; + importFailures: DocFailure[]; + createIndexPattern: boolean; + createPipeline: boolean; +} + +interface DocFailure { + item: number; + reason: string; + doc: { + message: string; + }; +} + +export const ImportSummary: FC = ({ index, indexPattern, ingestPipelineId, @@ -17,7 +35,7 @@ export function ImportSummary({ importFailures, createIndexPattern, createPipeline, -}) { +}) => { const items = createDisplayItems( index, indexPattern, @@ -75,9 +93,13 @@ export function ImportSummary({ )} ); +}; + +interface FailuresProps { + failedDocs: DocFailure[]; } -function Failures({ failedDocs }) { +const Failures: FC = ({ failedDocs }) => { return ( ); -} +}; function createDisplayItems( - index, - indexPattern, - ingestPipelineId, - docCount, - importFailures, - createIndexPattern, - createPipeline + index: string, + indexPattern: string, + ingestPipelineId: string, + docCount: number, + importFailures: DocFailure[], + createIndexPattern: boolean, + createPipeline: boolean ) { const items = [ { diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_summary/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/import_view.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/import_view.js index 0a58153e374df..4c9579bfd4b46 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/import_view.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/import_view.js @@ -623,7 +623,6 @@ async function createKibanaIndexPattern( id, }; } catch (error) { - console.error(error); return { success: false, error, diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer.ts similarity index 73% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer.ts index 27899a58beed2..c97f1c147c454 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer.ts @@ -4,30 +4,53 @@ * you may not use this file except in compliance with the Elastic License. */ -import { ml } from '../../../../../services/ml_api_service'; import { chunk } from 'lodash'; import moment from 'moment'; import { i18n } from '@kbn/i18n'; +import { ml } from '../../../../../services/ml_api_service'; +import { + Doc, + ImportFailure, + ImportResponse, + Mappings, + Settings, + IngestPipeline, +} from '../../../../../../../common/types/file_datavisualizer'; const CHUNK_SIZE = 5000; const MAX_CHUNK_CHAR_COUNT = 1000000; const IMPORT_RETRIES = 5; +export interface ImportConfig { + settings: Settings; + mappings: Mappings; + pipeline: IngestPipeline; +} + +export interface ImportResults { + success: boolean; + failures?: any[]; + docCount?: number; + error?: any; +} + export class Importer { - constructor({ settings, mappings, pipeline }) { - this.settings = settings; - this.mappings = mappings; - this.pipeline = pipeline; - - this.data = []; - this.docArray = []; - this.docSizeArray = []; + private _settings: Settings; + private _mappings: Mappings; + private _pipeline: IngestPipeline; + + protected _docArray: Doc[] = []; + + constructor({ settings, mappings, pipeline }: ImportConfig) { + this._settings = settings; + this._mappings = mappings; + this._pipeline = pipeline; } - async initializeImport(index) { - const settings = this.settings; - const mappings = this.mappings; - const pipeline = this.pipeline; + async initializeImport(index: string) { + const settings = this._settings; + const mappings = this._mappings; + const pipeline = this._pipeline; updatePipelineTimezone(pipeline); // if no pipeline has been supplied, @@ -52,7 +75,12 @@ export class Importer { return createIndexResp; } - async import(id, index, pipelineId, setImportProgress) { + async import( + id: string, + index: string, + pipelineId: string, + setImportProgress: (progress: number) => void + ): Promise { if (!id || !index) { return { success: false, @@ -65,14 +93,14 @@ export class Importer { }; } - const chunks = createDocumentChunks(this.docArray); + const chunks = createDocumentChunks(this._docArray); const ingestPipeline = { id: pipelineId, }; let success = true; - const failures = []; + const failures: ImportFailure[] = []; let error; for (let i = 0; i < chunks.length; i++) { @@ -86,10 +114,13 @@ export class Importer { }; let retries = IMPORT_RETRIES; - let resp = { + let resp: ImportResponse = { success: false, failures: [], docCount: 0, + id: '', + index: '', + pipelineId: '', }; while (resp.success === false && retries > 0) { @@ -97,12 +128,14 @@ export class Importer { resp = await ml.fileDatavisualizer.import(aggs); if (retries < IMPORT_RETRIES) { + // eslint-disable-next-line no-console console.log(`Retrying import ${IMPORT_RETRIES - retries}`); } retries--; } catch (err) { - resp = { success: false, error: err }; + resp.success = false; + resp.error = err; retries = 0; } } @@ -110,6 +143,7 @@ export class Importer { if (resp.success) { setImportProgress(((i + 1) / chunks.length) * 100); } else { + // eslint-disable-next-line no-console console.error(resp); success = false; error = resp.error; @@ -120,10 +154,10 @@ export class Importer { populateFailures(resp, failures, i); } - const result = { + const result: ImportResults = { success, failures, - docCount: this.docArray.length, + docCount: this._docArray.length, }; if (success) { @@ -136,7 +170,7 @@ export class Importer { } } -function populateFailures(error, failures, chunkCount) { +function populateFailures(error: ImportResponse, failures: ImportFailure[], chunkCount: number) { if (error.failures && error.failures.length) { // update the item value to include the chunk count // e.g. item 3 in chunk 2 is actually item 20003 @@ -155,10 +189,10 @@ function populateFailures(error, failures, chunkCount) { // But it's not sending every single field that Filebeat would add, so the ingest pipeline // cannot look for a event.timezone variable in each input record. // Therefore we need to replace {{ event.timezone }} with the actual browser timezone -function updatePipelineTimezone(ingestPipeline) { +function updatePipelineTimezone(ingestPipeline: IngestPipeline) { if (ingestPipeline !== undefined && ingestPipeline.processors && ingestPipeline.processors) { const dateProcessor = ingestPipeline.processors.find( - p => p.date !== undefined && p.date.timezone === '{{ event.timezone }}' + (p: any) => p.date !== undefined && p.date.timezone === '{{ event.timezone }}' ); if (dateProcessor) { @@ -167,8 +201,8 @@ function updatePipelineTimezone(ingestPipeline) { } } -function createDocumentChunks(docArray) { - const chunks = []; +function createDocumentChunks(docArray: Doc[]) { + const chunks: Doc[][] = []; // chop docArray into 5000 doc chunks const tempChunks = chunk(docArray, CHUNK_SIZE); diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer_factory.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer_factory.ts similarity index 76% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer_factory.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer_factory.ts index 381e8ef604452..a656b19220368 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer_factory.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/importer_factory.ts @@ -6,8 +6,14 @@ import { MessageImporter } from './message_importer'; import { NdjsonImporter } from './ndjson_importer'; +import { ImportConfig } from './importer'; +import { FindFileStructureResponse } from '../../../../../../../common/types/file_datavisualizer'; -export function importerFactory(format, results, settings) { +export function importerFactory( + format: string, + results: FindFileStructureResponse, + settings: ImportConfig +) { switch (format) { // delimited and semi-structured text are both handled by splitting the // file into messages, then sending these to ES for further processing diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/message_importer.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/message_importer.ts similarity index 76% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/message_importer.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/message_importer.ts index c2d3ac69f0963..7ccc5a8d673f4 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/message_importer.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/message_importer.ts @@ -4,17 +4,24 @@ * you may not use this file except in compliance with the Elastic License. */ -import { Importer } from './importer'; +import { Importer, ImportConfig } from './importer'; +import { + Doc, + FindFileStructureResponse, +} from '../../../../../../../common/types/file_datavisualizer'; export class MessageImporter extends Importer { - constructor(results, settings) { + private _excludeLinesRegex: RegExp | null; + private _multilineStartRegex: RegExp | null; + + constructor(results: FindFileStructureResponse, settings: ImportConfig) { super(settings); - this.excludeLinesRegex = + this._excludeLinesRegex = results.exclude_lines_pattern === undefined ? null : new RegExp(results.exclude_lines_pattern); - this.multilineStartRegex = + this._multilineStartRegex = results.multiline_start_pattern === undefined ? null : new RegExp(results.multiline_start_pattern); @@ -26,9 +33,9 @@ export class MessageImporter extends Importer { // multiline_start_pattern regex // if it does, it is a legitimate end of line and can be pushed into the list, // if not, it must be a newline char inside a field value, so keep looking. - read(text) { + read(text: string) { try { - const data = []; + const data: Doc[] = []; let message = ''; let line = ''; @@ -57,14 +64,12 @@ export class MessageImporter extends Importer { data.shift(); } - this.data = data; - this.docArray = this.data; + this._docArray = data; return { success: true, }; } catch (error) { - console.error(error); return { success: false, error, @@ -72,9 +77,9 @@ export class MessageImporter extends Importer { } } - processLine(data, message, line) { - if (this.excludeLinesRegex === null || line.match(this.excludeLinesRegex) === null) { - if (this.multilineStartRegex === null || line.match(this.multilineStartRegex) !== null) { + processLine(data: Doc[], message: string, line: string) { + if (this._excludeLinesRegex === null || line.match(this._excludeLinesRegex) === null) { + if (this._multilineStartRegex === null || line.match(this._multilineStartRegex) !== null) { this.addMessage(data, message); message = ''; } else if (data.length === 0) { @@ -90,7 +95,7 @@ export class MessageImporter extends Importer { return message; } - addMessage(data, message) { + addMessage(data: Doc[], message: string) { // if the message ended \r\n (Windows line endings) // then omit the \r as well as the \n for consistency message = message.replace(/\r$/, ''); diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/ndjson_importer.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/ndjson_importer.ts similarity index 71% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/ndjson_importer.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/ndjson_importer.ts index 887bf1a41200a..7f5f37abc5246 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/ndjson_importer.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/import_view/importer/ndjson_importer.ts @@ -4,18 +4,19 @@ * you may not use this file except in compliance with the Elastic License. */ -import { Importer } from './importer'; +import { Importer, ImportConfig } from './importer'; +import { FindFileStructureResponse } from '../../../../../../../common/types/file_datavisualizer'; export class NdjsonImporter extends Importer { - constructor(results, settings) { + constructor(results: FindFileStructureResponse, settings: ImportConfig) { super(settings); } - read(json) { + read(json: string) { try { const splitJson = json.split(/}\s*\n/); - const ndjson = []; + const ndjson: any[] = []; for (let i = 0; i < splitJson.length; i++) { if (splitJson[i] !== '') { // note the extra } at the end of the line, adding back @@ -24,7 +25,7 @@ export class NdjsonImporter extends Importer { } } - this.docArray = ndjson; + this._docArray = ndjson; return { success: true, diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/results_view.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/results_view.tsx similarity index 58% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/results_view.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/results_view.tsx index 96116e5cefa01..f9de03c119d28 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/results_view.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/results_view/results_view.tsx @@ -7,10 +7,10 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; - +import React, { FC } from 'react'; import { EuiButton, + EuiButtonEmpty, EuiPage, EuiPageBody, EuiPageContentHeader, @@ -18,13 +18,33 @@ import { EuiTabbedContent, EuiSpacer, EuiTitle, + EuiFlexGroup, + EuiFlexItem, } from '@elastic/eui'; +import { FindFileStructureResponse } from '../../../../../../common/types/file_datavisualizer'; import { FileContents } from '../file_contents'; import { AnalysisSummary } from '../analysis_summary'; +// @ts-ignore import { FieldsStats } from '../fields_stats'; -export const ResultsView = ({ data, fileName, results, showEditFlyout }) => { +interface Props { + data: string; + fileName: string; + results: FindFileStructureResponse; + showEditFlyout(): void; + showExplanationFlyout(): void; + disableButtons: boolean; +} + +export const ResultsView: FC = ({ + data, + fileName, + results, + showEditFlyout, + showExplanationFlyout, + disableButtons, +}) => { const tabs = [ { id: 'file-stats', @@ -60,12 +80,24 @@ export const ResultsView = ({ data, fileName, results, showEditFlyout }) => { - showEditFlyout()}> - - + + + showEditFlyout()} disabled={disableButtons}> + + + + + showExplanationFlyout()} disabled={disableButtons}> + + + + diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/index.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/index.ts similarity index 100% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/index.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/index.ts diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/overrides.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/overrides.js deleted file mode 100644 index f8a90c87b9dc8..0000000000000 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/overrides.js +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export const DEFAULT_LINES_TO_SAMPLE = 1000; - -export const overrideDefaults = { - timestampFormat: undefined, - timestampField: undefined, - format: undefined, - delimiter: undefined, - quote: undefined, - hasHeaderRow: undefined, - charset: undefined, - columnNames: undefined, - shouldTrimFields: undefined, - grokPattern: undefined, - linesToSample: undefined, -}; diff --git a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/utils.js b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/utils.ts similarity index 79% rename from x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/utils.js rename to x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/utils.ts index 39cd25ba87d8c..5048065ae60fa 100644 --- a/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/utils.js +++ b/x-pack/plugins/ml/public/application/datavisualizer/file_based/components/utils/utils.ts @@ -4,11 +4,27 @@ * you may not use this file except in compliance with the Elastic License. */ -import { overrideDefaults, DEFAULT_LINES_TO_SAMPLE } from './overrides'; import { isEqual } from 'lodash'; import { ml } from '../../../../services/ml_api_service'; - -export function readFile(file) { +import { AnalysisResult, InputOverrides } from '../../../../../../common/types/file_datavisualizer'; + +const DEFAULT_LINES_TO_SAMPLE = 1000; + +const overrideDefaults = { + timestampFormat: undefined, + timestampField: undefined, + format: undefined, + delimiter: undefined, + quote: undefined, + hasHeaderRow: undefined, + charset: undefined, + columnNames: undefined, + shouldTrimFields: undefined, + grokPattern: undefined, + linesToSample: undefined, +}; + +export function readFile(file: File) { return new Promise((resolve, reject) => { if (file && file.size) { const reader = new FileReader(); @@ -23,14 +39,14 @@ export function readFile(file) { resolve({ data }); } }; - })(file); + })(); } else { reject(); } }); } -export function reduceData(data, mb) { +export function reduceData(data: string, mb: number) { // assuming ascii characters in the file where 1 char is 1 byte // TODO - change this when other non UTF-8 formats are // supported for the read data @@ -38,8 +54,8 @@ export function reduceData(data, mb) { return data.length >= size ? data.slice(0, size) : data; } -export function createUrlOverrides(overrides, originalSettings) { - const formattedOverrides = {}; +export function createUrlOverrides(overrides: InputOverrides, originalSettings: InputOverrides) { + const formattedOverrides: InputOverrides = {}; for (const o in overrideDefaults) { if (overrideDefaults.hasOwnProperty(o)) { let value = overrides[o]; @@ -93,15 +109,15 @@ export function createUrlOverrides(overrides, originalSettings) { return formattedOverrides; } -export function processResults(results) { +export function processResults({ results, overrides }: AnalysisResult) { const timestampFormat = results.java_timestamp_formats !== undefined && results.java_timestamp_formats.length ? results.java_timestamp_formats[0] : undefined; const linesToSample = - results.overrides !== undefined && results.overrides.lines_to_sample !== undefined - ? results.overrides.lines_to_sample + overrides !== undefined && overrides.lines_to_sample !== undefined + ? overrides.lines_to_sample : DEFAULT_LINES_TO_SAMPLE; return { @@ -125,8 +141,8 @@ export function processResults(results) { * @param {string} indexName * @returns {Promise} */ -export async function hasImportPermission(indexName) { - const priv = { +export async function hasImportPermission(indexName: string) { + const priv: { cluster: string[]; index?: any } = { cluster: ['cluster:monitor/nodes/info', 'cluster:admin/ingest/pipeline/put'], }; diff --git a/x-pack/plugins/ml/public/application/services/ml_api_service/datavisualizer.ts b/x-pack/plugins/ml/public/application/services/ml_api_service/datavisualizer.ts index 9b492530d303d..20332546d9cde 100644 --- a/x-pack/plugins/ml/public/application/services/ml_api_service/datavisualizer.ts +++ b/x-pack/plugins/ml/public/application/services/ml_api_service/datavisualizer.ts @@ -7,6 +7,7 @@ import { http } from '../http_service'; import { basePath } from './index'; +import { ImportResponse } from '../../../../common/types/file_datavisualizer'; export const fileDatavisualizer = { analyzeFile(file: string, params: Record = {}) { @@ -27,7 +28,7 @@ export const fileDatavisualizer = { mappings, ingestPipeline, }: { - id: string; + id: string | undefined; index: string; data: any; settings: any; @@ -43,7 +44,7 @@ export const fileDatavisualizer = { ingestPipeline, }); - return http({ + return http({ path: `${basePath()}/file_data_visualizer/import`, method: 'POST', query, diff --git a/x-pack/plugins/ml/server/client/elasticsearch_ml.ts b/x-pack/plugins/ml/server/client/elasticsearch_ml.ts index caedaed92e5b1..d5c7882a30d20 100644 --- a/x-pack/plugins/ml/server/client/elasticsearch_ml.ts +++ b/x-pack/plugins/ml/server/client/elasticsearch_ml.ts @@ -740,7 +740,7 @@ export const elasticsearchJsPlugin = (Client: any, config: any, components: any) urls: [ { fmt: - '/_ml/find_file_structure?&charset=<%=charset%>&format=<%=format%>&has_header_row=<%=has_header_row%>&column_names=<%=column_names%>&delimiter=<%=delimiter%>"e=<%=quote%>&should_trim_fields=<%=should_trim_fields%>&grok_pattern=<%=grok_pattern%>×tamp_field=<%=timestamp_field%>×tamp_format=<%=timestamp_format%>&lines_to_sample=<%=lines_to_sample%>', + '/_ml/find_file_structure?&explain=true&charset=<%=charset%>&format=<%=format%>&has_header_row=<%=has_header_row%>&column_names=<%=column_names%>&delimiter=<%=delimiter%>"e=<%=quote%>&should_trim_fields=<%=should_trim_fields%>&grok_pattern=<%=grok_pattern%>×tamp_field=<%=timestamp_field%>×tamp_format=<%=timestamp_format%>&lines_to_sample=<%=lines_to_sample%>', req: { charset: { type: 'string', @@ -778,7 +778,7 @@ export const elasticsearchJsPlugin = (Client: any, config: any, components: any) }, }, { - fmt: '/_ml/find_file_structure', + fmt: '/_ml/find_file_structure?&explain=true', }, ], needBody: true, diff --git a/x-pack/plugins/ml/server/client/error_wrapper.ts b/x-pack/plugins/ml/server/client/error_wrapper.ts index 7f69173295482..de53e4d4345a9 100644 --- a/x-pack/plugins/ml/server/client/error_wrapper.ts +++ b/x-pack/plugins/ml/server/client/error_wrapper.ts @@ -9,9 +9,13 @@ import { ResponseError, CustomHttpResponseOptions } from 'kibana/server'; export function wrapError(error: any): CustomHttpResponseOptions { const boom = isBoom(error) ? error : boomify(error, { statusCode: error.status }); + const statusCode = boom.output.statusCode; return { - body: boom, + body: { + message: boom, + ...(statusCode !== 500 && error.body ? { attributes: { body: error.body } } : {}), + }, headers: boom.output.headers, - statusCode: boom.output.statusCode, + statusCode, }; } diff --git a/x-pack/plugins/ml/server/models/file_data_visualizer/file_data_visualizer.ts b/x-pack/plugins/ml/server/models/file_data_visualizer/file_data_visualizer.ts index 9af755c6918fb..d53378b886a99 100644 --- a/x-pack/plugins/ml/server/models/file_data_visualizer/file_data_visualizer.ts +++ b/x-pack/plugins/ml/server/models/file_data_visualizer/file_data_visualizer.ts @@ -4,40 +4,21 @@ * you may not use this file except in compliance with the Elastic License. */ -import Boom from 'boom'; import { APICaller } from 'kibana/server'; -import { FindFileStructureResponse } from '../../../common/types/file_datavisualizer'; +import { + AnalysisResult, + FormattedOverrides, + InputOverrides, +} from '../../../common/types/file_datavisualizer'; export type InputData = any[]; -export interface InputOverrides { - [key: string]: string; -} - -export type FormattedOverrides = InputOverrides & { - column_names: string[]; - has_header_row: boolean; - should_trim_fields: boolean; -}; - -export interface AnalysisResult { - results: FindFileStructureResponse; - overrides?: FormattedOverrides; -} - export function fileDataVisualizerProvider(callAsCurrentUser: APICaller) { async function analyzeFile(data: any, overrides: any): Promise { - let results = []; - - try { - results = await callAsCurrentUser('ml.fileStructure', { - body: data, - ...overrides, - }); - } catch (error) { - const err = error.message !== undefined ? error.message : error; - throw Boom.badRequest(err); - } + const results = await callAsCurrentUser('ml.fileStructure', { + body: data, + ...overrides, + }); const { hasOverrides, reducedOverrides } = formatOverrides(overrides); diff --git a/x-pack/plugins/ml/server/models/file_data_visualizer/import_data.ts b/x-pack/plugins/ml/server/models/file_data_visualizer/import_data.ts index ab8c702cbb12a..9d7009955124f 100644 --- a/x-pack/plugins/ml/server/models/file_data_visualizer/import_data.ts +++ b/x-pack/plugins/ml/server/models/file_data_visualizer/import_data.ts @@ -6,39 +6,24 @@ import { APICaller } from 'kibana/server'; import { INDEX_META_DATA_CREATED_BY } from '../../../common/constants/file_datavisualizer'; +import { + ImportResponse, + ImportFailure, + Settings, + Mappings, + IngestPipelineWrapper, +} from '../../../common/types/file_datavisualizer'; import { InputData } from './file_data_visualizer'; -export interface Settings { - pipeline?: string; - index: string; - body: any[]; - [key: string]: any; -} - -export interface Mappings { - [key: string]: any; -} - -export interface InjectPipeline { - id: string; - pipeline: any; -} - -interface Failure { - item: number; - reason: string; - doc: any; -} - export function importDataProvider(callAsCurrentUser: APICaller) { async function importData( id: string, index: string, settings: Settings, mappings: Mappings, - ingestPipeline: InjectPipeline, + ingestPipeline: IngestPipelineWrapper, data: InputData - ) { + ): Promise { let createdIndex; let createdPipelineId; const docCount = data.length; @@ -66,7 +51,7 @@ export function importDataProvider(callAsCurrentUser: APICaller) { createdPipelineId = pipelineId; } - let failures: Failure[] = []; + let failures: ImportFailure[] = []; if (data.length) { const resp = await indexData(index, createdPipelineId, data); if (resp.success === false) { @@ -144,7 +129,7 @@ export function importDataProvider(callAsCurrentUser: APICaller) { }; } } catch (error) { - let failures: Failure[] = []; + let failures: ImportFailure[] = []; let ingestError = false; if (error.errors !== undefined && Array.isArray(error.items)) { // an expected error where some or all of the bulk request @@ -169,7 +154,7 @@ export function importDataProvider(callAsCurrentUser: APICaller) { return await callAsCurrentUser('ingest.putPipeline', { id, body: pipeline }); } - function getFailures(items: any[], data: InputData): Failure[] { + function getFailures(items: any[], data: InputData): ImportFailure[] { const failures = []; for (let i = 0; i < items.length; i++) { const item = items[i]; diff --git a/x-pack/plugins/ml/server/models/file_data_visualizer/index.ts b/x-pack/plugins/ml/server/models/file_data_visualizer/index.ts index 94529dc111696..f8a27fdcd7e1a 100644 --- a/x-pack/plugins/ml/server/models/file_data_visualizer/index.ts +++ b/x-pack/plugins/ml/server/models/file_data_visualizer/index.ts @@ -4,11 +4,6 @@ * you may not use this file except in compliance with the Elastic License. */ -export { - fileDataVisualizerProvider, - InputOverrides, - InputData, - AnalysisResult, -} from './file_data_visualizer'; +export { fileDataVisualizerProvider, InputData } from './file_data_visualizer'; -export { importDataProvider, Settings, InjectPipeline, Mappings } from './import_data'; +export { importDataProvider } from './import_data'; diff --git a/x-pack/plugins/ml/server/routes/file_data_visualizer.ts b/x-pack/plugins/ml/server/routes/file_data_visualizer.ts index fcfd6e121c9f1..b915d13aa9720 100644 --- a/x-pack/plugins/ml/server/routes/file_data_visualizer.ts +++ b/x-pack/plugins/ml/server/routes/file_data_visualizer.ts @@ -7,15 +7,17 @@ import { schema } from '@kbn/config-schema'; import { RequestHandlerContext } from 'kibana/server'; import { MAX_BYTES } from '../../common/constants/file_datavisualizer'; -import { wrapError } from '../client/error_wrapper'; import { InputOverrides, + Settings, + IngestPipelineWrapper, + Mappings, +} from '../../common/types/file_datavisualizer'; +import { wrapError } from '../client/error_wrapper'; +import { InputData, fileDataVisualizerProvider, importDataProvider, - Settings, - InjectPipeline, - Mappings, } from '../models/file_data_visualizer'; import { RouteInitialization } from '../types'; @@ -32,7 +34,7 @@ function importData( index: string, settings: Settings, mappings: Mappings, - ingestPipeline: InjectPipeline, + ingestPipeline: IngestPipelineWrapper, data: InputData ) { const { importData: importDataFunc } = importDataProvider(context.ml!.mlClient.callAsCurrentUser); From d1911ec843d6de590b0c24feee3942face2d4935 Mon Sep 17 00:00:00 2001 From: Jean-Louis Leysens Date: Tue, 7 Apr 2020 09:52:22 +0200 Subject: [PATCH 11/36] Add label for ace editor (#62588) --- .../public/application/editor/editor.tsx | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/searchprofiler/public/application/editor/editor.tsx b/x-pack/plugins/searchprofiler/public/application/editor/editor.tsx index ece22905c64d9..27f040f3e9eec 100644 --- a/x-pack/plugins/searchprofiler/public/application/editor/editor.tsx +++ b/x-pack/plugins/searchprofiler/public/application/editor/editor.tsx @@ -5,6 +5,8 @@ */ import React, { memo, useRef, useEffect, useState } from 'react'; +import { i18n } from '@kbn/i18n'; +import { EuiScreenReaderOnly } from '@elastic/eui'; import { Editor as AceEditor } from 'brace'; import { initializeEditor } from './init_editor'; @@ -31,6 +33,8 @@ const createEditorShim = (aceEditor: AceEditor) => { }; }; +const EDITOR_INPUT_ID = 'SearchProfilerTextArea'; + export const Editor = memo(({ licenseEnabled, initialValue, onEditorReady }: Props) => { const containerRef = useRef(null as any); const editorInstanceRef = useRef(null as any); @@ -43,10 +47,25 @@ export const Editor = memo(({ licenseEnabled, initialValue, onEditorReady }: Pro const divEl = containerRef.current; editorInstanceRef.current = initializeEditor({ el: divEl, licenseEnabled }); editorInstanceRef.current.setValue(initialValue, 1); + const textarea = divEl.querySelector('textarea'); + if (textarea) { + textarea.setAttribute('id', EDITOR_INPUT_ID); + } setTextArea(licenseEnabled ? containerRef.current!.querySelector('textarea') : null); onEditorReady(createEditorShim(editorInstanceRef.current)); }, [initialValue, onEditorReady, licenseEnabled]); - return

; + return ( + <> + + + +
+ + ); }); From 3a9e7be8bfae330489c9782e34e6327a9866ba1c Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Tue, 7 Apr 2020 11:08:54 +0200 Subject: [PATCH 12/36] [Lens] Remove all legacy imports (#62596) * Remove all legacy imports * Fix import --- .../public/editor_frame_service/service.test.tsx | 1 - .../lens/public/helpers/url_helper.test.ts | 2 +- .../plugins/lens/public/helpers/url_helper.ts | 2 +- x-pack/legacy/plugins/lens/public/legacy.ts | 2 -- .../legacy/plugins/lens/public/legacy_imports.ts | 10 ---------- x-pack/legacy/plugins/lens/public/plugin.tsx | 15 ++++----------- 6 files changed, 6 insertions(+), 26 deletions(-) delete mode 100644 x-pack/legacy/plugins/lens/public/legacy_imports.ts diff --git a/x-pack/legacy/plugins/lens/public/editor_frame_service/service.test.tsx b/x-pack/legacy/plugins/lens/public/editor_frame_service/service.test.tsx index 47fd810bb4c53..42a1fcc055a1e 100644 --- a/x-pack/legacy/plugins/lens/public/editor_frame_service/service.test.tsx +++ b/x-pack/legacy/plugins/lens/public/editor_frame_service/service.test.tsx @@ -17,7 +17,6 @@ import { CoreSetup } from 'kibana/public'; jest.mock('ui/new_platform'); // mock away actual dependencies to prevent all of it being loaded -jest.mock('../../../../../../src/legacy/core_plugins/interpreter/public/registries', () => {}); jest.mock('./embeddable/embeddable_factory', () => ({ EmbeddableFactory: class Mock {}, })); diff --git a/x-pack/legacy/plugins/lens/public/helpers/url_helper.test.ts b/x-pack/legacy/plugins/lens/public/helpers/url_helper.test.ts index 9c59c9a96d00f..ef960fb52952b 100644 --- a/x-pack/legacy/plugins/lens/public/helpers/url_helper.test.ts +++ b/x-pack/legacy/plugins/lens/public/helpers/url_helper.test.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -jest.mock('../legacy_imports', () => ({ +jest.mock('../../../../../../src/plugins/dashboard/public', () => ({ DashboardConstants: { ADD_EMBEDDABLE_ID: 'addEmbeddableId', ADD_EMBEDDABLE_TYPE: 'addEmbeddableType', diff --git a/x-pack/legacy/plugins/lens/public/helpers/url_helper.ts b/x-pack/legacy/plugins/lens/public/helpers/url_helper.ts index fca44195b98c4..3495c15118ce7 100644 --- a/x-pack/legacy/plugins/lens/public/helpers/url_helper.ts +++ b/x-pack/legacy/plugins/lens/public/helpers/url_helper.ts @@ -5,7 +5,7 @@ */ import { parseUrl, stringify } from 'query-string'; -import { DashboardConstants } from '../legacy_imports'; +import { DashboardConstants } from '../../../../../../src/plugins/dashboard/public'; type UrlVars = Record; diff --git a/x-pack/legacy/plugins/lens/public/legacy.ts b/x-pack/legacy/plugins/lens/public/legacy.ts index b7d47644c7f31..3b7b6a7a1b510 100644 --- a/x-pack/legacy/plugins/lens/public/legacy.ts +++ b/x-pack/legacy/plugins/lens/public/legacy.ts @@ -5,7 +5,6 @@ */ import { npSetup, npStart } from 'ui/new_platform'; -import { visualizations } from './legacy_imports'; export * from './types'; @@ -14,6 +13,5 @@ import { plugin } from './index'; const pluginInstance = plugin(); pluginInstance.setup(npSetup.core, { ...npSetup.plugins, - __LEGACY: { visualizations }, }); pluginInstance.start(npStart.core, npStart.plugins); diff --git a/x-pack/legacy/plugins/lens/public/legacy_imports.ts b/x-pack/legacy/plugins/lens/public/legacy_imports.ts deleted file mode 100644 index 0f37e460e2957..0000000000000 --- a/x-pack/legacy/plugins/lens/public/legacy_imports.ts +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { npSetup } from 'ui/new_platform'; -export const { visualizations } = npSetup.plugins; -export { VisualizationsSetup } from '../../../../../src/plugins/visualizations/public'; -export { DashboardConstants } from '../../../../../src/plugins/dashboard/public'; diff --git a/x-pack/legacy/plugins/lens/public/plugin.tsx b/x-pack/legacy/plugins/lens/public/plugin.tsx index 45817fdc3c05f..b426a12d07f9b 100644 --- a/x-pack/legacy/plugins/lens/public/plugin.tsx +++ b/x-pack/legacy/plugins/lens/public/plugin.tsx @@ -15,7 +15,9 @@ import { AppMountParameters, CoreSetup, CoreStart } from 'src/core/public'; import { DataPublicPluginSetup, DataPublicPluginStart } from 'src/plugins/data/public'; import { EmbeddableSetup, EmbeddableStart } from 'src/plugins/embeddable/public'; import { ExpressionsSetup, ExpressionsStart } from 'src/plugins/expressions/public'; +import { VisualizationsSetup } from 'src/plugins/visualizations/public'; import { KibanaLegacySetup } from 'src/plugins/kibana_legacy/public'; +import { DashboardConstants } from '../../../../../src/plugins/dashboard/public'; import { Storage } from '../../../../../src/plugins/kibana_utils/public'; import { EditorFrameService } from './editor_frame_service'; import { IndexPatternDatasource } from './indexpattern_datasource'; @@ -37,16 +39,13 @@ import { NOT_INTERNATIONALIZED_PRODUCT_NAME } from '../../../../plugins/lens/com import { addEmbeddableToDashboardUrl, getUrlVars } from './helpers'; import { EditorFrameStart } from './types'; import { getLensAliasConfig } from './vis_type_alias'; -import { VisualizationsSetup, DashboardConstants } from './legacy_imports'; export interface LensPluginSetupDependencies { kibanaLegacy: KibanaLegacySetup; expressions: ExpressionsSetup; data: DataPublicPluginSetup; embeddable: EmbeddableSetup; - __LEGACY: { - visualizations: VisualizationsSetup; - }; + visualizations: VisualizationsSetup; } export interface LensPluginStartDependencies { @@ -77,13 +76,7 @@ export class LensPlugin { setup( core: CoreSetup, - { - kibanaLegacy, - expressions, - data, - embeddable, - __LEGACY: { visualizations }, - }: LensPluginSetupDependencies + { kibanaLegacy, expressions, data, embeddable, visualizations }: LensPluginSetupDependencies ) { const editorFrameSetupInterface = this.editorFrameService.setup(core, { data, From afb8d8d7ce5f8f92f17f050b05215671f85432a7 Mon Sep 17 00:00:00 2001 From: Vadim Dalecky Date: Tue, 7 Apr 2020 12:19:21 +0200 Subject: [PATCH 13/36] =?UTF-8?q?fix:=20=F0=9F=90=9B=20correctly=20create?= =?UTF-8?q?=20error=20on=20no=5Fmatching=5Findices=20(#61257)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: 🐛 correctly create error on no_matching_indices * feat: 🎸 improve error type checking Co-authored-by: Elastic Machine --- .../index_patterns/index_patterns_api_client.ts | 2 +- .../data/server/index_patterns/routes.ts | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/plugins/data/public/index_patterns/index_patterns/index_patterns_api_client.ts b/src/plugins/data/public/index_patterns/index_patterns/index_patterns_api_client.ts index 4d4e8d8827b48..0007d1780c25b 100644 --- a/src/plugins/data/public/index_patterns/index_patterns/index_patterns_api_client.ts +++ b/src/plugins/data/public/index_patterns/index_patterns/index_patterns_api_client.ts @@ -45,7 +45,7 @@ export class IndexPatternsApiClient { query, }) .catch((resp: any) => { - if (resp.body.statusCode === 404 && resp.body.statuscode === 'no_matching_indices') { + if (resp.body.statusCode === 404 && resp.body.attributes?.code === 'no_matching_indices') { throw new IndexPatternMissingIndices(resp.body.message); } diff --git a/src/plugins/data/server/index_patterns/routes.ts b/src/plugins/data/server/index_patterns/routes.ts index 8f017a73083ec..8b9fa28c77165 100644 --- a/src/plugins/data/server/index_patterns/routes.ts +++ b/src/plugins/data/server/index_patterns/routes.ts @@ -70,7 +70,22 @@ export function registerRoutes(http: HttpServiceSetup) { }, }); } catch (error) { - return response.notFound(); + if ( + typeof error === 'object' && + !!error?.isBoom && + !!error?.output?.payload && + typeof error?.output?.payload === 'object' + ) { + const payload = error?.output?.payload; + return response.notFound({ + body: { + message: payload.message, + attributes: payload, + }, + }); + } else { + return response.notFound(); + } } } ); From fb0d0a583487a18985fe1c5725524faf59b83129 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Marcondes?= <55978943+cauemarcondes@users.noreply.github.com> Date: Tue, 7 Apr 2020 11:27:22 +0100 Subject: [PATCH 14/36] fixing APM internationalization (#62757) --- x-pack/plugins/translations/translations/ja-JP.json | 1 - x-pack/plugins/translations/translations/zh-CN.json | 1 - 2 files changed, 2 deletions(-) diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 79c1bbc49810b..2ae29202ede43 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -4531,7 +4531,6 @@ "xpack.apm.settings.apmIndices.spanIndicesLabel": "スパンインデックス", "xpack.apm.settings.apmIndices.title": "インデックス", "xpack.apm.settings.apmIndices.transactionIndicesLabel": "トランザクションインデックス", - "xpack.apm.settings.customizeUI": "UI をカスタマイズ", "xpack.apm.settings.customizeUI.customLink": "カスタムリンク", "xpack.apm.settings.customizeUI.customLink.create.failed": "リンクを保存できませんでした!", "xpack.apm.settings.customizeUI.customLink.create.failed.message": "リンクを保存するときに問題が発生しました。エラー: 「{errorMessage}」", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 77bf8f1467783..7f5df15dec83a 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -4532,7 +4532,6 @@ "xpack.apm.settings.apmIndices.spanIndicesLabel": "跨度索引", "xpack.apm.settings.apmIndices.title": "索引", "xpack.apm.settings.apmIndices.transactionIndicesLabel": "事务索引", - "xpack.apm.settings.customizeUI": "定制 UI", "xpack.apm.settings.customizeUI.customLink": "定制链接", "xpack.apm.settings.customizeUI.customLink.create.failed": "链接无法保存!", "xpack.apm.settings.customizeUI.customLink.create.failed.message": "保存链接时出现了问题。错误:“{errorMessage}”", From 008b0fda64ba340c8ec9dcbb3f7c57c5b07a8a8a Mon Sep 17 00:00:00 2001 From: Alexey Antonov Date: Tue, 7 Apr 2020 13:39:30 +0300 Subject: [PATCH 15/36] [data.search.aggs] Remove service getters from agg types (#61628) * [data.search.aggs] Remove service getters from agg types Part of #60333 * new portion of changes * pass dependencies to MetricAgg Type through constructor * update docs * refactoring buckets * remove unused mockDataServices * Remove service getters from metrics * Some fixes * remove temporary code * moved notifications to the getInternalStartServices * fixed karma lock * update docs * Fixed tests * fix broken CI * fix PR comment * fix typo Co-authored-by: Elastic Machine Co-authored-by: Uladzislau Lasitsa --- ...ibana-plugin-plugins-data-public.search.md | 2 +- .../new_platform/new_platform.karma_mock.js | 8 +- .../data/common/field_formats/mocks.ts | 17 +- .../data/public/field_formats/mocks.ts | 41 ++ src/plugins/data/public/mocks.ts | 8 +- src/plugins/data/public/plugin.ts | 9 + src/plugins/data/public/public.api.md | 20 +- .../public/search/aggs/agg_config.test.ts | 15 - .../public/search/aggs/agg_params.test.ts | 18 +- .../data/public/search/aggs/agg_params.ts | 6 +- .../data/public/search/aggs/agg_type.test.ts | 135 +++--- .../data/public/search/aggs/agg_type.ts | 30 +- .../data/public/search/aggs/agg_types.ts | 132 +++--- .../search/aggs/agg_types_registry.test.ts | 2 +- .../public/search/aggs/agg_types_registry.ts | 2 +- .../search/aggs/buckets/_interval_options.ts | 2 +- .../_terms_other_bucket_helper.test.ts | 8 +- .../buckets/_terms_other_bucket_helper.ts | 2 +- ..._bucket_agg_type.ts => bucket_agg_type.ts} | 12 +- .../create_filter/date_histogram.test.ts | 11 +- .../buckets/create_filter/date_range.test.ts | 11 +- .../aggs/buckets/create_filter/date_range.ts | 2 +- .../buckets/create_filter/filters.test.ts | 12 +- .../aggs/buckets/create_filter/filters.ts | 2 +- .../buckets/create_filter/histogram.test.ts | 14 +- .../aggs/buckets/create_filter/histogram.ts | 2 +- .../buckets/create_filter/ip_range.test.ts | 19 +- .../aggs/buckets/create_filter/ip_range.ts | 2 +- .../aggs/buckets/create_filter/range.test.ts | 21 +- .../aggs/buckets/create_filter/range.ts | 2 +- .../aggs/buckets/create_filter/terms.test.ts | 31 +- .../aggs/buckets/create_filter/terms.ts | 2 +- .../search/aggs/buckets/date_histogram.ts | 378 ++++++++-------- .../search/aggs/buckets/date_range.test.ts | 7 +- .../public/search/aggs/buckets/date_range.ts | 143 ++++--- .../data/public/search/aggs/buckets/filter.ts | 25 +- .../public/search/aggs/buckets/filters.ts | 125 +++--- .../search/aggs/buckets/geo_hash.test.ts | 32 +- .../public/search/aggs/buckets/geo_hash.ts | 161 +++---- .../public/search/aggs/buckets/geo_tile.ts | 82 ++-- .../search/aggs/buckets/histogram.test.ts | 56 +-- .../public/search/aggs/buckets/histogram.ts | 304 ++++++------- .../public/search/aggs/buckets/ip_range.ts | 126 +++--- .../buckets/migrate_include_exclude_format.ts | 2 +- .../public/search/aggs/buckets/range.test.ts | 18 +- .../data/public/search/aggs/buckets/range.ts | 137 +++--- .../aggs/buckets/significant_terms.test.ts | 33 +- .../search/aggs/buckets/significant_terms.ts | 101 +++-- .../public/search/aggs/buckets/terms.test.ts | 2 +- .../data/public/search/aggs/buckets/terms.ts | 402 +++++++++--------- .../data/public/search/aggs/index.test.ts | 14 +- .../data/public/search/aggs/metrics/avg.ts | 42 +- .../public/search/aggs/metrics/bucket_avg.ts | 50 ++- .../public/search/aggs/metrics/bucket_max.ts | 30 +- .../public/search/aggs/metrics/bucket_min.ts | 30 +- .../public/search/aggs/metrics/bucket_sum.ts | 30 +- .../public/search/aggs/metrics/cardinality.ts | 58 ++- .../data/public/search/aggs/metrics/count.ts | 56 ++- .../search/aggs/metrics/cumulative_sum.ts | 30 +- .../public/search/aggs/metrics/derivative.ts | 34 +- .../public/search/aggs/metrics/geo_bounds.ts | 34 +- .../search/aggs/metrics/geo_centroid.ts | 40 +- .../data/public/search/aggs/metrics/max.ts | 42 +- .../public/search/aggs/metrics/median.test.ts | 12 +- .../data/public/search/aggs/metrics/median.ts | 60 ++- .../search/aggs/metrics/metric_agg_type.ts | 19 +- .../data/public/search/aggs/metrics/min.ts | 42 +- .../public/search/aggs/metrics/moving_avg.ts | 70 +-- .../aggs/metrics/parent_pipeline.test.ts | 43 +- .../aggs/metrics/percentile_ranks.test.ts | 22 +- .../search/aggs/metrics/percentile_ranks.ts | 128 +++--- .../search/aggs/metrics/percentiles.test.ts | 18 +- .../public/search/aggs/metrics/percentiles.ts | 80 ++-- .../public/search/aggs/metrics/serial_diff.ts | 30 +- .../aggs/metrics/sibling_pipeline.test.ts | 42 +- .../search/aggs/metrics/std_deviation.test.ts | 20 +- .../search/aggs/metrics/std_deviation.ts | 66 +-- .../data/public/search/aggs/metrics/sum.ts | 48 ++- .../search/aggs/metrics/top_hit.test.ts | 49 ++- .../public/search/aggs/metrics/top_hit.ts | 392 +++++++++-------- .../search/aggs/param_types/field.test.ts | 55 ++- .../public/search/aggs/param_types/field.ts | 13 +- .../test_helpers/mock_agg_types_registry.ts | 10 +- .../data/public/search/search_service.ts | 6 +- src/plugins/data/public/types.ts | 9 + 85 files changed, 2596 insertions(+), 1862 deletions(-) create mode 100644 src/plugins/data/public/field_formats/mocks.ts rename src/plugins/data/public/search/aggs/buckets/{_bucket_agg_type.ts => bucket_agg_type.ts} (86%) diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.search.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.search.md index afb6ea88f9fad..78ac05b9fd386 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.search.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.search.md @@ -19,7 +19,7 @@ search: { intervalOptions: ({ display: string; val: string; - enabled(agg: import("./search/aggs/buckets/_bucket_agg_type").IBucketAggConfig): boolean | "" | undefined; + enabled(agg: import("./search/aggs/buckets/bucket_agg_type").IBucketAggConfig): boolean | "" | undefined; } | { display: string; val: string; diff --git a/src/legacy/ui/public/new_platform/new_platform.karma_mock.js b/src/legacy/ui/public/new_platform/new_platform.karma_mock.js index 25647e4a08897..f70ef069dd134 100644 --- a/src/legacy/ui/public/new_platform/new_platform.karma_mock.js +++ b/src/legacy/ui/public/new_platform/new_platform.karma_mock.js @@ -88,6 +88,9 @@ const mockCoreStart = { get: sinon.fake.returns(''), }, }, + notifications: { + toasts: {}, + }, i18n: {}, overlays: {}, savedObjects: { @@ -164,8 +167,11 @@ const mockAggTypesRegistry = () => { const registrySetup = registry.setup(); const aggTypes = getAggTypes({ uiSettings: mockCoreSetup.uiSettings, - notifications: mockCoreStart.notifications, query: querySetup, + getInternalStartServices: () => ({ + fieldFormats: getFieldFormatsRegistry(mockCoreStart), + notifications: mockCoreStart.notifications, + }), }); aggTypes.buckets.forEach(type => registrySetup.registerBucket(type)); aggTypes.metrics.forEach(type => registrySetup.registerMetric(type)); diff --git a/src/plugins/data/common/field_formats/mocks.ts b/src/plugins/data/common/field_formats/mocks.ts index bc38374e147cf..394d4c383032f 100644 --- a/src/plugins/data/common/field_formats/mocks.ts +++ b/src/plugins/data/common/field_formats/mocks.ts @@ -17,23 +17,14 @@ * under the License. */ -import { FieldFormat, IFieldFormatsRegistry } from '.'; - -const fieldFormatMock = ({ - convert: jest.fn(), - getConverterFor: jest.fn(), - getParamDefaults: jest.fn(), - param: jest.fn(), - params: jest.fn(), - toJSON: jest.fn(), - type: jest.fn(), - setupContentType: jest.fn(), -} as unknown) as FieldFormat; +import { IFieldFormatsRegistry } from '.'; export const fieldFormatsMock: IFieldFormatsRegistry = { getByFieldType: jest.fn(), getDefaultConfig: jest.fn(), - getDefaultInstance: jest.fn().mockImplementation(() => fieldFormatMock) as any, + getDefaultInstance: jest.fn().mockImplementation(() => ({ + getConverterFor: jest.fn().mockImplementation(() => (t: string) => t), + })) as any, getDefaultInstanceCacheResolver: jest.fn(), getDefaultInstancePlain: jest.fn(), getDefaultType: jest.fn(), diff --git a/src/plugins/data/public/field_formats/mocks.ts b/src/plugins/data/public/field_formats/mocks.ts new file mode 100644 index 0000000000000..ec1233a085bce --- /dev/null +++ b/src/plugins/data/public/field_formats/mocks.ts @@ -0,0 +1,41 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { FieldFormatsStart, FieldFormatsSetup, FieldFormatsService } from '.'; +import { fieldFormatsMock } from '../../common/field_formats/mocks'; + +type FieldFormatsServiceClientContract = PublicMethodsOf; + +const createSetupContractMock = () => fieldFormatsMock as FieldFormatsSetup; +const createStartContractMock = () => fieldFormatsMock as FieldFormatsStart; + +const createMock = () => { + const mocked: jest.Mocked = { + setup: jest.fn().mockReturnValue(createSetupContractMock()), + start: jest.fn().mockReturnValue(createStartContractMock()), + }; + + return mocked; +}; + +export const fieldFormatsServiceMock = { + create: createMock, + createSetupContract: createSetupContractMock, + createStartContract: createStartContractMock, +}; diff --git a/src/plugins/data/public/mocks.ts b/src/plugins/data/public/mocks.ts index e3fc0e97af09b..ea1c27550867e 100644 --- a/src/plugins/data/public/mocks.ts +++ b/src/plugins/data/public/mocks.ts @@ -17,8 +17,8 @@ * under the License. */ -import { Plugin, DataPublicPluginSetup, DataPublicPluginStart, IndexPatternsContract } from '.'; -import { fieldFormatsMock } from '../common/field_formats/mocks'; +import { Plugin, IndexPatternsContract } from '.'; +import { fieldFormatsServiceMock } from './field_formats/mocks'; import { searchSetupMock, searchStartMock } from './search/mocks'; import { queryServiceMock } from './query/mocks'; @@ -36,7 +36,7 @@ const createSetupContract = (): Setup => { return { autocomplete: autocompleteMock, search: searchSetupMock, - fieldFormats: fieldFormatsMock as DataPublicPluginSetup['fieldFormats'], + fieldFormats: fieldFormatsServiceMock.createSetupContract(), query: querySetupMock, }; }; @@ -49,7 +49,7 @@ const createStartContract = (): Start => { }, autocomplete: autocompleteMock, search: searchStartMock, - fieldFormats: fieldFormatsMock as DataPublicPluginStart['fieldFormats'], + fieldFormats: fieldFormatsServiceMock.createStartContract(), query: queryStartMock, ui: { IndexPatternSelect: jest.fn(), diff --git a/src/plugins/data/public/plugin.ts b/src/plugins/data/public/plugin.ts index 26587470adfd9..15067077afc43 100644 --- a/src/plugins/data/public/plugin.ts +++ b/src/plugins/data/public/plugin.ts @@ -30,6 +30,7 @@ import { DataPublicPluginStart, DataSetupDependencies, DataStartDependencies, + GetInternalStartServicesFn, } from './types'; import { AutocompleteService } from './autocomplete'; import { SearchService } from './search/search_service'; @@ -47,6 +48,8 @@ import { setQueryService, setSearchService, setUiSettings, + getFieldFormats, + getNotifications, } from './services'; import { createSearchBar } from './ui/search_bar/create_search_bar'; import { esaggs } from './search/expressions'; @@ -100,6 +103,11 @@ export class DataPublicPlugin implements Plugin ({ + fieldFormats: getFieldFormats(), + notifications: getNotifications(), + }); + const queryService = this.queryService.setup({ uiSettings: core.uiSettings, storage: this.storage, @@ -122,6 +130,7 @@ export class DataPublicPlugin implements Plugin { +export interface IDataPluginServices extends Partial { // (undocumented) appName: string; // (undocumented) data: DataPublicPluginStart; // (undocumented) - http: CoreStart_2['http']; + http: CoreStart['http']; // (undocumented) - notifications: CoreStart_2['notifications']; + notifications: CoreStart['notifications']; // (undocumented) - savedObjects: CoreStart_2['savedObjects']; + savedObjects: CoreStart['savedObjects']; // (undocumented) storage: IStorageWrapper; // (undocumented) - uiSettings: CoreStart_2['uiSettings']; + uiSettings: CoreStart['uiSettings']; } // Warning: (ae-missing-release-tag) "IEsSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) @@ -1094,7 +1094,7 @@ export type ISearch = // @public (undocumented) export interface ISearchContext { // (undocumented) - core: CoreStart; + core: CoreStart_2; // (undocumented) getSearchStrategy: (name: T) => TSearchStrategyProvider; } @@ -1307,7 +1307,7 @@ export class Plugin implements Plugin_2 { let indexPattern: IndexPattern; @@ -400,13 +398,6 @@ describe('AggConfig', () => { describe('#fieldFormatter - custom getFormat handler', () => { it('returns formatter from getFormat handler', () => { - setFieldFormats({ - ...dataPluginMock.createStartContract().fieldFormats, - getDefaultInstance: jest.fn().mockImplementation(() => ({ - getConverterFor: jest.fn().mockImplementation(() => (t: string) => t), - })) as any, - }); - const ac = new AggConfigs(indexPattern, [], { typesRegistry }); const configStates = { enabled: true, @@ -429,12 +420,6 @@ describe('AggConfig', () => { let aggConfig: AggConfig; beforeEach(() => { - setFieldFormats({ - ...dataPluginMock.createStartContract().fieldFormats, - getDefaultInstance: jest.fn().mockImplementation(() => ({ - getConverterFor: (t?: string) => t || identity, - })) as any, - }); indexPattern.fields.getByName = name => ({ format: { diff --git a/src/plugins/data/public/search/aggs/agg_params.test.ts b/src/plugins/data/public/search/aggs/agg_params.test.ts index b08fcf309e9ed..784be803e2644 100644 --- a/src/plugins/data/public/search/aggs/agg_params.test.ts +++ b/src/plugins/data/public/search/aggs/agg_params.test.ts @@ -22,12 +22,22 @@ import { BaseParamType } from './param_types/base'; import { FieldParamType } from './param_types/field'; import { OptionedParamType } from './param_types/optioned'; import { AggParamType } from '../aggs/param_types/agg'; +import { fieldFormatsServiceMock } from '../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../src/core/public/mocks'; +import { AggTypeDependencies } from './agg_type'; describe('AggParams class', () => { + const aggTypesDependencies: AggTypeDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; + describe('constructor args', () => { it('accepts an array of param defs', () => { const params = [{ name: 'one' }, { name: 'two' }] as AggParamType[]; - const aggParams = initParams(params); + const aggParams = initParams(params, aggTypesDependencies); expect(aggParams).toHaveLength(params.length); expect(Array.isArray(aggParams)).toBeTruthy(); @@ -37,7 +47,7 @@ describe('AggParams class', () => { describe('AggParam creation', () => { it('Uses the FieldParamType class for params with the name "field"', () => { const params = [{ name: 'field', type: 'field' }] as AggParamType[]; - const aggParams = initParams(params); + const aggParams = initParams(params, aggTypesDependencies); expect(aggParams).toHaveLength(params.length); expect(aggParams[0] instanceof FieldParamType).toBeTruthy(); @@ -50,7 +60,7 @@ describe('AggParams class', () => { type: 'optioned', }, ] as AggParamType[]; - const aggParams = initParams(params); + const aggParams = initParams(params, aggTypesDependencies); expect(aggParams).toHaveLength(params.length); expect(aggParams[0] instanceof OptionedParamType).toBeTruthy(); @@ -72,7 +82,7 @@ describe('AggParams class', () => { }, ] as AggParamType[]; - const aggParams = initParams(params); + const aggParams = initParams(params, aggTypesDependencies); expect(aggParams).toHaveLength(params.length); diff --git a/src/plugins/data/public/search/aggs/agg_params.ts b/src/plugins/data/public/search/aggs/agg_params.ts index 551cb81529a0a..e7b2f72bae656 100644 --- a/src/plugins/data/public/search/aggs/agg_params.ts +++ b/src/plugins/data/public/search/aggs/agg_params.ts @@ -26,6 +26,7 @@ import { BaseParamType } from './param_types/base'; import { AggConfig } from './agg_config'; import { IAggConfigs } from './agg_configs'; +import { AggTypeDependencies } from './agg_type'; const paramTypeMap = { field: FieldParamType, @@ -45,12 +46,13 @@ export interface AggParamOption { } export const initParams = ( - params: TAggParam[] + params: TAggParam[], + { getInternalStartServices }: AggTypeDependencies ): TAggParam[] => params.map((config: TAggParam) => { const Class = paramTypeMap[config.type] || paramTypeMap._default; - return new Class(config); + return new Class(config, { getInternalStartServices }); }) as TAggParam[]; /** diff --git a/src/plugins/data/public/search/aggs/agg_type.test.ts b/src/plugins/data/public/search/aggs/agg_type.test.ts index 3fb03dc31e2b2..0c9e110c34ae6 100644 --- a/src/plugins/data/public/search/aggs/agg_type.test.ts +++ b/src/plugins/data/public/search/aggs/agg_type.test.ts @@ -17,40 +17,49 @@ * under the License. */ -import { AggType, AggTypeConfig } from './agg_type'; +import { AggType, AggTypeConfig, AggTypeDependencies } from './agg_type'; import { IAggConfig } from './agg_config'; -import { mockDataServices } from './test_helpers'; -import { dataPluginMock } from '../../../public/mocks'; -import { setFieldFormats } from '../../../public/services'; +import { fieldFormatsServiceMock } from '../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../src/core/public/mocks'; describe('AggType Class', () => { + let dependencies: AggTypeDependencies; + beforeEach(() => { - mockDataServices(); + dependencies = { + getInternalStartServices: () => ({ + fieldFormats: { + ...fieldFormatsServiceMock.createStartContract(), + getDefaultInstance: jest.fn(() => 'default') as any, + }, + notifications: notificationServiceMock.createStartContract(), + }), + }; }); describe('constructor', () => { - it("requires a valid config object as it's first param", () => { + test("requires a valid config object as it's first param", () => { expect(() => { const aggConfig: AggTypeConfig = (undefined as unknown) as AggTypeConfig; - new AggType(aggConfig); + new AggType(aggConfig, dependencies); }).toThrowError(); }); describe('application of config properties', () => { - it('assigns the config value to itself', () => { + test('assigns the config value to itself', () => { const config: AggTypeConfig = { name: 'name', title: 'title', }; - const aggType = new AggType(config); + const aggType = new AggType(config, dependencies); expect(aggType.name).toBe('name'); expect(aggType.title).toBe('title'); }); describe('makeLabel', () => { - it('makes a function when the makeLabel config is not specified', () => { + test('makes a function when the makeLabel config is not specified', () => { const makeLabel = () => 'label'; const aggConfig = {} as IAggConfig; const config: AggTypeConfig = { @@ -59,7 +68,7 @@ describe('AggType Class', () => { makeLabel, }; - const aggType = new AggType(config); + const aggType = new AggType(config, dependencies); expect(aggType.makeLabel).toBe(makeLabel); expect(aggType.makeLabel(aggConfig)).toBe('label'); @@ -67,26 +76,32 @@ describe('AggType Class', () => { }); describe('getResponseAggs/getRequestAggs', () => { - it('copies the value', () => { + test('copies the value', () => { const testConfig = (aggConfig: IAggConfig) => [aggConfig]; - const aggType = new AggType({ - name: 'name', - title: 'title', - getResponseAggs: testConfig, - getRequestAggs: testConfig, - }); + const aggType = new AggType( + { + name: 'name', + title: 'title', + getResponseAggs: testConfig, + getRequestAggs: testConfig, + }, + dependencies + ); expect(aggType.getResponseAggs).toBe(testConfig); expect(aggType.getResponseAggs).toBe(testConfig); }); - it('defaults to noop', () => { + test('defaults to noop', () => { const aggConfig = {} as IAggConfig; - const aggType = new AggType({ - name: 'name', - title: 'title', - }); + const aggType = new AggType( + { + name: 'name', + title: 'title', + }, + dependencies + ); const responseAggs = aggType.getRequestAggs(aggConfig); expect(responseAggs).toBe(undefined); @@ -94,11 +109,14 @@ describe('AggType Class', () => { }); describe('params', () => { - it('defaults to AggParams object with JSON param', () => { - const aggType = new AggType({ - name: 'smart agg', - title: 'title', - }); + test('defaults to AggParams object with JSON param', () => { + const aggType = new AggType( + { + name: 'smart agg', + title: 'title', + }, + dependencies + ); expect(Array.isArray(aggType.params)).toBeTruthy(); expect(aggType.params.length).toBe(2); @@ -106,26 +124,32 @@ describe('AggType Class', () => { expect(aggType.params[1].name).toBe('customLabel'); }); - it('can disable customLabel', () => { - const aggType = new AggType({ - name: 'smart agg', - title: 'title', - customLabels: false, - }); + test('can disable customLabel', () => { + const aggType = new AggType( + { + name: 'smart agg', + title: 'title', + customLabels: false, + }, + dependencies + ); expect(aggType.params.length).toBe(1); expect(aggType.params[0].name).toBe('json'); }); - it('passes the params arg directly to the AggParams constructor', () => { + test('passes the params arg directly to the AggParams constructor', () => { const params = [{ name: 'one' }, { name: 'two' }]; const paramLength = params.length + 2; // json and custom label are always appended - const aggType = new AggType({ - name: 'bucketeer', - title: 'title', - params, - }); + const aggType = new AggType( + { + name: 'bucketeer', + title: 'title', + params, + }, + dependencies + ); expect(Array.isArray(aggType.params)).toBeTruthy(); expect(aggType.params.length).toBe(paramLength); @@ -143,11 +167,14 @@ describe('AggType Class', () => { } as unknown) as IAggConfig; }); - it('returns the formatter for the aggConfig', () => { - const aggType = new AggType({ - name: 'name', - title: 'title', - }); + test('returns the formatter for the aggConfig', () => { + const aggType = new AggType( + { + name: 'name', + title: 'title', + }, + dependencies + ); field = { format: 'format', @@ -156,16 +183,14 @@ describe('AggType Class', () => { expect(aggType.getFormat(aggConfig)).toBe('format'); }); - it('returns default formatter', () => { - setFieldFormats({ - ...dataPluginMock.createStartContract().fieldFormats, - getDefaultInstance: jest.fn(() => 'default') as any, - }); - - const aggType = new AggType({ - name: 'name', - title: 'title', - }); + test('returns default formatter', () => { + const aggType = new AggType( + { + name: 'name', + title: 'title', + }, + dependencies + ); field = undefined; diff --git a/src/plugins/data/public/search/aggs/agg_type.ts b/src/plugins/data/public/search/aggs/agg_type.ts index a63d01e196612..70c116d560c6f 100644 --- a/src/plugins/data/public/search/aggs/agg_type.ts +++ b/src/plugins/data/public/search/aggs/agg_type.ts @@ -28,7 +28,7 @@ import { BaseParamType } from './param_types/base'; import { AggParamType } from './param_types/agg'; import { KBN_FIELD_TYPES, IFieldFormat } from '../../../common'; import { ISearchSource } from '../search_source'; -import { getFieldFormats } from '../../../public/services'; +import { GetInternalStartServicesFn } from '../../types'; export interface AggTypeConfig< TAggConfig extends AggConfig = AggConfig, @@ -60,16 +60,13 @@ export interface AggTypeConfig< getKey?: (bucket: any, key: any, agg: TAggConfig) => any; } -const getFormat = (agg: AggConfig) => { - const field = agg.getField(); - const fieldFormatsService = getFieldFormats(); - - return field ? field.format : fieldFormatsService.getDefaultInstance(KBN_FIELD_TYPES.STRING); -}; - // TODO need to make a more explicit interface for this export type IAggType = AggType; +export interface AggTypeDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + export class AggType< TAggConfig extends AggConfig = AggConfig, TParam extends AggParamType = AggParamType @@ -215,7 +212,10 @@ export class AggType< * @private * @param {object} config - used to set the properties of the AggType */ - constructor(config: AggTypeConfig) { + constructor( + config: AggTypeConfig, + { getInternalStartServices }: AggTypeDependencies + ) { this.name = config.name; this.type = config.type || 'metrics'; this.dslName = config.dslName || config.name; @@ -251,14 +251,22 @@ export class AggType< }); } - this.params = initParams(params); + this.params = initParams(params, { getInternalStartServices }); } this.getRequestAggs = config.getRequestAggs || noop; this.getResponseAggs = config.getResponseAggs || (() => {}); this.decorateAggConfig = config.decorateAggConfig || (() => ({})); this.postFlightRequest = config.postFlightRequest || identity; - this.getFormat = config.getFormat || getFormat; + + this.getFormat = + config.getFormat || + ((agg: TAggConfig) => { + const field = agg.getField(); + const { fieldFormats } = getInternalStartServices(); + + return field ? field.format : fieldFormats.getDefaultInstance(KBN_FIELD_TYPES.STRING); + }); this.getValue = config.getValue || ((agg: TAggConfig, bucket: any) => {}); } } diff --git a/src/plugins/data/public/search/aggs/agg_types.ts b/src/plugins/data/public/search/aggs/agg_types.ts index 556f6b0c93c41..4b154c338d48c 100644 --- a/src/plugins/data/public/search/aggs/agg_types.ts +++ b/src/plugins/data/public/search/aggs/agg_types.ts @@ -17,83 +17,89 @@ * under the License. */ -import { IUiSettingsClient, NotificationsSetup } from 'src/core/public'; +import { IUiSettingsClient } from 'src/core/public'; import { QuerySetup } from '../../query/query_service'; -import { countMetricAgg } from './metrics/count'; -import { avgMetricAgg } from './metrics/avg'; -import { sumMetricAgg } from './metrics/sum'; -import { medianMetricAgg } from './metrics/median'; -import { minMetricAgg } from './metrics/min'; -import { maxMetricAgg } from './metrics/max'; -import { topHitMetricAgg } from './metrics/top_hit'; -import { stdDeviationMetricAgg } from './metrics/std_deviation'; -import { cardinalityMetricAgg } from './metrics/cardinality'; -import { percentilesMetricAgg } from './metrics/percentiles'; -import { geoBoundsMetricAgg } from './metrics/geo_bounds'; -import { geoCentroidMetricAgg } from './metrics/geo_centroid'; -import { percentileRanksMetricAgg } from './metrics/percentile_ranks'; -import { derivativeMetricAgg } from './metrics/derivative'; -import { cumulativeSumMetricAgg } from './metrics/cumulative_sum'; -import { movingAvgMetricAgg } from './metrics/moving_avg'; -import { serialDiffMetricAgg } from './metrics/serial_diff'; +import { getCountMetricAgg } from './metrics/count'; +import { getAvgMetricAgg } from './metrics/avg'; +import { getSumMetricAgg } from './metrics/sum'; +import { getMedianMetricAgg } from './metrics/median'; +import { getMinMetricAgg } from './metrics/min'; +import { getMaxMetricAgg } from './metrics/max'; +import { getTopHitMetricAgg } from './metrics/top_hit'; +import { getStdDeviationMetricAgg } from './metrics/std_deviation'; +import { getCardinalityMetricAgg } from './metrics/cardinality'; +import { getPercentilesMetricAgg } from './metrics/percentiles'; +import { getGeoBoundsMetricAgg } from './metrics/geo_bounds'; +import { getGeoCentroidMetricAgg } from './metrics/geo_centroid'; +import { getPercentileRanksMetricAgg } from './metrics/percentile_ranks'; +import { getDerivativeMetricAgg } from './metrics/derivative'; +import { getCumulativeSumMetricAgg } from './metrics/cumulative_sum'; +import { getMovingAvgMetricAgg } from './metrics/moving_avg'; +import { getSerialDiffMetricAgg } from './metrics/serial_diff'; import { getDateHistogramBucketAgg } from './buckets/date_histogram'; import { getHistogramBucketAgg } from './buckets/histogram'; -import { rangeBucketAgg } from './buckets/range'; +import { getRangeBucketAgg } from './buckets/range'; import { getDateRangeBucketAgg } from './buckets/date_range'; -import { ipRangeBucketAgg } from './buckets/ip_range'; -import { termsBucketAgg } from './buckets/terms'; -import { filterBucketAgg } from './buckets/filter'; +import { getIpRangeBucketAgg } from './buckets/ip_range'; +import { getTermsBucketAgg } from './buckets/terms'; +import { getFilterBucketAgg } from './buckets/filter'; import { getFiltersBucketAgg } from './buckets/filters'; -import { significantTermsBucketAgg } from './buckets/significant_terms'; -import { geoHashBucketAgg } from './buckets/geo_hash'; -import { geoTileBucketAgg } from './buckets/geo_tile'; -import { bucketSumMetricAgg } from './metrics/bucket_sum'; -import { bucketAvgMetricAgg } from './metrics/bucket_avg'; -import { bucketMinMetricAgg } from './metrics/bucket_min'; -import { bucketMaxMetricAgg } from './metrics/bucket_max'; +import { getSignificantTermsBucketAgg } from './buckets/significant_terms'; +import { getGeoHashBucketAgg } from './buckets/geo_hash'; +import { getGeoTitleBucketAgg } from './buckets/geo_tile'; +import { getBucketSumMetricAgg } from './metrics/bucket_sum'; +import { getBucketAvgMetricAgg } from './metrics/bucket_avg'; +import { getBucketMinMetricAgg } from './metrics/bucket_min'; +import { getBucketMaxMetricAgg } from './metrics/bucket_max'; + +import { GetInternalStartServicesFn } from '../../types'; export interface AggTypesDependencies { - notifications: NotificationsSetup; uiSettings: IUiSettingsClient; query: QuerySetup; + getInternalStartServices: GetInternalStartServicesFn; } -export const getAggTypes = ({ notifications, uiSettings, query }: AggTypesDependencies) => ({ +export const getAggTypes = ({ + uiSettings, + query, + getInternalStartServices, +}: AggTypesDependencies) => ({ metrics: [ - countMetricAgg, - avgMetricAgg, - sumMetricAgg, - medianMetricAgg, - minMetricAgg, - maxMetricAgg, - stdDeviationMetricAgg, - cardinalityMetricAgg, - percentilesMetricAgg, - percentileRanksMetricAgg, - topHitMetricAgg, - derivativeMetricAgg, - cumulativeSumMetricAgg, - movingAvgMetricAgg, - serialDiffMetricAgg, - bucketAvgMetricAgg, - bucketSumMetricAgg, - bucketMinMetricAgg, - bucketMaxMetricAgg, - geoBoundsMetricAgg, - geoCentroidMetricAgg, + getCountMetricAgg({ getInternalStartServices }), + getAvgMetricAgg({ getInternalStartServices }), + getSumMetricAgg({ getInternalStartServices }), + getMedianMetricAgg({ getInternalStartServices }), + getMinMetricAgg({ getInternalStartServices }), + getMaxMetricAgg({ getInternalStartServices }), + getStdDeviationMetricAgg({ getInternalStartServices }), + getCardinalityMetricAgg({ getInternalStartServices }), + getPercentilesMetricAgg({ getInternalStartServices }), + getPercentileRanksMetricAgg({ getInternalStartServices }), + getTopHitMetricAgg({ getInternalStartServices }), + getDerivativeMetricAgg({ getInternalStartServices }), + getCumulativeSumMetricAgg({ getInternalStartServices }), + getMovingAvgMetricAgg({ getInternalStartServices }), + getSerialDiffMetricAgg({ getInternalStartServices }), + getBucketAvgMetricAgg({ getInternalStartServices }), + getBucketSumMetricAgg({ getInternalStartServices }), + getBucketMinMetricAgg({ getInternalStartServices }), + getBucketMaxMetricAgg({ getInternalStartServices }), + getGeoBoundsMetricAgg({ getInternalStartServices }), + getGeoCentroidMetricAgg({ getInternalStartServices }), ], buckets: [ - getDateHistogramBucketAgg({ uiSettings, query }), - getHistogramBucketAgg({ uiSettings, notifications }), - rangeBucketAgg, - getDateRangeBucketAgg({ uiSettings }), - ipRangeBucketAgg, - termsBucketAgg, - filterBucketAgg, - getFiltersBucketAgg({ uiSettings }), - significantTermsBucketAgg, - geoHashBucketAgg, - geoTileBucketAgg, + getDateHistogramBucketAgg({ uiSettings, query, getInternalStartServices }), + getHistogramBucketAgg({ uiSettings, getInternalStartServices }), + getRangeBucketAgg({ getInternalStartServices }), + getDateRangeBucketAgg({ uiSettings, getInternalStartServices }), + getIpRangeBucketAgg({ getInternalStartServices }), + getTermsBucketAgg({ getInternalStartServices }), + getFilterBucketAgg({ getInternalStartServices }), + getFiltersBucketAgg({ uiSettings, getInternalStartServices }), + getSignificantTermsBucketAgg({ getInternalStartServices }), + getGeoHashBucketAgg({ getInternalStartServices }), + getGeoTitleBucketAgg({ getInternalStartServices }), ], }); diff --git a/src/plugins/data/public/search/aggs/agg_types_registry.test.ts b/src/plugins/data/public/search/aggs/agg_types_registry.test.ts index 405f83e237de8..58d1a07d965e2 100644 --- a/src/plugins/data/public/search/aggs/agg_types_registry.test.ts +++ b/src/plugins/data/public/search/aggs/agg_types_registry.test.ts @@ -22,7 +22,7 @@ import { AggTypesRegistrySetup, AggTypesRegistryStart, } from './agg_types_registry'; -import { BucketAggType } from './buckets/_bucket_agg_type'; +import { BucketAggType } from './buckets/bucket_agg_type'; import { MetricAggType } from './metrics/metric_agg_type'; const bucketType = { name: 'terms', type: 'bucket' } as BucketAggType; diff --git a/src/plugins/data/public/search/aggs/agg_types_registry.ts b/src/plugins/data/public/search/aggs/agg_types_registry.ts index 8a8746106ae58..5a0c58120d810 100644 --- a/src/plugins/data/public/search/aggs/agg_types_registry.ts +++ b/src/plugins/data/public/search/aggs/agg_types_registry.ts @@ -17,7 +17,7 @@ * under the License. */ -import { BucketAggType } from './buckets/_bucket_agg_type'; +import { BucketAggType } from './buckets/bucket_agg_type'; import { MetricAggType } from './metrics/metric_agg_type'; export type AggTypesRegistrySetup = ReturnType; diff --git a/src/plugins/data/public/search/aggs/buckets/_interval_options.ts b/src/plugins/data/public/search/aggs/buckets/_interval_options.ts index 393d3b745250f..1c4c04c40a5c1 100644 --- a/src/plugins/data/public/search/aggs/buckets/_interval_options.ts +++ b/src/plugins/data/public/search/aggs/buckets/_interval_options.ts @@ -18,7 +18,7 @@ */ import { i18n } from '@kbn/i18n'; -import { IBucketAggConfig } from './_bucket_agg_type'; +import { IBucketAggConfig } from './bucket_agg_type'; export const intervalOptions = [ { diff --git a/src/plugins/data/public/search/aggs/buckets/_terms_other_bucket_helper.test.ts b/src/plugins/data/public/search/aggs/buckets/_terms_other_bucket_helper.test.ts index 9e4b93035384f..c664325a168b1 100644 --- a/src/plugins/data/public/search/aggs/buckets/_terms_other_bucket_helper.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/_terms_other_bucket_helper.test.ts @@ -24,8 +24,8 @@ import { } from './_terms_other_bucket_helper'; import { AggConfigs, CreateAggConfigParams } from '../agg_configs'; import { BUCKET_TYPES } from './bucket_agg_types'; -import { IBucketAggConfig } from './_bucket_agg_type'; -import { mockDataServices, mockAggTypesRegistry } from '../test_helpers'; +import { IBucketAggConfig } from './bucket_agg_type'; +import { mockAggTypesRegistry } from '../test_helpers'; const indexPattern = { id: '1234', @@ -223,10 +223,6 @@ describe('Terms Agg Other bucket helper', () => { return new AggConfigs(indexPattern, [...aggs], { typesRegistry }); }; - beforeEach(() => { - mockDataServices(); - }); - describe('buildOtherBucketAgg', () => { test('returns a function', () => { const aggConfigs = getAggConfigs(singleTerm.aggs); diff --git a/src/plugins/data/public/search/aggs/buckets/_terms_other_bucket_helper.ts b/src/plugins/data/public/search/aggs/buckets/_terms_other_bucket_helper.ts index 4fd988e7b7e66..abda6b5fc5980 100644 --- a/src/plugins/data/public/search/aggs/buckets/_terms_other_bucket_helper.ts +++ b/src/plugins/data/public/search/aggs/buckets/_terms_other_bucket_helper.ts @@ -21,7 +21,7 @@ import { isNumber, keys, values, find, each, cloneDeep, flatten } from 'lodash'; import { buildExistsFilter, buildPhrasesFilter, buildQueryFromFilters } from '../../../../common'; import { AggGroupNames } from '../agg_groups'; import { IAggConfigs } from '../agg_configs'; -import { IBucketAggConfig } from './_bucket_agg_type'; +import { IBucketAggConfig } from './bucket_agg_type'; /** * walks the aggregation DSL and returns DSL starting at aggregation with id of startFromAggId diff --git a/src/plugins/data/public/search/aggs/buckets/_bucket_agg_type.ts b/src/plugins/data/public/search/aggs/buckets/bucket_agg_type.ts similarity index 86% rename from src/plugins/data/public/search/aggs/buckets/_bucket_agg_type.ts rename to src/plugins/data/public/search/aggs/buckets/bucket_agg_type.ts index 03629c3189cbb..f3c95b444dee9 100644 --- a/src/plugins/data/public/search/aggs/buckets/_bucket_agg_type.ts +++ b/src/plugins/data/public/search/aggs/buckets/bucket_agg_type.ts @@ -21,6 +21,7 @@ import { IAggConfig } from '../agg_config'; import { KBN_FIELD_TYPES } from '../../../../common'; import { AggType, AggTypeConfig } from '../agg_type'; import { AggParamType } from '../param_types/agg'; +import { GetInternalStartServicesFn } from '../../../types'; export interface IBucketAggConfig extends IAggConfig { type: InstanceType; @@ -39,6 +40,10 @@ interface BucketAggTypeConfig getKey?: (bucket: any, key: any, agg: IAggConfig) => any; } +interface BucketAggTypeDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + export class BucketAggType extends AggType< TBucketAggConfig, BucketAggParam @@ -46,8 +51,11 @@ export class BucketAggType any; type = bucketType; - constructor(config: BucketAggTypeConfig) { - super(config); + constructor( + config: BucketAggTypeConfig, + dependencies: BucketAggTypeDependencies + ) { + super(config, dependencies); this.getKey = config.getKey || diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/date_histogram.test.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/date_histogram.test.ts index def354c4557cb..97c940b4ff4b1 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/date_histogram.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/date_histogram.test.ts @@ -29,8 +29,9 @@ import { } from '../date_histogram'; import { BUCKET_TYPES } from '../bucket_agg_types'; import { RangeFilter } from '../../../../../common'; -import { coreMock } from '../../../../../../../core/public/mocks'; +import { coreMock, notificationServiceMock } from '../../../../../../../core/public/mocks'; import { queryServiceMock } from '../../../../query/mocks'; +import { fieldFormatsServiceMock } from '../../../../field_formats/mocks'; describe('AggConfig Filters', () => { describe('date_histogram', () => { @@ -46,6 +47,10 @@ describe('AggConfig Filters', () => { aggTypesDependencies = { uiSettings, query: queryServiceMock.createSetupContract(), + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), }; mockDataServices(); @@ -90,7 +95,7 @@ describe('AggConfig Filters', () => { filter = createFilterDateHistogram(agg, bucketKey); }; - it('creates a valid range filter', () => { + test('creates a valid range filter', () => { init(); expect(filter).toHaveProperty('range'); @@ -110,7 +115,7 @@ describe('AggConfig Filters', () => { expect(filter.meta).toHaveProperty('index', '1234'); }); - it('extends the filter edge to 1ms before the next bucket for all interval options', () => { + test('extends the filter edge to 1ms before the next bucket for all interval options', () => { intervalOptions.forEach(option => { let duration; if (option.val !== 'custom' && moment(1, option.val).isValid()) { diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/date_range.test.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/date_range.test.ts index 6a03176959a83..8c0466b769a7e 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/date_range.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/date_range.test.ts @@ -25,8 +25,9 @@ import { DateFormat } from '../../../../field_formats'; import { AggConfigs } from '../../agg_configs'; import { mockAggTypesRegistry } from '../../test_helpers'; import { BUCKET_TYPES } from '../bucket_agg_types'; -import { IBucketAggConfig } from '../_bucket_agg_type'; -import { coreMock } from '../../../../../../../core/public/mocks'; +import { IBucketAggConfig } from '../bucket_agg_type'; +import { coreMock, notificationServiceMock } from '../../../../../../../core/public/mocks'; +import { fieldFormatsServiceMock } from '../../../../field_formats/mocks'; describe('AggConfig Filters', () => { describe('Date range', () => { @@ -37,6 +38,10 @@ describe('AggConfig Filters', () => { aggTypesDependencies = { uiSettings, + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), }; }); @@ -71,7 +76,7 @@ describe('AggConfig Filters', () => { ); }; - it('should return a range filter for date_range agg', () => { + test('should return a range filter for date_range agg', () => { const aggConfigs = getAggConfigs(); const from = new Date('1 Feb 2015'); const to = new Date('7 Feb 2015'); diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/date_range.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/date_range.ts index 9bfded0ce9729..118e9b26e87d5 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/date_range.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/date_range.ts @@ -18,7 +18,7 @@ */ import moment from 'moment'; -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; import { DateRangeKey } from '../lib/date_range'; import { buildRangeFilter, RangeFilterParams } from '../../../../../common'; diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/filters.test.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/filters.test.ts index 32ada8d57c768..f5a0b5a7b9094 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/filters.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/filters.test.ts @@ -21,8 +21,9 @@ import { getFiltersBucketAgg, FiltersBucketAggDependencies } from '../filters'; import { createFilterFilters } from './filters'; import { AggConfigs } from '../../agg_configs'; import { mockAggTypesRegistry } from '../../test_helpers'; -import { IBucketAggConfig } from '../_bucket_agg_type'; -import { coreMock } from '../../../../../../../core/public/mocks'; +import { IBucketAggConfig } from '../bucket_agg_type'; +import { coreMock, notificationServiceMock } from '../../../../../../../core/public/mocks'; +import { fieldFormatsServiceMock } from '../../../../field_formats/mocks'; describe('AggConfig Filters', () => { describe('filters', () => { @@ -33,6 +34,10 @@ describe('AggConfig Filters', () => { aggTypesDependencies = { uiSettings, + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), }; }); @@ -67,7 +72,8 @@ describe('AggConfig Filters', () => { { typesRegistry: mockAggTypesRegistry([getFiltersBucketAgg(aggTypesDependencies)]) } ); }; - it('should return a filters filter', () => { + + test('should return a filters filter', () => { const aggConfigs = getAggConfigs(); const filter = createFilterFilters(aggConfigs.aggs[0] as IBucketAggConfig, 'type:nginx'); diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/filters.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/filters.ts index 3b568d805f7c0..1999b759a23d0 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/filters.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/filters.ts @@ -18,7 +18,7 @@ */ import { get } from 'lodash'; -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; import { buildQueryFilter } from '../../../../../common'; export const createFilterFilters = (aggConfig: IBucketAggConfig, key: string) => { diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/histogram.test.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/histogram.test.ts index dc8414d80c024..18b388be74877 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/histogram.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/histogram.test.ts @@ -19,19 +19,13 @@ import { createFilterHistogram } from './histogram'; import { AggConfigs } from '../../agg_configs'; -import { mockDataServices, mockAggTypesRegistry } from '../../test_helpers'; +import { mockAggTypesRegistry } from '../../test_helpers'; import { BUCKET_TYPES } from '../bucket_agg_types'; -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; import { BytesFormat, FieldFormatsGetConfigFn } from '../../../../../common'; describe('AggConfig Filters', () => { describe('histogram', () => { - beforeEach(() => { - mockDataServices(); - }); - - const typesRegistry = mockAggTypesRegistry(); - const getConfig = (() => {}) as FieldFormatsGetConfigFn; const getAggConfigs = () => { const field = { @@ -61,11 +55,11 @@ describe('AggConfig Filters', () => { }, }, ], - { typesRegistry } + { typesRegistry: mockAggTypesRegistry() } ); }; - it('should return an range filter for histogram', () => { + test('should return an range filter for histogram', () => { const aggConfigs = getAggConfigs(); const filter = createFilterHistogram(aggConfigs.aggs[0] as IBucketAggConfig, '2048'); diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/histogram.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/histogram.ts index d4c00a0991fe2..f8e7747d49147 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/histogram.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/histogram.ts @@ -17,7 +17,7 @@ * under the License. */ -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; import { buildRangeFilter, RangeFilterParams } from '../../../../../common'; export const createFilterHistogram = (aggConfig: IBucketAggConfig, key: string) => { diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/ip_range.test.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/ip_range.test.ts index ca51094da2f58..b528313b080d0 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/ip_range.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/ip_range.test.ts @@ -17,17 +17,26 @@ * under the License. */ -import { ipRangeBucketAgg } from '../ip_range'; +import { getIpRangeBucketAgg } from '../ip_range'; import { createFilterIpRange } from './ip_range'; import { AggConfigs, CreateAggConfigParams } from '../../agg_configs'; import { mockAggTypesRegistry } from '../../test_helpers'; import { IpFormat } from '../../../../../common'; import { BUCKET_TYPES } from '../bucket_agg_types'; -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; +import { fieldFormatsServiceMock } from '../../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../core/public/mocks'; describe('AggConfig Filters', () => { describe('IP range', () => { - const typesRegistry = mockAggTypesRegistry([ipRangeBucketAgg]); + const typesRegistry = mockAggTypesRegistry([ + getIpRangeBucketAgg({ + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }), + ]); const getAggConfigs = (aggs: CreateAggConfigParams[]) => { const field = { name: 'ip', @@ -46,7 +55,7 @@ describe('AggConfig Filters', () => { return new AggConfigs(indexPattern, aggs, { typesRegistry }); }; - it('should return a range filter for ip_range agg', () => { + test('should return a range filter for ip_range agg', () => { const aggConfigs = getAggConfigs([ { type: BUCKET_TYPES.IP_RANGE, @@ -75,7 +84,7 @@ describe('AggConfig Filters', () => { expect(filter.range.ip).toHaveProperty('lte', '1.1.1.1'); }); - it('should return a range filter for ip_range agg using a CIDR mask', () => { + test('should return a range filter for ip_range agg using a CIDR mask', () => { const aggConfigs = getAggConfigs([ { type: BUCKET_TYPES.IP_RANGE, diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/ip_range.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/ip_range.ts index 2d34c45aaab9d..aae212783b873 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/ip_range.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/ip_range.ts @@ -18,7 +18,7 @@ */ import { CidrMask } from '../lib/cidr_mask'; -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; import { IpRangeKey } from '../lib/ip_range'; import { buildRangeFilter, RangeFilterParams } from '../../../../../common'; diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/range.test.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/range.test.ts index 3a6f8b36a9d96..14a7538aa95a4 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/range.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/range.test.ts @@ -17,22 +17,31 @@ * under the License. */ -import { rangeBucketAgg } from '../range'; +import { getRangeBucketAgg, RangeBucketAggDependencies } from '../range'; import { createFilterRange } from './range'; import { BytesFormat, FieldFormatsGetConfigFn } from '../../../../../common'; import { AggConfigs } from '../../agg_configs'; import { mockDataServices, mockAggTypesRegistry } from '../../test_helpers'; import { BUCKET_TYPES } from '../bucket_agg_types'; -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; +import { fieldFormatsServiceMock } from '../../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../core/public/mocks'; describe('AggConfig Filters', () => { describe('range', () => { + let aggTypesDependencies: RangeBucketAggDependencies; + beforeEach(() => { + aggTypesDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; + mockDataServices(); }); - const typesRegistry = mockAggTypesRegistry([rangeBucketAgg]); - const getConfig = (() => {}) as FieldFormatsGetConfigFn; const getAggConfigs = () => { const field = { @@ -62,11 +71,11 @@ describe('AggConfig Filters', () => { }, }, ], - { typesRegistry } + { typesRegistry: mockAggTypesRegistry([getRangeBucketAgg(aggTypesDependencies)]) } ); }; - it('should return a range filter for range agg', () => { + test('should return a range filter for range agg', () => { const aggConfigs = getAggConfigs(); const filter = createFilterRange(aggConfigs.aggs[0] as IBucketAggConfig, { gte: 1024, diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/range.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/range.ts index d3d85f2441a8b..cbad8742bfab6 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/range.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/range.ts @@ -17,7 +17,7 @@ * under the License. */ -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; import { buildRangeFilter } from '../../../../../common'; export const createFilterRange = (aggConfig: IBucketAggConfig, params: any) => { diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/terms.test.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/terms.test.ts index 511af450b0113..c11a7d1a4e6b8 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/terms.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/terms.test.ts @@ -17,17 +17,30 @@ * under the License. */ -import { termsBucketAgg } from '../terms'; +import { getTermsBucketAgg } from '../terms'; import { createFilterTerms } from './terms'; import { AggConfigs, CreateAggConfigParams } from '../../agg_configs'; import { mockAggTypesRegistry } from '../../test_helpers'; import { BUCKET_TYPES } from '../bucket_agg_types'; -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; import { Filter, ExistsFilter } from '../../../../../common'; +import { RangeBucketAggDependencies } from '../range'; +import { fieldFormatsServiceMock } from '../../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../core/public/mocks'; describe('AggConfig Filters', () => { describe('terms', () => { - const typesRegistry = mockAggTypesRegistry([termsBucketAgg]); + let aggTypesDependencies: RangeBucketAggDependencies; + + beforeEach(() => { + aggTypesDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; + }); + const getAggConfigs = (aggs: CreateAggConfigParams[]) => { const indexPattern = { id: '1234', @@ -43,10 +56,12 @@ describe('AggConfig Filters', () => { indexPattern, }; - return new AggConfigs(indexPattern, aggs, { typesRegistry }); + return new AggConfigs(indexPattern, aggs, { + typesRegistry: mockAggTypesRegistry([getTermsBucketAgg(aggTypesDependencies)]), + }); }; - it('should return a match_phrase filter for terms', () => { + test('should return a match_phrase filter for terms', () => { const aggConfigs = getAggConfigs([ { type: BUCKET_TYPES.TERMS, schema: 'segment', params: { field: 'field' } }, ]); @@ -65,7 +80,7 @@ describe('AggConfig Filters', () => { expect(filter.meta).toHaveProperty('index', '1234'); }); - it('should set query to true or false for boolean filter', () => { + test('should set query to true or false for boolean filter', () => { const aggConfigs = getAggConfigs([ { type: BUCKET_TYPES.TERMS, schema: 'segment', params: { field: 'field' } }, ]); @@ -93,7 +108,7 @@ describe('AggConfig Filters', () => { expect(filterTrue.query.match_phrase.field).toBeTruthy(); }); - it('should generate correct __missing__ filter', () => { + test('should generate correct __missing__ filter', () => { const aggConfigs = getAggConfigs([ { type: BUCKET_TYPES.TERMS, schema: 'segment', params: { field: 'field' } }, ]); @@ -110,7 +125,7 @@ describe('AggConfig Filters', () => { expect(filter.meta).toHaveProperty('negate', true); }); - it('should generate correct __other__ filter', () => { + test('should generate correct __other__ filter', () => { const aggConfigs = getAggConfigs([ { type: BUCKET_TYPES.TERMS, schema: 'segment', params: { field: 'field' } }, ]); diff --git a/src/plugins/data/public/search/aggs/buckets/create_filter/terms.ts b/src/plugins/data/public/search/aggs/buckets/create_filter/terms.ts index 43ebfc0e90db2..95de19b96abd4 100644 --- a/src/plugins/data/public/search/aggs/buckets/create_filter/terms.ts +++ b/src/plugins/data/public/search/aggs/buckets/create_filter/terms.ts @@ -17,7 +17,7 @@ * under the License. */ -import { IBucketAggConfig } from '../_bucket_agg_type'; +import { IBucketAggConfig } from '../bucket_agg_type'; import { buildPhrasesFilter, buildExistsFilter, diff --git a/src/plugins/data/public/search/aggs/buckets/date_histogram.ts b/src/plugins/data/public/search/aggs/buckets/date_histogram.ts index 7701f1bbcb4d0..e6fd259fabc92 100644 --- a/src/plugins/data/public/search/aggs/buckets/date_histogram.ts +++ b/src/plugins/data/public/search/aggs/buckets/date_histogram.ts @@ -23,7 +23,7 @@ import { i18n } from '@kbn/i18n'; import { IUiSettingsClient } from 'src/core/public'; import { TimeBuckets } from './lib/time_buckets'; -import { BucketAggType, IBucketAggConfig } from './_bucket_agg_type'; +import { BucketAggType, IBucketAggConfig } from './bucket_agg_type'; import { BUCKET_TYPES } from './bucket_agg_types'; import { createFilterDateHistogram } from './create_filter/date_histogram'; import { intervalOptions } from './_interval_options'; @@ -33,8 +33,8 @@ import { isMetricAggType } from '../metrics/metric_agg_type'; import { FIELD_FORMAT_IDS, KBN_FIELD_TYPES } from '../../../../common'; import { TimefilterContract } from '../../../query'; -import { getFieldFormats } from '../../../../public/services'; import { QuerySetup } from '../../../query/query_service'; +import { GetInternalStartServicesFn } from '../../../types'; const detectedTimezone = moment.tz.guess(); const tzOffset = moment().format('Z'); @@ -61,6 +61,7 @@ interface ITimeBuckets { export interface DateHistogramBucketAggDependencies { uiSettings: IUiSettingsClient; query: QuerySetup; + getInternalStartServices: GetInternalStartServicesFn; } export interface IBucketDateHistogramAggConfig extends IBucketAggConfig { @@ -74,211 +75,218 @@ export function isDateHistogramBucketAggConfig(agg: any): agg is IBucketDateHist export const getDateHistogramBucketAgg = ({ uiSettings, query, + getInternalStartServices, }: DateHistogramBucketAggDependencies) => - new BucketAggType({ - name: BUCKET_TYPES.DATE_HISTOGRAM, - title: i18n.translate('data.search.aggs.buckets.dateHistogramTitle', { - defaultMessage: 'Date Histogram', - }), - ordered: { - date: true, - }, - makeLabel(agg) { - let output: Record = {}; + new BucketAggType( + { + name: BUCKET_TYPES.DATE_HISTOGRAM, + title: i18n.translate('data.search.aggs.buckets.dateHistogramTitle', { + defaultMessage: 'Date Histogram', + }), + ordered: { + date: true, + }, + makeLabel(agg) { + let output: Record = {}; - if (this.params) { - output = writeParams(this.params, agg); - } + if (this.params) { + output = writeParams(this.params, agg); + } - const field = agg.getFieldDisplayName(); - return i18n.translate('data.search.aggs.buckets.dateHistogramLabel', { - defaultMessage: '{fieldName} per {intervalDescription}', - values: { - fieldName: field, - intervalDescription: output.metricScaleText || output.bucketInterval.description, - }, - }); - }, - createFilter: createFilterDateHistogram, - decorateAggConfig() { - let buckets: any; + const field = agg.getFieldDisplayName(); + return i18n.translate('data.search.aggs.buckets.dateHistogramLabel', { + defaultMessage: '{fieldName} per {intervalDescription}', + values: { + fieldName: field, + intervalDescription: output.metricScaleText || output.bucketInterval.description, + }, + }); + }, + createFilter: createFilterDateHistogram, + decorateAggConfig() { + let buckets: any; - return { - buckets: { - configurable: true, - get() { - if (buckets) return buckets; + return { + buckets: { + configurable: true, + get() { + if (buckets) return buckets; - const { timefilter } = query.timefilter; - buckets = new TimeBuckets({ uiSettings }); - updateTimeBuckets(this, timefilter, buckets); + const { timefilter } = query.timefilter; + buckets = new TimeBuckets({ uiSettings }); + updateTimeBuckets(this, timefilter, buckets); - return buckets; - }, - } as any, - }; - }, - getFormat(agg) { - const DateFieldFormat = getFieldFormats().getType(FIELD_FORMAT_IDS.DATE); + return buckets; + }, + } as any, + }; + }, + getFormat(agg) { + const { fieldFormats } = getInternalStartServices(); + const DateFieldFormat = fieldFormats.getType(FIELD_FORMAT_IDS.DATE); - if (!DateFieldFormat) { - throw new Error('Unable to retrieve Date Field Format'); - } + if (!DateFieldFormat) { + throw new Error('Unable to retrieve Date Field Format'); + } - return new DateFieldFormat( + return new DateFieldFormat( + { + pattern: agg.buckets.getScaledDateFormat(), + }, + (key: string) => uiSettings.get(key) + ); + }, + params: [ { - pattern: agg.buckets.getScaledDateFormat(), + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.DATE, + default(agg: IBucketDateHistogramAggConfig) { + return agg.getIndexPattern().timeFieldName; + }, + onChange(agg: IBucketDateHistogramAggConfig) { + if (get(agg, 'params.interval') === 'auto' && !agg.fieldIsTimeField()) { + delete agg.params.interval; + } + }, }, - (key: string) => uiSettings.get(key) - ); - }, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.DATE, - default(agg: IBucketDateHistogramAggConfig) { - return agg.getIndexPattern().timeFieldName; + { + name: 'timeRange', + default: null, + write: noop, }, - onChange(agg: IBucketDateHistogramAggConfig) { - if (get(agg, 'params.interval') === 'auto' && !agg.fieldIsTimeField()) { - delete agg.params.interval; - } + { + name: 'useNormalizedEsInterval', + default: true, + write: noop, }, - }, - { - name: 'timeRange', - default: null, - write: noop, - }, - { - name: 'useNormalizedEsInterval', - default: true, - write: noop, - }, - { - name: 'scaleMetricValues', - default: false, - write: noop, - advanced: true, - }, - { - name: 'interval', - deserialize(state: any, agg) { - // For upgrading from 7.0.x to 7.1.x - intervals are now stored as key of options or custom value - if (state === 'custom') { - return get(agg, 'params.customInterval'); - } + { + name: 'scaleMetricValues', + default: false, + write: noop, + advanced: true, + }, + { + name: 'interval', + deserialize(state: any, agg) { + // For upgrading from 7.0.x to 7.1.x - intervals are now stored as key of options or custom value + if (state === 'custom') { + return get(agg, 'params.customInterval'); + } - const interval = find(intervalOptions, { val: state }); + const interval = find(intervalOptions, { val: state }); - // For upgrading from 4.0.x to 4.1.x - intervals are now stored as 'y' instead of 'year', - // but this maps the old values to the new values - if (!interval && state === 'year') { - return 'y'; - } - return state; - }, - default: 'auto', - options: intervalOptions, - write(agg, output, aggs) { - const { timefilter } = query.timefilter; - updateTimeBuckets(agg, timefilter); + // For upgrading from 4.0.x to 4.1.x - intervals are now stored as 'y' instead of 'year', + // but this maps the old values to the new values + if (!interval && state === 'year') { + return 'y'; + } + return state; + }, + default: 'auto', + options: intervalOptions, + write(agg, output, aggs) { + const { timefilter } = query.timefilter; + updateTimeBuckets(agg, timefilter); - const { useNormalizedEsInterval, scaleMetricValues } = agg.params; - const interval = agg.buckets.getInterval(useNormalizedEsInterval); - output.bucketInterval = interval; - if (interval.expression === '0ms') { - // We are hitting this code a couple of times while configuring in editor - // with an interval of 0ms because the overall time range has not yet been - // set. Since 0ms is not a valid ES interval, we cannot pass it through dateHistogramInterval - // below, since it would throw an exception. So in the cases we still have an interval of 0ms - // here we simply skip the rest of the method and never write an interval into the DSL, since - // this DSL will anyway not be used before we're passing this code with an actual interval. - return; - } - output.params = { - ...output.params, - ...dateHistogramInterval(interval.expression), - }; + const { useNormalizedEsInterval, scaleMetricValues } = agg.params; + const interval = agg.buckets.getInterval(useNormalizedEsInterval); + output.bucketInterval = interval; + if (interval.expression === '0ms') { + // We are hitting this code a couple of times while configuring in editor + // with an interval of 0ms because the overall time range has not yet been + // set. Since 0ms is not a valid ES interval, we cannot pass it through dateHistogramInterval + // below, since it would throw an exception. So in the cases we still have an interval of 0ms + // here we simply skip the rest of the method and never write an interval into the DSL, since + // this DSL will anyway not be used before we're passing this code with an actual interval. + return; + } + output.params = { + ...output.params, + ...dateHistogramInterval(interval.expression), + }; - const scaleMetrics = scaleMetricValues && interval.scaled && interval.scale < 1; - if (scaleMetrics && aggs) { - const metrics = aggs.aggs.filter(a => isMetricAggType(a.type)); - const all = every(metrics, (a: IBucketAggConfig) => { - const { type } = a; + const scaleMetrics = scaleMetricValues && interval.scaled && interval.scale < 1; + if (scaleMetrics && aggs) { + const metrics = aggs.aggs.filter(a => isMetricAggType(a.type)); + const all = every(metrics, (a: IBucketAggConfig) => { + const { type } = a; - if (isMetricAggType(type)) { - return type.isScalable(); + if (isMetricAggType(type)) { + return type.isScalable(); + } + }); + if (all) { + output.metricScale = interval.scale; + output.metricScaleText = interval.preScaled.description; } - }); - if (all) { - output.metricScale = interval.scale; - output.metricScaleText = interval.preScaled.description; } - } + }, }, - }, - { - name: 'time_zone', - default: undefined, - // We don't ever want this parameter to be serialized out (when saving or to URLs) - // since we do all the logic handling it "on the fly" in the `write` method, to prevent - // time_zones being persisted into saved_objects - serialize: noop, - write(agg, output) { - // If a time_zone has been set explicitly always prefer this. - let tz = agg.params.time_zone; - if (!tz && agg.params.field) { - // If a field has been configured check the index pattern's typeMeta if a date_histogram on that - // field requires a specific time_zone - tz = get(agg.getIndexPattern(), [ - 'typeMeta', - 'aggs', - 'date_histogram', - agg.params.field.name, - 'time_zone', - ]); - } - if (!tz) { - // If the index pattern typeMeta data, didn't had a time zone assigned for the selected field use the configured tz - const isDefaultTimezone = uiSettings.isDefault('dateFormat:tz'); - tz = isDefaultTimezone ? detectedTimezone || tzOffset : uiSettings.get('dateFormat:tz'); - } - output.params.time_zone = tz; + { + name: 'time_zone', + default: undefined, + // We don't ever want this parameter to be serialized out (when saving or to URLs) + // since we do all the logic handling it "on the fly" in the `write` method, to prevent + // time_zones being persisted into saved_objects + serialize: noop, + write(agg, output) { + // If a time_zone has been set explicitly always prefer this. + let tz = agg.params.time_zone; + if (!tz && agg.params.field) { + // If a field has been configured check the index pattern's typeMeta if a date_histogram on that + // field requires a specific time_zone + tz = get(agg.getIndexPattern(), [ + 'typeMeta', + 'aggs', + 'date_histogram', + agg.params.field.name, + 'time_zone', + ]); + } + if (!tz) { + // If the index pattern typeMeta data, didn't had a time zone assigned for the selected field use the configured tz + const isDefaultTimezone = uiSettings.isDefault('dateFormat:tz'); + tz = isDefaultTimezone + ? detectedTimezone || tzOffset + : uiSettings.get('dateFormat:tz'); + } + output.params.time_zone = tz; + }, }, - }, - { - name: 'drop_partials', - default: false, - write: noop, - shouldShow: agg => { - const field = agg.params.field; - return field && field.name && field.name === agg.getIndexPattern().timeFieldName; + { + name: 'drop_partials', + default: false, + write: noop, + shouldShow: agg => { + const field = agg.params.field; + return field && field.name && field.name === agg.getIndexPattern().timeFieldName; + }, }, - }, - { - name: 'format', - }, - { - name: 'min_doc_count', - default: 1, - }, - { - name: 'extended_bounds', - default: {}, - write(agg, output) { - const val = agg.params.extended_bounds; + { + name: 'format', + }, + { + name: 'min_doc_count', + default: 1, + }, + { + name: 'extended_bounds', + default: {}, + write(agg, output) { + const val = agg.params.extended_bounds; - if (val.min != null || val.max != null) { - output.params.extended_bounds = { - min: moment(val.min).valueOf(), - max: moment(val.max).valueOf(), - }; + if (val.min != null || val.max != null) { + output.params.extended_bounds = { + min: moment(val.min).valueOf(), + max: moment(val.max).valueOf(), + }; - return; - } + return; + } + }, }, - }, - ], - }); + ], + }, + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/date_range.test.ts b/src/plugins/data/public/search/aggs/buckets/date_range.test.ts index 4ea550492fa09..c050620c3a856 100644 --- a/src/plugins/data/public/search/aggs/buckets/date_range.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/date_range.test.ts @@ -17,11 +17,12 @@ * under the License. */ -import { coreMock } from '../../../../../../../src/core/public/mocks'; +import { coreMock, notificationServiceMock } from '../../../../../../../src/core/public/mocks'; import { getDateRangeBucketAgg, DateRangeBucketAggDependencies } from './date_range'; import { AggConfigs } from '../agg_configs'; import { mockAggTypesRegistry } from '../test_helpers'; import { BUCKET_TYPES } from './bucket_agg_types'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; describe('date_range params', () => { let aggTypesDependencies: DateRangeBucketAggDependencies; @@ -31,6 +32,10 @@ describe('date_range params', () => { aggTypesDependencies = { uiSettings, + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), }; }); diff --git a/src/plugins/data/public/search/aggs/buckets/date_range.ts b/src/plugins/data/public/search/aggs/buckets/date_range.ts index 8133a47ec7248..07d927e64a943 100644 --- a/src/plugins/data/public/search/aggs/buckets/date_range.ts +++ b/src/plugins/data/public/search/aggs/buckets/date_range.ts @@ -23,12 +23,12 @@ import { i18n } from '@kbn/i18n'; import { IUiSettingsClient } from 'src/core/public'; import { BUCKET_TYPES } from './bucket_agg_types'; -import { BucketAggType, IBucketAggConfig } from './_bucket_agg_type'; +import { BucketAggType, IBucketAggConfig } from './bucket_agg_type'; import { createFilterDateRange } from './create_filter/date_range'; import { convertDateRangeToString, DateRangeKey } from './lib/date_range'; import { KBN_FIELD_TYPES, FieldFormat, TEXT_CONTEXT_TYPE } from '../../../../common'; -import { getFieldFormats } from '../../../../public/services'; +import { GetInternalStartServicesFn } from '../../../types'; const dateRangeTitle = i18n.translate('data.search.aggs.buckets.dateRangeTitle', { defaultMessage: 'Date Range', @@ -36,76 +36,85 @@ const dateRangeTitle = i18n.translate('data.search.aggs.buckets.dateRangeTitle', export interface DateRangeBucketAggDependencies { uiSettings: IUiSettingsClient; + getInternalStartServices: GetInternalStartServicesFn; } -export const getDateRangeBucketAgg = ({ uiSettings }: DateRangeBucketAggDependencies) => - new BucketAggType({ - name: BUCKET_TYPES.DATE_RANGE, - title: dateRangeTitle, - createFilter: createFilterDateRange, - getKey({ from, to }): DateRangeKey { - return { from, to }; - }, - getFormat(agg) { - const fieldFormatsService = getFieldFormats(); +export const getDateRangeBucketAgg = ({ + uiSettings, + getInternalStartServices, +}: DateRangeBucketAggDependencies) => + new BucketAggType( + { + name: BUCKET_TYPES.DATE_RANGE, + title: dateRangeTitle, + createFilter: createFilterDateRange, + getKey({ from, to }): DateRangeKey { + return { from, to }; + }, + getFormat(agg) { + const { fieldFormats } = getInternalStartServices(); - const formatter = agg.fieldOwnFormatter( - TEXT_CONTEXT_TYPE, - fieldFormatsService.getDefaultInstance(KBN_FIELD_TYPES.DATE) - ); - const DateRangeFormat = FieldFormat.from(function(range: DateRangeKey) { - return convertDateRangeToString(range, formatter); - }); - return new DateRangeFormat(); - }, - makeLabel(aggConfig) { - return aggConfig.getFieldDisplayName() + ' date ranges'; - }, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.DATE, - default(agg: IBucketAggConfig) { - return agg.getIndexPattern().timeFieldName; - }, + const formatter = agg.fieldOwnFormatter( + TEXT_CONTEXT_TYPE, + fieldFormats.getDefaultInstance(KBN_FIELD_TYPES.DATE) + ); + const DateRangeFormat = FieldFormat.from(function(range: DateRangeKey) { + return convertDateRangeToString(range, formatter); + }); + return new DateRangeFormat(); }, - { - name: 'ranges', - default: [ - { - from: 'now-1w/w', - to: 'now', - }, - ], + makeLabel(aggConfig) { + return aggConfig.getFieldDisplayName() + ' date ranges'; }, - { - name: 'time_zone', - default: undefined, - // Implimentation method is the same as that of date_histogram - serialize: () => undefined, - write: (agg, output) => { - const field = agg.getParam('field'); - let tz = agg.getParam('time_zone'); + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.DATE, + default(agg: IBucketAggConfig) { + return agg.getIndexPattern().timeFieldName; + }, + }, + { + name: 'ranges', + default: [ + { + from: 'now-1w/w', + to: 'now', + }, + ], + }, + { + name: 'time_zone', + default: undefined, + // Implimentation method is the same as that of date_histogram + serialize: () => undefined, + write: (agg, output) => { + const field = agg.getParam('field'); + let tz = agg.getParam('time_zone'); - if (!tz && field) { - tz = get(agg.getIndexPattern(), [ - 'typeMeta', - 'aggs', - 'date_range', - field.name, - 'time_zone', - ]); - } - if (!tz) { - const detectedTimezone = moment.tz.guess(); - const tzOffset = moment().format('Z'); - const isDefaultTimezone = uiSettings.isDefault('dateFormat:tz'); + if (!tz && field) { + tz = get(agg.getIndexPattern(), [ + 'typeMeta', + 'aggs', + 'date_range', + field.name, + 'time_zone', + ]); + } + if (!tz) { + const detectedTimezone = moment.tz.guess(); + const tzOffset = moment().format('Z'); + const isDefaultTimezone = uiSettings.isDefault('dateFormat:tz'); - tz = isDefaultTimezone ? detectedTimezone || tzOffset : uiSettings.get('dateFormat:tz'); - } - output.params.time_zone = tz; + tz = isDefaultTimezone + ? detectedTimezone || tzOffset + : uiSettings.get('dateFormat:tz'); + } + output.params.time_zone = tz; + }, }, - }, - ], - }); + ], + }, + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/filter.ts b/src/plugins/data/public/search/aggs/buckets/filter.ts index 80efc0cf92071..accbdf4dd783d 100644 --- a/src/plugins/data/public/search/aggs/buckets/filter.ts +++ b/src/plugins/data/public/search/aggs/buckets/filter.ts @@ -18,19 +18,28 @@ */ import { i18n } from '@kbn/i18n'; -import { BucketAggType } from './_bucket_agg_type'; +import { BucketAggType } from './bucket_agg_type'; import { BUCKET_TYPES } from './bucket_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; const filterTitle = i18n.translate('data.search.aggs.buckets.filterTitle', { defaultMessage: 'Filter', }); -export const filterBucketAgg = new BucketAggType({ - name: BUCKET_TYPES.FILTER, - title: filterTitle, - params: [ +export interface FilterBucketAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getFilterBucketAgg = ({ getInternalStartServices }: FilterBucketAggDependencies) => + new BucketAggType( { - name: 'geo_bounding_box', + name: BUCKET_TYPES.FILTER, + title: filterTitle, + params: [ + { + name: 'geo_bounding_box', + }, + ], }, - ], -}); + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/filters.ts b/src/plugins/data/public/search/aggs/buckets/filters.ts index 8b9aca87f8735..a42cb70a62b7d 100644 --- a/src/plugins/data/public/search/aggs/buckets/filters.ts +++ b/src/plugins/data/public/search/aggs/buckets/filters.ts @@ -23,11 +23,12 @@ import { IUiSettingsClient } from 'src/core/public'; import { createFilterFilters } from './create_filter/filters'; import { toAngularJSON } from '../utils'; -import { BucketAggType } from './_bucket_agg_type'; +import { BucketAggType } from './bucket_agg_type'; import { BUCKET_TYPES } from './bucket_agg_types'; import { Storage } from '../../../../../../plugins/kibana_utils/public'; import { getEsQueryConfig, buildEsQuery, Query } from '../../../../common'; import { getQueryLog } from '../../../query'; +import { GetInternalStartServicesFn } from '../../../types'; const filtersTitle = i18n.translate('data.search.aggs.buckets.filtersTitle', { defaultMessage: 'Filters', @@ -43,69 +44,81 @@ interface FilterValue { export interface FiltersBucketAggDependencies { uiSettings: IUiSettingsClient; + getInternalStartServices: GetInternalStartServicesFn; } -export const getFiltersBucketAgg = ({ uiSettings }: FiltersBucketAggDependencies) => - new BucketAggType({ - name: BUCKET_TYPES.FILTERS, - title: filtersTitle, - createFilter: createFilterFilters, - customLabels: false, - params: [ - { - name: 'filters', - default: [ - { input: { query: '', language: uiSettings.get('search:queryLanguage') }, label: '' }, - ], - write(aggConfig, output) { - const inFilters: FilterValue[] = aggConfig.params.filters; - if (!size(inFilters)) return; +export const getFiltersBucketAgg = ({ + uiSettings, + getInternalStartServices, +}: FiltersBucketAggDependencies) => + new BucketAggType( + { + name: BUCKET_TYPES.FILTERS, + title: filtersTitle, + createFilter: createFilterFilters, + customLabels: false, + params: [ + { + name: 'filters', + default: [ + { input: { query: '', language: uiSettings.get('search:queryLanguage') }, label: '' }, + ], + write(aggConfig, output) { + const inFilters: FilterValue[] = aggConfig.params.filters; + if (!size(inFilters)) return; - inFilters.forEach(filter => { - const persistedLog = getQueryLog( - uiSettings, - new Storage(window.localStorage), - 'vis_default_editor', - filter.input.language - ); - persistedLog.add(filter.input.query); - }); + inFilters.forEach(filter => { + const persistedLog = getQueryLog( + uiSettings, + new Storage(window.localStorage), + 'vis_default_editor', + filter.input.language + ); + persistedLog.add(filter.input.query); + }); - const outFilters = transform( - inFilters, - function(filters, filter) { - const input = cloneDeep(filter.input); + const outFilters = transform( + inFilters, + function(filters, filter) { + const input = cloneDeep(filter.input); - if (!input) { - console.log('malformed filter agg params, missing "input" query'); // eslint-disable-line no-console - return; - } + if (!input) { + console.log('malformed filter agg params, missing "input" query'); // eslint-disable-line no-console + return; + } - const esQueryConfigs = getEsQueryConfig(uiSettings); - const query = buildEsQuery(aggConfig.getIndexPattern(), [input], [], esQueryConfigs); + const esQueryConfigs = getEsQueryConfig(uiSettings); + const query = buildEsQuery( + aggConfig.getIndexPattern(), + [input], + [], + esQueryConfigs + ); - if (!query) { - console.log('malformed filter agg params, missing "query" on input'); // eslint-disable-line no-console - return; - } + if (!query) { + console.log('malformed filter agg params, missing "query" on input'); // eslint-disable-line no-console + return; + } - const matchAllLabel = filter.input.query === '' ? '*' : ''; - const label = - filter.label || - matchAllLabel || - (typeof filter.input.query === 'string' - ? filter.input.query - : toAngularJSON(filter.input.query)); - filters[label] = { query }; - }, - {} - ); + const matchAllLabel = filter.input.query === '' ? '*' : ''; + const label = + filter.label || + matchAllLabel || + (typeof filter.input.query === 'string' + ? filter.input.query + : toAngularJSON(filter.input.query)); + filters[label] = { query }; + }, + {} + ); - if (!size(outFilters)) return; + if (!size(outFilters)) return; - const params = output.params || (output.params = {}); - params.filters = outFilters; + const params = output.params || (output.params = {}); + params.filters = outFilters; + }, }, - }, - ], - }); + ], + }, + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/geo_hash.test.ts b/src/plugins/data/public/search/aggs/buckets/geo_hash.test.ts index 408cdf22bcbc2..24270dd33a576 100644 --- a/src/plugins/data/public/search/aggs/buckets/geo_hash.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/geo_hash.test.ts @@ -17,13 +17,29 @@ * under the License. */ -import { geoHashBucketAgg } from './geo_hash'; +import { getGeoHashBucketAgg, GeoHashBucketAggDependencies } from './geo_hash'; import { AggConfigs, IAggConfigs } from '../agg_configs'; import { mockAggTypesRegistry } from '../test_helpers'; import { BUCKET_TYPES } from './bucket_agg_types'; -import { IBucketAggConfig } from './_bucket_agg_type'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { BucketAggType, IBucketAggConfig } from './bucket_agg_type'; describe('Geohash Agg', () => { + let aggTypesDependencies: GeoHashBucketAggDependencies; + let geoHashBucketAgg: BucketAggType; + + beforeEach(() => { + aggTypesDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; + + geoHashBucketAgg = getGeoHashBucketAgg(aggTypesDependencies); + }); + const getAggConfigs = (params?: Record) => { const indexPattern = { id: '1234', @@ -74,7 +90,7 @@ describe('Geohash Agg', () => { precisionParam = geoHashBucketAgg.params[PRECISION_PARAM_INDEX]; }); - it('should select precision parameter', () => { + test('should select precision parameter', () => { expect(precisionParam.name).toEqual('precision'); }); }); @@ -89,7 +105,7 @@ describe('Geohash Agg', () => { geoHashGridAgg = aggConfigs.aggs[0] as IBucketAggConfig; }); - it('should create filter, geohash_grid, and geo_centroid aggregations', () => { + test('should create filter, geohash_grid, and geo_centroid aggregations', () => { const requestAggs = geoHashBucketAgg.getRequestAggs(geoHashGridAgg) as IBucketAggConfig[]; expect(requestAggs.length).toEqual(3); @@ -101,7 +117,7 @@ describe('Geohash Agg', () => { }); describe('aggregation options', () => { - it('should only create geohash_grid and geo_centroid aggregations when isFilteredByCollar is false', () => { + test('should only create geohash_grid and geo_centroid aggregations when isFilteredByCollar is false', () => { const aggConfigs = getAggConfigs({ isFilteredByCollar: false }); const requestAggs = geoHashBucketAgg.getRequestAggs( aggConfigs.aggs[0] as IBucketAggConfig @@ -112,7 +128,7 @@ describe('Geohash Agg', () => { expect(requestAggs[1].type.name).toEqual('geo_centroid'); }); - it('should only create filter and geohash_grid aggregations when useGeocentroid is false', () => { + test('should only create filter and geohash_grid aggregations when useGeocentroid is false', () => { const aggConfigs = getAggConfigs({ useGeocentroid: false }); const requestAggs = geoHashBucketAgg.getRequestAggs( aggConfigs.aggs[0] as IBucketAggConfig @@ -138,7 +154,7 @@ describe('Geohash Agg', () => { ) as IBucketAggConfig[]; }); - it('should change geo_bounding_box filter aggregation and vis session state when map movement is outside map collar', () => { + test('should change geo_bounding_box filter aggregation and vis session state when map movement is outside map collar', () => { const [, geoBoxingBox] = geoHashBucketAgg.getRequestAggs( getAggConfigs({ boundingBox: { @@ -151,7 +167,7 @@ describe('Geohash Agg', () => { expect(originalRequestAggs[1].params).not.toEqual(geoBoxingBox.params); }); - it('should not change geo_bounding_box filter aggregation and vis session state when map movement is within map collar', () => { + test('should not change geo_bounding_box filter aggregation and vis session state when map movement is within map collar', () => { const [, geoBoxingBox] = geoHashBucketAgg.getRequestAggs( getAggConfigs({ boundingBox: { diff --git a/src/plugins/data/public/search/aggs/buckets/geo_hash.ts b/src/plugins/data/public/search/aggs/buckets/geo_hash.ts index 3ffec09a84387..eab10edad60f6 100644 --- a/src/plugins/data/public/search/aggs/buckets/geo_hash.ts +++ b/src/plugins/data/public/search/aggs/buckets/geo_hash.ts @@ -18,9 +18,10 @@ */ import { i18n } from '@kbn/i18n'; -import { BucketAggType, IBucketAggConfig } from './_bucket_agg_type'; +import { BucketAggType, IBucketAggConfig } from './bucket_agg_type'; import { KBN_FIELD_TYPES } from '../../../../common'; import { BUCKET_TYPES } from './bucket_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; const defaultBoundingBox = { top_left: { lat: 1, lon: 1 }, @@ -33,83 +34,91 @@ const geohashGridTitle = i18n.translate('data.search.aggs.buckets.geohashGridTit defaultMessage: 'Geohash', }); -export const geoHashBucketAgg = new BucketAggType({ - name: BUCKET_TYPES.GEOHASH_GRID, - title: geohashGridTitle, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.GEO_POINT, - }, - { - name: 'autoPrecision', - default: true, - write: () => {}, - }, - { - name: 'precision', - default: defaultPrecision, - write(aggConfig, output) { - output.params.precision = aggConfig.params.precision; - }, - }, - { - name: 'useGeocentroid', - default: true, - write: () => {}, - }, - { - name: 'isFilteredByCollar', - default: true, - write: () => {}, - }, +export interface GeoHashBucketAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getGeoHashBucketAgg = ({ getInternalStartServices }: GeoHashBucketAggDependencies) => + new BucketAggType( { - name: 'boundingBox', - default: null, - write: () => {}, - }, - ], - getRequestAggs(agg) { - const aggs = []; - const params = agg.params; + name: BUCKET_TYPES.GEOHASH_GRID, + title: geohashGridTitle, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.GEO_POINT, + }, + { + name: 'autoPrecision', + default: true, + write: () => {}, + }, + { + name: 'precision', + default: defaultPrecision, + write(aggConfig, output) { + output.params.precision = aggConfig.params.precision; + }, + }, + { + name: 'useGeocentroid', + default: true, + write: () => {}, + }, + { + name: 'isFilteredByCollar', + default: true, + write: () => {}, + }, + { + name: 'boundingBox', + default: null, + write: () => {}, + }, + ], + getRequestAggs(agg) { + const aggs = []; + const params = agg.params; - if (params.isFilteredByCollar && agg.getField()) { - aggs.push( - agg.aggConfigs.createAggConfig( - { - type: 'filter', - id: 'filter_agg', - enabled: true, - params: { - geo_bounding_box: { - ignore_unmapped: true, - [agg.getField().name]: params.boundingBox || defaultBoundingBox, - }, - }, - } as any, - { addToAggConfigs: false } - ) - ); - } + if (params.isFilteredByCollar && agg.getField()) { + aggs.push( + agg.aggConfigs.createAggConfig( + { + type: 'filter', + id: 'filter_agg', + enabled: true, + params: { + geo_bounding_box: { + ignore_unmapped: true, + [agg.getField().name]: params.boundingBox || defaultBoundingBox, + }, + }, + } as any, + { addToAggConfigs: false } + ) + ); + } - aggs.push(agg); + aggs.push(agg); - if (params.useGeocentroid) { - aggs.push( - agg.aggConfigs.createAggConfig( - { - type: 'geo_centroid', - enabled: true, - params: { - field: agg.getField(), - }, - }, - { addToAggConfigs: false } - ) - ); - } + if (params.useGeocentroid) { + aggs.push( + agg.aggConfigs.createAggConfig( + { + type: 'geo_centroid', + enabled: true, + params: { + field: agg.getField(), + }, + }, + { addToAggConfigs: false } + ) + ); + } - return aggs; - }, -}); + return aggs; + }, + }, + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/geo_tile.ts b/src/plugins/data/public/search/aggs/buckets/geo_tile.ts index 759601fc0c180..c981e8400f9a1 100644 --- a/src/plugins/data/public/search/aggs/buckets/geo_tile.ts +++ b/src/plugins/data/public/search/aggs/buckets/geo_tile.ts @@ -20,53 +20,61 @@ import { i18n } from '@kbn/i18n'; import { noop } from 'lodash'; -import { BucketAggType } from './_bucket_agg_type'; +import { BucketAggType, IBucketAggConfig } from './bucket_agg_type'; import { BUCKET_TYPES } from './bucket_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; -import { IBucketAggConfig } from './_bucket_agg_type'; import { METRIC_TYPES } from '../metrics/metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface GeoTitleBucketAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const geotileGridTitle = i18n.translate('data.search.aggs.buckets.geotileGridTitle', { defaultMessage: 'Geotile', }); -export const geoTileBucketAgg = new BucketAggType({ - name: BUCKET_TYPES.GEOTILE_GRID, - title: geotileGridTitle, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.GEO_POINT, - }, +export const getGeoTitleBucketAgg = ({ getInternalStartServices }: GeoTitleBucketAggDependencies) => + new BucketAggType( { - name: 'useGeocentroid', - default: true, - write: noop, - }, - { - name: 'precision', - default: 0, - }, - ], - getRequestAggs(agg) { - const aggs = []; - const useGeocentroid = agg.getParam('useGeocentroid'); + name: BUCKET_TYPES.GEOTILE_GRID, + title: geotileGridTitle, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.GEO_POINT, + }, + { + name: 'useGeocentroid', + default: true, + write: noop, + }, + { + name: 'precision', + default: 0, + }, + ], + getRequestAggs(agg) { + const aggs = []; + const useGeocentroid = agg.getParam('useGeocentroid'); - aggs.push(agg); + aggs.push(agg); - if (useGeocentroid) { - const aggConfig = { - type: METRIC_TYPES.GEO_CENTROID, - enabled: true, - params: { - field: agg.getField(), - }, - }; + if (useGeocentroid) { + const aggConfig = { + type: METRIC_TYPES.GEO_CENTROID, + enabled: true, + params: { + field: agg.getField(), + }, + }; - aggs.push(agg.aggConfigs.createAggConfig(aggConfig, { addToAggConfigs: false })); - } + aggs.push(agg.aggConfigs.createAggConfig(aggConfig, { addToAggConfigs: false })); + } - return aggs as IBucketAggConfig[]; - }, -}); + return aggs as IBucketAggConfig[]; + }, + }, + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/histogram.test.ts b/src/plugins/data/public/search/aggs/buckets/histogram.test.ts index c61b4ff37935a..bbfc263df4268 100644 --- a/src/plugins/data/public/search/aggs/buckets/histogram.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/histogram.test.ts @@ -17,7 +17,7 @@ * under the License. */ -import { coreMock } from '../../../../../../../src/core/public/mocks'; +import { coreMock, notificationServiceMock } from '../../../../../../../src/core/public/mocks'; import { AggConfigs } from '../agg_configs'; import { mockAggTypesRegistry } from '../test_helpers'; import { BUCKET_TYPES } from './bucket_agg_types'; @@ -27,17 +27,21 @@ import { AutoBounds, HistogramBucketAggDependencies, } from './histogram'; -import { BucketAggType } from './_bucket_agg_type'; +import { BucketAggType } from './bucket_agg_type'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; describe('Histogram Agg', () => { let aggTypesDependencies: HistogramBucketAggDependencies; beforeEach(() => { - const { uiSettings, notifications } = coreMock.createSetup(); + const { uiSettings } = coreMock.createSetup(); aggTypesDependencies = { uiSettings, - notifications, + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), }; }); @@ -87,18 +91,18 @@ describe('Histogram Agg', () => { histogramType = getHistogramBucketAgg(aggTypesDependencies); }); - it('is ordered', () => { + test('is ordered', () => { expect(histogramType.ordered).toBeDefined(); }); - it('is not ordered by date', () => { + test('is not ordered by date', () => { expect(histogramType.ordered).not.toHaveProperty('date'); }); }); describe('params', () => { describe('intervalBase', () => { - it('should not be written to the DSL', () => { + test('should not be written to the DSL', () => { const aggConfigs = getAggConfigs({ intervalBase: 100, field: { @@ -112,7 +116,7 @@ describe('Histogram Agg', () => { }); describe('interval', () => { - it('accepts a whole number', () => { + test('accepts a whole number', () => { const params = getParams({ interval: 100, }); @@ -120,7 +124,7 @@ describe('Histogram Agg', () => { expect(params).toHaveProperty('interval', 100); }); - it('accepts a decimal number', function() { + test('accepts a decimal number', () => { const params = getParams({ interval: 0.1, }); @@ -128,7 +132,7 @@ describe('Histogram Agg', () => { expect(params).toHaveProperty('interval', 0.1); }); - it('accepts a decimal number string', function() { + test('accepts a decimal number string', () => { const params = getParams({ interval: '0.1', }); @@ -136,7 +140,7 @@ describe('Histogram Agg', () => { expect(params).toHaveProperty('interval', 0.1); }); - it('accepts a whole number string', function() { + test('accepts a whole number string', () => { const params = getParams({ interval: '10', }); @@ -144,7 +148,7 @@ describe('Histogram Agg', () => { expect(params).toHaveProperty('interval', 10); }); - it('fails on non-numeric values', function() { + test('fails on non-numeric values', () => { const params = getParams({ interval: [], }); @@ -181,7 +185,7 @@ describe('Histogram Agg', () => { return aggConfig.write(aggConfigs).params; }; - it('will respect the histogram:maxBars setting', () => { + test('will respect the histogram:maxBars setting', () => { const params = getInterval( 5, { interval: 5 }, @@ -194,19 +198,19 @@ describe('Histogram Agg', () => { expect(params).toHaveProperty('interval', 2000); }); - it('will return specified interval, if bars are below histogram:maxBars config', () => { + test('will return specified interval, if bars are below histogram:maxBars config', () => { const params = getInterval(100, { interval: 5 }); expect(params).toHaveProperty('interval', 5); }); - it('will set to intervalBase if interval is below base', () => { + test('will set to intervalBase if interval is below base', () => { const params = getInterval(1000, { interval: 3, intervalBase: 8 }); expect(params).toHaveProperty('interval', 8); }); - it('will round to nearest intervalBase multiple if interval is above base', () => { + test('will round to nearest intervalBase multiple if interval is above base', () => { const roundUp = getInterval(1000, { interval: 46, intervalBase: 10 }); expect(roundUp).toHaveProperty('interval', 50); @@ -214,13 +218,13 @@ describe('Histogram Agg', () => { expect(roundDown).toHaveProperty('interval', 40); }); - it('will not change interval if it is a multiple of base', () => { + test('will not change interval if it is a multiple of base', () => { const output = getInterval(1000, { interval: 35, intervalBase: 5 }); expect(output).toHaveProperty('interval', 35); }); - it('will round to intervalBase after scaling histogram:maxBars', () => { + test('will round to intervalBase after scaling histogram:maxBars', () => { const output = getInterval(100, { interval: 5, intervalBase: 6 }, { min: 0, max: 1000 }); // 100 buckets in 0 to 1000 would result in an interval of 10, so we should @@ -232,7 +236,7 @@ describe('Histogram Agg', () => { describe('min_doc_count', () => { let output: Record; - it('casts true values to 0', () => { + test('casts true values to 0', () => { output = getParams({ min_doc_count: true }); expect(output).toHaveProperty('min_doc_count', 0); @@ -246,7 +250,7 @@ describe('Histogram Agg', () => { expect(output).toHaveProperty('min_doc_count', 0); }); - it('writes 1 for falsy values', () => { + test('writes 1 for falsy values', () => { output = getParams({ min_doc_count: '' }); expect(output).toHaveProperty('min_doc_count', 1); @@ -258,8 +262,8 @@ describe('Histogram Agg', () => { }); }); - describe('extended_bounds', function() { - it('does not write when only eb.min is set', function() { + describe('extended_bounds', () => { + test('does not write when only eb.min is set', () => { const output = getParams({ has_extended_bounds: true, extended_bounds: { min: 0 }, @@ -267,7 +271,7 @@ describe('Histogram Agg', () => { expect(output).not.toHaveProperty('extended_bounds'); }); - it('does not write when only eb.max is set', function() { + test('does not write when only eb.max is set', () => { const output = getParams({ has_extended_bounds: true, extended_bounds: { max: 0 }, @@ -276,7 +280,7 @@ describe('Histogram Agg', () => { expect(output).not.toHaveProperty('extended_bounds'); }); - it('writes when both eb.min and eb.max are set', function() { + test('writes when both eb.min and eb.max are set', () => { const output = getParams({ has_extended_bounds: true, extended_bounds: { min: 99, max: 100 }, @@ -286,7 +290,7 @@ describe('Histogram Agg', () => { expect(output.extended_bounds).toHaveProperty('max', 100); }); - it('does not write when nothing is set', function() { + test('does not write when nothing is set', () => { const output = getParams({ has_extended_bounds: true, extended_bounds: {}, @@ -295,7 +299,7 @@ describe('Histogram Agg', () => { expect(output).not.toHaveProperty('extended_bounds'); }); - it('does not write when has_extended_bounds is false', function() { + test('does not write when has_extended_bounds is false', () => { const output = getParams({ has_extended_bounds: false, extended_bounds: { min: 99, max: 100 }, diff --git a/src/plugins/data/public/search/aggs/buckets/histogram.ts b/src/plugins/data/public/search/aggs/buckets/histogram.ts index bbffc0912bf0d..f8e8720d24ea9 100644 --- a/src/plugins/data/public/search/aggs/buckets/histogram.ts +++ b/src/plugins/data/public/search/aggs/buckets/histogram.ts @@ -19,12 +19,13 @@ import { get } from 'lodash'; import { i18n } from '@kbn/i18n'; -import { IUiSettingsClient, NotificationsSetup } from 'src/core/public'; +import { IUiSettingsClient } from 'src/core/public'; -import { BucketAggType, IBucketAggConfig } from './_bucket_agg_type'; +import { BucketAggType, IBucketAggConfig } from './bucket_agg_type'; import { createFilterHistogram } from './create_filter/histogram'; import { BUCKET_TYPES } from './bucket_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; export interface AutoBounds { min: number; @@ -33,7 +34,7 @@ export interface AutoBounds { export interface HistogramBucketAggDependencies { uiSettings: IUiSettingsClient; - notifications: NotificationsSetup; + getInternalStartServices: GetInternalStartServicesFn; } export interface IBucketHistogramAggConfig extends IBucketAggConfig { @@ -43,164 +44,167 @@ export interface IBucketHistogramAggConfig extends IBucketAggConfig { export const getHistogramBucketAgg = ({ uiSettings, - notifications, + getInternalStartServices, }: HistogramBucketAggDependencies) => - new BucketAggType({ - name: BUCKET_TYPES.HISTOGRAM, - title: i18n.translate('data.search.aggs.buckets.histogramTitle', { - defaultMessage: 'Histogram', - }), - ordered: {}, - makeLabel(aggConfig) { - return aggConfig.getFieldDisplayName(); - }, - createFilter: createFilterHistogram, - decorateAggConfig() { - let autoBounds: AutoBounds; - - return { - setAutoBounds: { - configurable: true, - value(newValue: AutoBounds) { - autoBounds = newValue; + new BucketAggType( + { + name: BUCKET_TYPES.HISTOGRAM, + title: i18n.translate('data.search.aggs.buckets.histogramTitle', { + defaultMessage: 'Histogram', + }), + ordered: {}, + makeLabel(aggConfig) { + return aggConfig.getFieldDisplayName(); + }, + createFilter: createFilterHistogram, + decorateAggConfig() { + let autoBounds: AutoBounds; + + return { + setAutoBounds: { + configurable: true, + value(newValue: AutoBounds) { + autoBounds = newValue; + }, }, - }, - getAutoBounds: { - configurable: true, - value() { - return autoBounds; + getAutoBounds: { + configurable: true, + value() { + return autoBounds; + }, }, - }, - }; - }, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.NUMBER, - }, - { - /* - * This parameter can be set if you want the auto scaled interval to always - * be a multiple of a specific base. - */ - name: 'intervalBase', - default: null, - write: () => {}, + }; }, - { - name: 'interval', - modifyAggConfigOnSearchRequestStart( - aggConfig: IBucketHistogramAggConfig, - searchSource: any, - options: any - ) { - const field = aggConfig.getField(); - const aggBody = field.scripted - ? { script: { source: field.script, lang: field.lang } } - : { field: field.name }; - - const childSearchSource = searchSource - .createChild() - .setField('size', 0) - .setField('aggs', { - maxAgg: { - max: aggBody, - }, - minAgg: { - min: aggBody, - }, - }); - - return childSearchSource - .fetch(options) - .then((resp: any) => { - aggConfig.setAutoBounds({ - min: get(resp, 'aggregations.minAgg.value'), - max: get(resp, 'aggregations.maxAgg.value'), - }); - }) - .catch((e: Error) => { - if (e.name === 'AbortError') return; - notifications.toasts.addWarning( - i18n.translate('data.search.aggs.histogram.missingMaxMinValuesWarning', { - defaultMessage: - 'Unable to retrieve max and min values to auto-scale histogram buckets. This may lead to poor visualization performance.', - }) - ); - }); + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.NUMBER, + }, + { + /* + * This parameter can be set if you want the auto scaled interval to always + * be a multiple of a specific base. + */ + name: 'intervalBase', + default: null, + write: () => {}, }, - write(aggConfig, output) { - let interval = parseFloat(aggConfig.params.interval); - if (interval <= 0) { - interval = 1; - } - const autoBounds = aggConfig.getAutoBounds(); - - // ensure interval does not create too many buckets and crash browser - if (autoBounds) { - const range = autoBounds.max - autoBounds.min; - const bars = range / interval; - - if (bars > uiSettings.get('histogram:maxBars')) { - const minInterval = range / uiSettings.get('histogram:maxBars'); - - // Round interval by order of magnitude to provide clean intervals - // Always round interval up so there will always be less buckets than histogram:maxBars - const orderOfMagnitude = Math.pow(10, Math.floor(Math.log10(minInterval))); - let roundInterval = orderOfMagnitude; - - while (roundInterval < minInterval) { - roundInterval += orderOfMagnitude; + { + name: 'interval', + modifyAggConfigOnSearchRequestStart( + aggConfig: IBucketHistogramAggConfig, + searchSource: any, + options: any + ) { + const field = aggConfig.getField(); + const aggBody = field.scripted + ? { script: { source: field.script, lang: field.lang } } + : { field: field.name }; + + const childSearchSource = searchSource + .createChild() + .setField('size', 0) + .setField('aggs', { + maxAgg: { + max: aggBody, + }, + minAgg: { + min: aggBody, + }, + }); + + return childSearchSource + .fetch(options) + .then((resp: any) => { + aggConfig.setAutoBounds({ + min: get(resp, 'aggregations.minAgg.value'), + max: get(resp, 'aggregations.maxAgg.value'), + }); + }) + .catch((e: Error) => { + if (e.name === 'AbortError') return; + getInternalStartServices().notifications.toasts.addWarning( + i18n.translate('data.search.aggs.histogram.missingMaxMinValuesWarning', { + defaultMessage: + 'Unable to retrieve max and min values to auto-scale histogram buckets. This may lead to poor visualization performance.', + }) + ); + }); + }, + write(aggConfig, output) { + let interval = parseFloat(aggConfig.params.interval); + if (interval <= 0) { + interval = 1; + } + const autoBounds = aggConfig.getAutoBounds(); + + // ensure interval does not create too many buckets and crash browser + if (autoBounds) { + const range = autoBounds.max - autoBounds.min; + const bars = range / interval; + + if (bars > uiSettings.get('histogram:maxBars')) { + const minInterval = range / uiSettings.get('histogram:maxBars'); + + // Round interval by order of magnitude to provide clean intervals + // Always round interval up so there will always be less buckets than histogram:maxBars + const orderOfMagnitude = Math.pow(10, Math.floor(Math.log10(minInterval))); + let roundInterval = orderOfMagnitude; + + while (roundInterval < minInterval) { + roundInterval += orderOfMagnitude; + } + interval = roundInterval; } - interval = roundInterval; } - } - const base = aggConfig.params.intervalBase; - - if (base) { - if (interval < base) { - // In case the specified interval is below the base, just increase it to it's base - interval = base; - } else if (interval % base !== 0) { - // In case the interval is not a multiple of the base round it to the next base - interval = Math.round(interval / base) * base; + const base = aggConfig.params.intervalBase; + + if (base) { + if (interval < base) { + // In case the specified interval is below the base, just increase it to it's base + interval = base; + } else if (interval % base !== 0) { + // In case the interval is not a multiple of the base round it to the next base + interval = Math.round(interval / base) * base; + } } - } - output.params.interval = interval; + output.params.interval = interval; + }, }, - }, - { - name: 'min_doc_count', - default: false, - write(aggConfig, output) { - if (aggConfig.params.min_doc_count) { - output.params.min_doc_count = 0; - } else { - output.params.min_doc_count = 1; - } + { + name: 'min_doc_count', + default: false, + write(aggConfig, output) { + if (aggConfig.params.min_doc_count) { + output.params.min_doc_count = 0; + } else { + output.params.min_doc_count = 1; + } + }, }, - }, - { - name: 'has_extended_bounds', - default: false, - write: () => {}, - }, - { - name: 'extended_bounds', - default: { - min: '', - max: '', + { + name: 'has_extended_bounds', + default: false, + write: () => {}, }, - write(aggConfig, output) { - const { min, max } = aggConfig.params.extended_bounds; + { + name: 'extended_bounds', + default: { + min: '', + max: '', + }, + write(aggConfig, output) { + const { min, max } = aggConfig.params.extended_bounds; - if (aggConfig.params.has_extended_bounds && (min || min === 0) && (max || max === 0)) { - output.params.extended_bounds = { min, max }; - } + if (aggConfig.params.has_extended_bounds && (min || min === 0) && (max || max === 0)) { + output.params.extended_bounds = { min, max }; + } + }, + shouldShow: (aggConfig: IBucketAggConfig) => aggConfig.params.has_extended_bounds, }, - shouldShow: (aggConfig: IBucketAggConfig) => aggConfig.params.has_extended_bounds, - }, - ], - }); + ], + }, + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/ip_range.ts b/src/plugins/data/public/search/aggs/buckets/ip_range.ts index da6866d40a52f..bde347d6e673d 100644 --- a/src/plugins/data/public/search/aggs/buckets/ip_range.ts +++ b/src/plugins/data/public/search/aggs/buckets/ip_range.ts @@ -19,77 +19,85 @@ import { noop, map, omit, isNull } from 'lodash'; import { i18n } from '@kbn/i18n'; -import { BucketAggType } from './_bucket_agg_type'; +import { BucketAggType } from './bucket_agg_type'; import { BUCKET_TYPES } from './bucket_agg_types'; import { createFilterIpRange } from './create_filter/ip_range'; import { IpRangeKey, convertIPRangeToString } from './lib/ip_range'; import { KBN_FIELD_TYPES, FieldFormat, TEXT_CONTEXT_TYPE } from '../../../../common'; -import { getFieldFormats } from '../../../../public/services'; +import { GetInternalStartServicesFn } from '../../../types'; const ipRangeTitle = i18n.translate('data.search.aggs.buckets.ipRangeTitle', { defaultMessage: 'IPv4 Range', }); -export const ipRangeBucketAgg = new BucketAggType({ - name: BUCKET_TYPES.IP_RANGE, - title: ipRangeTitle, - createFilter: createFilterIpRange, - getKey(bucket, key, agg): IpRangeKey { - if (agg.params.ipRangeType === 'mask') { - return { type: 'mask', mask: key }; - } - return { type: 'range', from: bucket.from, to: bucket.to }; - }, - getFormat(agg) { - const fieldFormatsService = getFieldFormats(); - const formatter = agg.fieldOwnFormatter( - TEXT_CONTEXT_TYPE, - fieldFormatsService.getDefaultInstance(KBN_FIELD_TYPES.IP) - ); - const IpRangeFormat = FieldFormat.from(function(range: IpRangeKey) { - return convertIPRangeToString(range, formatter); - }); - return new IpRangeFormat(); - }, - makeLabel(aggConfig) { - return i18n.translate('data.search.aggs.buckets.ipRangeLabel', { - defaultMessage: '{fieldName} IP ranges', - values: { - fieldName: aggConfig.getFieldDisplayName(), - }, - }); - }, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.IP, - }, - { - name: 'ipRangeType', - default: 'fromTo', - write: noop, - }, +export interface IpRangeBucketAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getIpRangeBucketAgg = ({ getInternalStartServices }: IpRangeBucketAggDependencies) => + new BucketAggType( { - name: 'ranges', - default: { - fromTo: [ - { from: '0.0.0.0', to: '127.255.255.255' }, - { from: '128.0.0.0', to: '191.255.255.255' }, - ], - mask: [{ mask: '0.0.0.0/1' }, { mask: '128.0.0.0/2' }], + name: BUCKET_TYPES.IP_RANGE, + title: ipRangeTitle, + createFilter: createFilterIpRange, + getKey(bucket, key, agg): IpRangeKey { + if (agg.params.ipRangeType === 'mask') { + return { type: 'mask', mask: key }; + } + return { type: 'range', from: bucket.from, to: bucket.to }; + }, + getFormat(agg) { + const { fieldFormats } = getInternalStartServices(); + const formatter = agg.fieldOwnFormatter( + TEXT_CONTEXT_TYPE, + fieldFormats.getDefaultInstance(KBN_FIELD_TYPES.IP) + ); + const IpRangeFormat = FieldFormat.from(function(range: IpRangeKey) { + return convertIPRangeToString(range, formatter); + }); + return new IpRangeFormat(); + }, + makeLabel(aggConfig) { + return i18n.translate('data.search.aggs.buckets.ipRangeLabel', { + defaultMessage: '{fieldName} IP ranges', + values: { + fieldName: aggConfig.getFieldDisplayName(), + }, + }); }, - write(aggConfig, output) { - const ipRangeType = aggConfig.params.ipRangeType; - let ranges = aggConfig.params.ranges[ipRangeType]; + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.IP, + }, + { + name: 'ipRangeType', + default: 'fromTo', + write: noop, + }, + { + name: 'ranges', + default: { + fromTo: [ + { from: '0.0.0.0', to: '127.255.255.255' }, + { from: '128.0.0.0', to: '191.255.255.255' }, + ], + mask: [{ mask: '0.0.0.0/1' }, { mask: '128.0.0.0/2' }], + }, + write(aggConfig, output) { + const ipRangeType = aggConfig.params.ipRangeType; + let ranges = aggConfig.params.ranges[ipRangeType]; - if (ipRangeType === 'fromTo') { - ranges = map(ranges, (range: any) => omit(range, isNull)); - } + if (ipRangeType === 'fromTo') { + ranges = map(ranges, (range: any) => omit(range, isNull)); + } - output.params.ranges = ranges; - }, + output.params.ranges = ranges; + }, + }, + ], }, - ], -}); + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/migrate_include_exclude_format.ts b/src/plugins/data/public/search/aggs/buckets/migrate_include_exclude_format.ts index d94477b588f8d..0beeb1c372275 100644 --- a/src/plugins/data/public/search/aggs/buckets/migrate_include_exclude_format.ts +++ b/src/plugins/data/public/search/aggs/buckets/migrate_include_exclude_format.ts @@ -18,7 +18,7 @@ */ import { isString, isObject } from 'lodash'; -import { IBucketAggConfig, BucketAggType, BucketAggParam } from './_bucket_agg_type'; +import { IBucketAggConfig, BucketAggType, BucketAggParam } from './bucket_agg_type'; import { IAggConfig } from '../agg_config'; export const isType = (type: string) => { diff --git a/src/plugins/data/public/search/aggs/buckets/range.test.ts b/src/plugins/data/public/search/aggs/buckets/range.test.ts index bf3711543ae88..a1f0ab6a2326a 100644 --- a/src/plugins/data/public/search/aggs/buckets/range.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/range.test.ts @@ -17,11 +17,13 @@ * under the License. */ -import { rangeBucketAgg } from './range'; +import { getRangeBucketAgg, RangeBucketAggDependencies } from './range'; import { AggConfigs } from '../agg_configs'; import { mockDataServices, mockAggTypesRegistry } from '../test_helpers'; import { BUCKET_TYPES } from './bucket_agg_types'; import { FieldFormatsGetConfigFn, NumberFormat } from '../../../../common'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; const buckets = [ { @@ -44,7 +46,16 @@ const buckets = [ ]; describe('Range Agg', () => { + let aggTypesDependencies: RangeBucketAggDependencies; + beforeEach(() => { + aggTypesDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; + mockDataServices(); }); @@ -84,15 +95,14 @@ describe('Range Agg', () => { }, }, ], - { typesRegistry: mockAggTypesRegistry([rangeBucketAgg]) } + { typesRegistry: mockAggTypesRegistry([getRangeBucketAgg(aggTypesDependencies)]) } ); }; describe('formating', () => { - it('formats bucket keys properly', () => { + test('formats bucket keys properly', () => { const aggConfigs = getAggConfigs(); const agg = aggConfigs.aggs[0]; - const format = (val: any) => agg.fieldFormatter()(agg.getKey(val)); expect(format(buckets[0])).toBe('≥ -∞ and < 1 KB'); diff --git a/src/plugins/data/public/search/aggs/buckets/range.ts b/src/plugins/data/public/search/aggs/buckets/range.ts index 036a0d4c1e8da..2c1303814a88a 100644 --- a/src/plugins/data/public/search/aggs/buckets/range.ts +++ b/src/plugins/data/public/search/aggs/buckets/range.ts @@ -18,11 +18,12 @@ */ import { i18n } from '@kbn/i18n'; -import { BucketAggType } from './_bucket_agg_type'; +import { BucketAggType } from './bucket_agg_type'; import { FieldFormat, KBN_FIELD_TYPES } from '../../../../common'; import { RangeKey } from './range_key'; import { createFilterRange } from './create_filter/range'; import { BUCKET_TYPES } from './bucket_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; const keyCaches = new WeakMap(); const formats = new WeakMap(); @@ -31,76 +32,84 @@ const rangeTitle = i18n.translate('data.search.aggs.buckets.rangeTitle', { defaultMessage: 'Range', }); -export const rangeBucketAgg = new BucketAggType({ - name: BUCKET_TYPES.RANGE, - title: rangeTitle, - createFilter: createFilterRange, - makeLabel(aggConfig) { - return i18n.translate('data.search.aggs.aggTypesLabel', { - defaultMessage: '{fieldName} ranges', - values: { - fieldName: aggConfig.getFieldDisplayName(), +export interface RangeBucketAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getRangeBucketAgg = ({ getInternalStartServices }: RangeBucketAggDependencies) => + new BucketAggType( + { + name: BUCKET_TYPES.RANGE, + title: rangeTitle, + createFilter: createFilterRange, + makeLabel(aggConfig) { + return i18n.translate('data.search.aggs.aggTypesLabel', { + defaultMessage: '{fieldName} ranges', + values: { + fieldName: aggConfig.getFieldDisplayName(), + }, + }); }, - }); - }, - getKey(bucket, key, agg) { - let keys = keyCaches.get(agg); + getKey(bucket, key, agg) { + let keys = keyCaches.get(agg); - if (!keys) { - keys = new Map(); - keyCaches.set(agg, keys); - } + if (!keys) { + keys = new Map(); + keyCaches.set(agg, keys); + } - const id = RangeKey.idBucket(bucket); + const id = RangeKey.idBucket(bucket); - key = keys.get(id); - if (!key) { - key = new RangeKey(bucket); - keys.set(id, key); - } + key = keys.get(id); + if (!key) { + key = new RangeKey(bucket); + keys.set(id, key); + } - return key; - }, - getFormat(agg) { - let aggFormat = formats.get(agg); - if (aggFormat) return aggFormat; + return key; + }, + getFormat(agg) { + let aggFormat = formats.get(agg); + if (aggFormat) return aggFormat; - const RangeFormat = FieldFormat.from((range: any) => { - const format = agg.fieldOwnFormatter(); - const gte = '\u2265'; - const lt = '\u003c'; - return i18n.translate('data.search.aggs.aggTypes.rangesFormatMessage', { - defaultMessage: '{gte} {from} and {lt} {to}', - values: { - gte, - from: format(range.gte), - lt, - to: format(range.lt), - }, - }); - }); + const RangeFormat = FieldFormat.from((range: any) => { + const format = agg.fieldOwnFormatter(); + const gte = '\u2265'; + const lt = '\u003c'; + return i18n.translate('data.search.aggs.aggTypes.rangesFormatMessage', { + defaultMessage: '{gte} {from} and {lt} {to}', + values: { + gte, + from: format(range.gte), + lt, + to: format(range.lt), + }, + }); + }); - aggFormat = new RangeFormat(); + aggFormat = new RangeFormat(); - formats.set(agg, aggFormat); - return aggFormat; - }, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: [KBN_FIELD_TYPES.NUMBER], - }, - { - name: 'ranges', - default: [ - { from: 0, to: 1000 }, - { from: 1000, to: 2000 }, - ], - write(aggConfig, output) { - output.params.ranges = aggConfig.params.ranges; - output.params.keyed = true; + formats.set(agg, aggFormat); + return aggFormat; }, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: [KBN_FIELD_TYPES.NUMBER], + }, + { + name: 'ranges', + default: [ + { from: 0, to: 1000 }, + { from: 1000, to: 2000 }, + ], + write(aggConfig, output) { + output.params.ranges = aggConfig.params.ranges; + output.params.keyed = true; + }, + }, + ], }, - ], -}); + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/significant_terms.test.ts b/src/plugins/data/public/search/aggs/buckets/significant_terms.test.ts index 1c221126c35e0..761d0ced6a114 100644 --- a/src/plugins/data/public/search/aggs/buckets/significant_terms.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/significant_terms.test.ts @@ -20,12 +20,27 @@ import { AggConfigs, IAggConfigs } from '../agg_configs'; import { mockAggTypesRegistry } from '../test_helpers'; import { BUCKET_TYPES } from './bucket_agg_types'; -import { significantTermsBucketAgg } from './significant_terms'; -import { IBucketAggConfig } from './_bucket_agg_type'; +import { + getSignificantTermsBucketAgg, + SignificantTermsBucketAggDependencies, +} from './significant_terms'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('Significant Terms Agg', () => { describe('order agg editor UI', () => { describe('convert include/exclude from old format', () => { + let aggTypesDependencies: SignificantTermsBucketAggDependencies; + + beforeEach(() => { + aggTypesDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; + }); + const getAggConfigs = (params: Record = {}) => { const indexPattern = { id: '1234', @@ -51,7 +66,11 @@ describe('Significant Terms Agg', () => { params, }, ], - { typesRegistry: mockAggTypesRegistry([significantTermsBucketAgg]) } + { + typesRegistry: mockAggTypesRegistry([ + getSignificantTermsBucketAgg(aggTypesDependencies), + ]), + } ); }; @@ -64,19 +83,19 @@ describe('Significant Terms Agg', () => { expect(params.exclude).toBe('400'); }; - it('should generate correct label', () => { + test('should generate correct label', () => { const aggConfigs = getAggConfigs({ size: 'SIZE', field: { name: 'FIELD', }, }); - const label = significantTermsBucketAgg.makeLabel(aggConfigs.aggs[0] as IBucketAggConfig); + const label = aggConfigs.aggs[0].makeLabel(); expect(label).toBe('Top SIZE unusual terms in FIELD'); }); - it('should doesnt do anything with string type', () => { + test('should doesnt do anything with string type', () => { const aggConfigs = getAggConfigs({ include: '404', exclude: '400', @@ -89,7 +108,7 @@ describe('Significant Terms Agg', () => { testSerializeAndWrite(aggConfigs); }); - it('should converts object to string type', () => { + test('should converts object to string type', () => { const aggConfigs = getAggConfigs({ include: { pattern: '404', diff --git a/src/plugins/data/public/search/aggs/buckets/significant_terms.ts b/src/plugins/data/public/search/aggs/buckets/significant_terms.ts index f12ebe58e2de2..49d797f3afbc9 100644 --- a/src/plugins/data/public/search/aggs/buckets/significant_terms.ts +++ b/src/plugins/data/public/search/aggs/buckets/significant_terms.ts @@ -18,59 +18,72 @@ */ import { i18n } from '@kbn/i18n'; -import { BucketAggType } from './_bucket_agg_type'; +import { BucketAggType } from './bucket_agg_type'; import { createFilterTerms } from './create_filter/terms'; import { isStringType, migrateIncludeExcludeFormat } from './migrate_include_exclude_format'; import { BUCKET_TYPES } from './bucket_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; const significantTermsTitle = i18n.translate('data.search.aggs.buckets.significantTermsTitle', { defaultMessage: 'Significant Terms', }); -export const significantTermsBucketAgg = new BucketAggType({ - name: BUCKET_TYPES.SIGNIFICANT_TERMS, - title: significantTermsTitle, - makeLabel(aggConfig) { - return i18n.translate('data.search.aggs.buckets.significantTermsLabel', { - defaultMessage: 'Top {size} unusual terms in {fieldName}', - values: { - size: aggConfig.params.size, - fieldName: aggConfig.getFieldDisplayName(), - }, - }); - }, - createFilter: createFilterTerms, - params: [ - { - name: 'field', - type: 'field', - scriptable: false, - filterFieldTypes: KBN_FIELD_TYPES.STRING, - }, - { - name: 'size', - default: '', - }, +export interface SignificantTermsBucketAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getSignificantTermsBucketAgg = ({ + getInternalStartServices, +}: SignificantTermsBucketAggDependencies) => + new BucketAggType( { - name: 'exclude', - displayName: i18n.translate('data.search.aggs.buckets.significantTerms.excludeLabel', { - defaultMessage: 'Exclude', - }), - type: 'string', - advanced: true, - shouldShow: isStringType, - ...migrateIncludeExcludeFormat, + name: BUCKET_TYPES.SIGNIFICANT_TERMS, + title: significantTermsTitle, + makeLabel(aggConfig) { + return i18n.translate('data.search.aggs.buckets.significantTermsLabel', { + defaultMessage: 'Top {size} unusual terms in {fieldName}', + values: { + size: aggConfig.params.size, + fieldName: aggConfig.getFieldDisplayName(), + }, + }); + }, + createFilter: createFilterTerms, + params: [ + { + name: 'field', + type: 'field', + scriptable: false, + filterFieldTypes: KBN_FIELD_TYPES.STRING, + }, + { + name: 'size', + default: '', + }, + { + name: 'exclude', + displayName: i18n.translate('data.search.aggs.buckets.significantTerms.excludeLabel', { + defaultMessage: 'Exclude', + }), + type: 'string', + advanced: true, + shouldShow: isStringType, + ...migrateIncludeExcludeFormat, + }, + { + name: 'include', + displayName: i18n.translate('data.search.aggs.buckets.significantTerms.includeLabel', { + defaultMessage: 'Include', + }), + type: 'string', + advanced: true, + shouldShow: isStringType, + ...migrateIncludeExcludeFormat, + }, + ], }, { - name: 'include', - displayName: i18n.translate('data.search.aggs.buckets.significantTerms.includeLabel', { - defaultMessage: 'Include', - }), - type: 'string', - advanced: true, - shouldShow: isStringType, - ...migrateIncludeExcludeFormat, - }, - ], -}); + getInternalStartServices, + } + ); diff --git a/src/plugins/data/public/search/aggs/buckets/terms.test.ts b/src/plugins/data/public/search/aggs/buckets/terms.test.ts index 280d78f6620bd..5afe7d0b0c35c 100644 --- a/src/plugins/data/public/search/aggs/buckets/terms.test.ts +++ b/src/plugins/data/public/search/aggs/buckets/terms.test.ts @@ -51,7 +51,7 @@ describe('Terms Agg', () => { ); }; - it('converts object to string type', function() { + test('converts object to string type', () => { const aggConfigs = getAggConfigs({ include: { pattern: '404', diff --git a/src/plugins/data/public/search/aggs/buckets/terms.ts b/src/plugins/data/public/search/aggs/buckets/terms.ts index 813c657934a76..5baa38af0e8d6 100644 --- a/src/plugins/data/public/search/aggs/buckets/terms.ts +++ b/src/plugins/data/public/search/aggs/buckets/terms.ts @@ -19,9 +19,8 @@ import { noop } from 'lodash'; import { i18n } from '@kbn/i18n'; -import { BucketAggType } from './_bucket_agg_type'; +import { BucketAggType, IBucketAggConfig } from './bucket_agg_type'; import { BUCKET_TYPES } from './bucket_agg_types'; -import { IBucketAggConfig } from './_bucket_agg_type'; import { createFilterTerms } from './create_filter/terms'; import { isStringType, migrateIncludeExcludeFormat } from './migrate_include_exclude_format'; import { IAggConfigs } from '../agg_configs'; @@ -36,6 +35,7 @@ import { mergeOtherBucketAggResponse, updateMissingBucket, } from './_terms_other_bucket_helper'; +import { GetInternalStartServicesFn } from '../../../types'; export const termsAggFilter = [ '!top_hits', @@ -56,220 +56,230 @@ const termsTitle = i18n.translate('data.search.aggs.buckets.termsTitle', { defaultMessage: 'Terms', }); -export const termsBucketAgg = new BucketAggType({ - name: BUCKET_TYPES.TERMS, - title: termsTitle, - makeLabel(agg) { - const params = agg.params; - return agg.getFieldDisplayName() + ': ' + params.order.text; - }, - getFormat(bucket): IFieldFormat { - return { - getConverterFor: (type: FieldFormatsContentType) => { - return (val: any) => { - if (val === '__other__') { - return bucket.params.otherBucketLabel; - } - if (val === '__missing__') { - return bucket.params.missingBucketLabel; - } +export interface TermsBucketAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} - return bucket.params.field.format.convert(val, type); - }; +export const getTermsBucketAgg = ({ getInternalStartServices }: TermsBucketAggDependencies) => + new BucketAggType( + { + name: BUCKET_TYPES.TERMS, + title: termsTitle, + makeLabel(agg) { + const params = agg.params; + return agg.getFieldDisplayName() + ': ' + params.order.text; }, - } as IFieldFormat; - }, - createFilter: createFilterTerms, - postFlightRequest: async ( - resp: any, - aggConfigs: IAggConfigs, - aggConfig: IBucketAggConfig, - searchSource: ISearchSource, - inspectorAdapters: Adapters, - abortSignal?: AbortSignal - ) => { - if (!resp.aggregations) return resp; - const nestedSearchSource = searchSource.createChild(); - if (aggConfig.params.otherBucket) { - const filterAgg = buildOtherBucketAgg(aggConfigs, aggConfig, resp); - if (!filterAgg) return resp; + getFormat(bucket): IFieldFormat { + return { + getConverterFor: (type: FieldFormatsContentType) => { + return (val: any) => { + if (val === '__other__') { + return bucket.params.otherBucketLabel; + } + if (val === '__missing__') { + return bucket.params.missingBucketLabel; + } - nestedSearchSource.setField('aggs', filterAgg); + return bucket.params.field.format.convert(val, type); + }; + }, + } as IFieldFormat; + }, + createFilter: createFilterTerms, + postFlightRequest: async ( + resp: any, + aggConfigs: IAggConfigs, + aggConfig: IBucketAggConfig, + searchSource: ISearchSource, + inspectorAdapters: Adapters, + abortSignal?: AbortSignal + ) => { + if (!resp.aggregations) return resp; + const nestedSearchSource = searchSource.createChild(); + if (aggConfig.params.otherBucket) { + const filterAgg = buildOtherBucketAgg(aggConfigs, aggConfig, resp); + if (!filterAgg) return resp; - const request = inspectorAdapters.requests.start( - i18n.translate('data.search.aggs.buckets.terms.otherBucketTitle', { - defaultMessage: 'Other bucket', - }), - { - description: i18n.translate('data.search.aggs.buckets.terms.otherBucketDescription', { - defaultMessage: - 'This request counts the number of documents that fall ' + - 'outside the criterion of the data buckets.', - }), - } - ); - nestedSearchSource.getSearchRequestBody().then((body: string) => { - request.json(body); - }); - request.stats(getRequestInspectorStats(nestedSearchSource)); + nestedSearchSource.setField('aggs', filterAgg); - const response = await nestedSearchSource.fetch({ abortSignal }); - request.stats(getResponseInspectorStats(nestedSearchSource, response)).ok({ json: response }); - resp = mergeOtherBucketAggResponse(aggConfigs, resp, response, aggConfig, filterAgg()); - } - if (aggConfig.params.missingBucket) { - resp = updateMissingBucket(resp, aggConfigs, aggConfig); - } - return resp; - }, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: [ - KBN_FIELD_TYPES.NUMBER, - KBN_FIELD_TYPES.BOOLEAN, - KBN_FIELD_TYPES.DATE, - KBN_FIELD_TYPES.IP, - KBN_FIELD_TYPES.STRING, - ], - }, - { - name: 'orderBy', - write: noop, // prevent default write, it's handled by orderAgg - }, - { - name: 'orderAgg', - type: 'agg', - allowedAggs: termsAggFilter, - default: null, - makeAgg(termsAgg, state) { - state = state || {}; - state.schema = 'orderAgg'; - const orderAgg = termsAgg.aggConfigs.createAggConfig(state, { - addToAggConfigs: false, - }); - orderAgg.id = termsAgg.id + '-orderAgg'; + const request = inspectorAdapters.requests.start( + i18n.translate('data.search.aggs.buckets.terms.otherBucketTitle', { + defaultMessage: 'Other bucket', + }), + { + description: i18n.translate('data.search.aggs.buckets.terms.otherBucketDescription', { + defaultMessage: + 'This request counts the number of documents that fall ' + + 'outside the criterion of the data buckets.', + }), + } + ); + nestedSearchSource.getSearchRequestBody().then((body: string) => { + request.json(body); + }); + request.stats(getRequestInspectorStats(nestedSearchSource)); - return orderAgg; + const response = await nestedSearchSource.fetch({ abortSignal }); + request + .stats(getResponseInspectorStats(nestedSearchSource, response)) + .ok({ json: response }); + resp = mergeOtherBucketAggResponse(aggConfigs, resp, response, aggConfig, filterAgg()); + } + if (aggConfig.params.missingBucket) { + resp = updateMissingBucket(resp, aggConfigs, aggConfig); + } + return resp; }, - write(agg, output, aggs) { - const dir = agg.params.order.value; - const order: Record = (output.params.order = {}); + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: [ + KBN_FIELD_TYPES.NUMBER, + KBN_FIELD_TYPES.BOOLEAN, + KBN_FIELD_TYPES.DATE, + KBN_FIELD_TYPES.IP, + KBN_FIELD_TYPES.STRING, + ], + }, + { + name: 'orderBy', + write: noop, // prevent default write, it's handled by orderAgg + }, + { + name: 'orderAgg', + type: 'agg', + allowedAggs: termsAggFilter, + default: null, + makeAgg(termsAgg, state) { + state = state || {}; + state.schema = 'orderAgg'; + const orderAgg = termsAgg.aggConfigs.createAggConfig(state, { + addToAggConfigs: false, + }); + orderAgg.id = termsAgg.id + '-orderAgg'; - let orderAgg = agg.params.orderAgg || aggs!.getResponseAggById(agg.params.orderBy); + return orderAgg; + }, + write(agg, output, aggs) { + const dir = agg.params.order.value; + const order: Record = (output.params.order = {}); - // TODO: This works around an Elasticsearch bug the always casts terms agg scripts to strings - // thus causing issues with filtering. This probably causes other issues since float might not - // be able to contain the number on the elasticsearch side - if (output.params.script) { - output.params.value_type = - agg.getField().type === 'number' ? 'float' : agg.getField().type; - } + let orderAgg = agg.params.orderAgg || aggs!.getResponseAggById(agg.params.orderBy); - if (agg.params.missingBucket && agg.params.field.type === 'string') { - output.params.missing = '__missing__'; - } + // TODO: This works around an Elasticsearch bug the always casts terms agg scripts to strings + // thus causing issues with filtering. This probably causes other issues since float might not + // be able to contain the number on the elasticsearch side + if (output.params.script) { + output.params.value_type = + agg.getField().type === 'number' ? 'float' : agg.getField().type; + } - if (!orderAgg) { - order[agg.params.orderBy || '_count'] = dir; - return; - } + if (agg.params.missingBucket && agg.params.field.type === 'string') { + output.params.missing = '__missing__'; + } - if (orderAgg.type.name === 'count') { - order._count = dir; - return; - } + if (!orderAgg) { + order[agg.params.orderBy || '_count'] = dir; + return; + } - const orderAggId = orderAgg.id; + if (orderAgg.type.name === 'count') { + order._count = dir; + return; + } - if (orderAgg.parentId && aggs) { - orderAgg = aggs.byId(orderAgg.parentId); - } + const orderAggId = orderAgg.id; - output.subAggs = (output.subAggs || []).concat(orderAgg); - order[orderAggId] = dir; - }, - }, - { - name: 'order', - type: 'optioned', - default: 'desc', - options: [ + if (orderAgg.parentId && aggs) { + orderAgg = aggs.byId(orderAgg.parentId); + } + + output.subAggs = (output.subAggs || []).concat(orderAgg); + order[orderAggId] = dir; + }, + }, { - text: i18n.translate('data.search.aggs.buckets.terms.orderDescendingTitle', { - defaultMessage: 'Descending', + name: 'order', + type: 'optioned', + default: 'desc', + options: [ + { + text: i18n.translate('data.search.aggs.buckets.terms.orderDescendingTitle', { + defaultMessage: 'Descending', + }), + value: 'desc', + }, + { + text: i18n.translate('data.search.aggs.buckets.terms.orderAscendingTitle', { + defaultMessage: 'Ascending', + }), + value: 'asc', + }, + ], + write: noop, // prevent default write, it's handled by orderAgg + }, + { + name: 'size', + default: 5, + }, + { + name: 'otherBucket', + default: false, + write: noop, + }, + { + name: 'otherBucketLabel', + type: 'string', + default: i18n.translate('data.search.aggs.buckets.terms.otherBucketLabel', { + defaultMessage: 'Other', + }), + displayName: i18n.translate('data.search.aggs.otherBucket.labelForOtherBucketLabel', { + defaultMessage: 'Label for other bucket', }), - value: 'desc', + shouldShow: agg => agg.getParam('otherBucket'), + write: noop, }, { - text: i18n.translate('data.search.aggs.buckets.terms.orderAscendingTitle', { - defaultMessage: 'Ascending', + name: 'missingBucket', + default: false, + write: noop, + }, + { + name: 'missingBucketLabel', + default: i18n.translate('data.search.aggs.buckets.terms.missingBucketLabel', { + defaultMessage: 'Missing', + description: `Default label used in charts when documents are missing a field. + Visible when you create a chart with a terms aggregation and enable "Show missing values"`, + }), + type: 'string', + displayName: i18n.translate('data.search.aggs.otherBucket.labelForMissingValuesLabel', { + defaultMessage: 'Label for missing values', }), - value: 'asc', + shouldShow: agg => agg.getParam('missingBucket'), + write: noop, + }, + { + name: 'exclude', + displayName: i18n.translate('data.search.aggs.buckets.terms.excludeLabel', { + defaultMessage: 'Exclude', + }), + type: 'string', + advanced: true, + shouldShow: isStringType, + ...migrateIncludeExcludeFormat, + }, + { + name: 'include', + displayName: i18n.translate('data.search.aggs.buckets.terms.includeLabel', { + defaultMessage: 'Include', + }), + type: 'string', + advanced: true, + shouldShow: isStringType, + ...migrateIncludeExcludeFormat, }, ], - write: noop, // prevent default write, it's handled by orderAgg - }, - { - name: 'size', - default: 5, - }, - { - name: 'otherBucket', - default: false, - write: noop, - }, - { - name: 'otherBucketLabel', - type: 'string', - default: i18n.translate('data.search.aggs.buckets.terms.otherBucketLabel', { - defaultMessage: 'Other', - }), - displayName: i18n.translate('data.search.aggs.otherBucket.labelForOtherBucketLabel', { - defaultMessage: 'Label for other bucket', - }), - shouldShow: agg => agg.getParam('otherBucket'), - write: noop, - }, - { - name: 'missingBucket', - default: false, - write: noop, }, - { - name: 'missingBucketLabel', - default: i18n.translate('data.search.aggs.buckets.terms.missingBucketLabel', { - defaultMessage: 'Missing', - description: `Default label used in charts when documents are missing a field. - Visible when you create a chart with a terms aggregation and enable "Show missing values"`, - }), - type: 'string', - displayName: i18n.translate('data.search.aggs.otherBucket.labelForMissingValuesLabel', { - defaultMessage: 'Label for missing values', - }), - shouldShow: agg => agg.getParam('missingBucket'), - write: noop, - }, - { - name: 'exclude', - displayName: i18n.translate('data.search.aggs.buckets.terms.excludeLabel', { - defaultMessage: 'Exclude', - }), - type: 'string', - advanced: true, - shouldShow: isStringType, - ...migrateIncludeExcludeFormat, - }, - { - name: 'include', - displayName: i18n.translate('data.search.aggs.buckets.terms.includeLabel', { - defaultMessage: 'Include', - }), - type: 'string', - advanced: true, - shouldShow: isStringType, - ...migrateIncludeExcludeFormat, - }, - ], -}); + { getInternalStartServices } + ); diff --git a/src/plugins/data/public/search/aggs/index.test.ts b/src/plugins/data/public/search/aggs/index.test.ts index 8c0e47763c295..419c3fdab1caf 100644 --- a/src/plugins/data/public/search/aggs/index.test.ts +++ b/src/plugins/data/public/search/aggs/index.test.ts @@ -20,16 +20,22 @@ import { coreMock } from '../../../../../../src/core/public/mocks'; import { getAggTypes } from './index'; -import { isBucketAggType } from './buckets/_bucket_agg_type'; +import { isBucketAggType } from './buckets/bucket_agg_type'; import { isMetricAggType } from './metrics/metric_agg_type'; import { QueryStart } from '../../query'; +import { FieldFormatsStart } from '../../field_formats'; describe('AggTypesComponent', () => { - const core = coreMock.createSetup(); + const coreSetup = coreMock.createSetup(); + const coreStart = coreMock.createSetup(); + const aggTypes = getAggTypes({ - uiSettings: core.uiSettings, - notifications: core.notifications, + uiSettings: coreSetup.uiSettings, query: {} as QueryStart, + getInternalStartServices: () => ({ + notifications: coreStart.notifications, + fieldFormats: {} as FieldFormatsStart, + }), }); const { buckets, metrics } = aggTypes; diff --git a/src/plugins/data/public/search/aggs/metrics/avg.ts b/src/plugins/data/public/search/aggs/metrics/avg.ts index 008dede3e1985..d53ce8d3fc489 100644 --- a/src/plugins/data/public/search/aggs/metrics/avg.ts +++ b/src/plugins/data/public/search/aggs/metrics/avg.ts @@ -21,25 +21,37 @@ import { i18n } from '@kbn/i18n'; import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; const averageTitle = i18n.translate('data.search.aggs.metrics.averageTitle', { defaultMessage: 'Average', }); -export const avgMetricAgg = new MetricAggType({ - name: METRIC_TYPES.AVG, - title: averageTitle, - makeLabel: aggConfig => { - return i18n.translate('data.search.aggs.metrics.averageLabel', { - defaultMessage: 'Average {field}', - values: { field: aggConfig.getFieldDisplayName() }, - }); - }, - params: [ +export interface AvgMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getAvgMetricAgg = ({ getInternalStartServices }: AvgMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.NUMBER, + name: METRIC_TYPES.AVG, + title: averageTitle, + makeLabel: aggConfig => { + return i18n.translate('data.search.aggs.metrics.averageLabel', { + defaultMessage: 'Average {field}', + values: { field: aggConfig.getFieldDisplayName() }, + }); + }, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.NUMBER, + }, + ], }, - ], -}); + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/bucket_avg.ts b/src/plugins/data/public/search/aggs/metrics/bucket_avg.ts index 11bb559274729..2c32ebc671539 100644 --- a/src/plugins/data/public/search/aggs/metrics/bucket_avg.ts +++ b/src/plugins/data/public/search/aggs/metrics/bucket_avg.ts @@ -23,6 +23,11 @@ import { MetricAggType } from './metric_agg_type'; import { makeNestedLabel } from './lib/make_nested_label'; import { siblingPipelineAggHelper } from './lib/sibling_pipeline_agg_helper'; import { METRIC_TYPES } from './metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface BucketAvgMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const overallAverageLabel = i18n.translate('data.search.aggs.metrics.overallAverageLabel', { defaultMessage: 'overall average', @@ -32,25 +37,34 @@ const averageBucketTitle = i18n.translate('data.search.aggs.metrics.averageBucke defaultMessage: 'Average Bucket', }); -export const bucketAvgMetricAgg = new MetricAggType({ - name: METRIC_TYPES.AVG_BUCKET, - title: averageBucketTitle, - makeLabel: agg => makeNestedLabel(agg, overallAverageLabel), - subtype: siblingPipelineAggHelper.subtype, - params: [...siblingPipelineAggHelper.params()], - getFormat: siblingPipelineAggHelper.getFormat, - getValue(agg, bucket) { - const customMetric = agg.getParam('customMetric'); - const customBucket = agg.getParam('customBucket'); - const scaleMetrics = customMetric.type && customMetric.type.isScalable(); +export const getBucketAvgMetricAgg = ({ + getInternalStartServices, +}: BucketAvgMetricAggDependencies) => { + return new MetricAggType( + { + name: METRIC_TYPES.AVG_BUCKET, + title: averageBucketTitle, + makeLabel: agg => makeNestedLabel(agg, overallAverageLabel), + subtype: siblingPipelineAggHelper.subtype, + params: [...siblingPipelineAggHelper.params()], + getFormat: siblingPipelineAggHelper.getFormat, + getValue(agg, bucket) { + const customMetric = agg.getParam('customMetric'); + const customBucket = agg.getParam('customBucket'); + const scaleMetrics = customMetric.type && customMetric.type.isScalable(); - let value = bucket[agg.id] && bucket[agg.id].value; + let value = bucket[agg.id] && bucket[agg.id].value; - if (scaleMetrics && customBucket.type.name === 'date_histogram') { - const aggInfo = customBucket.write(); + if (scaleMetrics && customBucket.type.name === 'date_histogram') { + const aggInfo = customBucket.write(); - value *= get(aggInfo, 'bucketInterval.scale', 1); + value *= get(aggInfo, 'bucketInterval.scale', 1); + } + return value; + }, + }, + { + getInternalStartServices, } - return value; - }, -}); + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/bucket_max.ts b/src/plugins/data/public/search/aggs/metrics/bucket_max.ts index 0668a9bcf57a8..1e57a2dd8e38e 100644 --- a/src/plugins/data/public/search/aggs/metrics/bucket_max.ts +++ b/src/plugins/data/public/search/aggs/metrics/bucket_max.ts @@ -22,6 +22,11 @@ import { MetricAggType } from './metric_agg_type'; import { makeNestedLabel } from './lib/make_nested_label'; import { siblingPipelineAggHelper } from './lib/sibling_pipeline_agg_helper'; import { METRIC_TYPES } from './metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface BucketMaxMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const overallMaxLabel = i18n.translate('data.search.aggs.metrics.overallMaxLabel', { defaultMessage: 'overall max', @@ -31,11 +36,20 @@ const maxBucketTitle = i18n.translate('data.search.aggs.metrics.maxBucketTitle', defaultMessage: 'Max Bucket', }); -export const bucketMaxMetricAgg = new MetricAggType({ - name: METRIC_TYPES.MAX_BUCKET, - title: maxBucketTitle, - makeLabel: agg => makeNestedLabel(agg, overallMaxLabel), - subtype: siblingPipelineAggHelper.subtype, - params: [...siblingPipelineAggHelper.params()], - getFormat: siblingPipelineAggHelper.getFormat, -}); +export const getBucketMaxMetricAgg = ({ + getInternalStartServices, +}: BucketMaxMetricAggDependencies) => { + return new MetricAggType( + { + name: METRIC_TYPES.MAX_BUCKET, + title: maxBucketTitle, + makeLabel: agg => makeNestedLabel(agg, overallMaxLabel), + subtype: siblingPipelineAggHelper.subtype, + params: [...siblingPipelineAggHelper.params()], + getFormat: siblingPipelineAggHelper.getFormat, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/bucket_min.ts b/src/plugins/data/public/search/aggs/metrics/bucket_min.ts index 8f728cb5e7e42..0484af23a7141 100644 --- a/src/plugins/data/public/search/aggs/metrics/bucket_min.ts +++ b/src/plugins/data/public/search/aggs/metrics/bucket_min.ts @@ -22,6 +22,11 @@ import { MetricAggType } from './metric_agg_type'; import { makeNestedLabel } from './lib/make_nested_label'; import { siblingPipelineAggHelper } from './lib/sibling_pipeline_agg_helper'; import { METRIC_TYPES } from './metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface BucketMinMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const overallMinLabel = i18n.translate('data.search.aggs.metrics.overallMinLabel', { defaultMessage: 'overall min', @@ -31,11 +36,20 @@ const minBucketTitle = i18n.translate('data.search.aggs.metrics.minBucketTitle', defaultMessage: 'Min Bucket', }); -export const bucketMinMetricAgg = new MetricAggType({ - name: METRIC_TYPES.MIN_BUCKET, - title: minBucketTitle, - makeLabel: agg => makeNestedLabel(agg, overallMinLabel), - subtype: siblingPipelineAggHelper.subtype, - params: [...siblingPipelineAggHelper.params()], - getFormat: siblingPipelineAggHelper.getFormat, -}); +export const getBucketMinMetricAgg = ({ + getInternalStartServices, +}: BucketMinMetricAggDependencies) => { + return new MetricAggType( + { + name: METRIC_TYPES.MIN_BUCKET, + title: minBucketTitle, + makeLabel: agg => makeNestedLabel(agg, overallMinLabel), + subtype: siblingPipelineAggHelper.subtype, + params: [...siblingPipelineAggHelper.params()], + getFormat: siblingPipelineAggHelper.getFormat, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/bucket_sum.ts b/src/plugins/data/public/search/aggs/metrics/bucket_sum.ts index 1f9392c5bec35..0a4d29a18a980 100644 --- a/src/plugins/data/public/search/aggs/metrics/bucket_sum.ts +++ b/src/plugins/data/public/search/aggs/metrics/bucket_sum.ts @@ -22,6 +22,11 @@ import { MetricAggType } from './metric_agg_type'; import { makeNestedLabel } from './lib/make_nested_label'; import { siblingPipelineAggHelper } from './lib/sibling_pipeline_agg_helper'; import { METRIC_TYPES } from './metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface BucketSumMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const overallSumLabel = i18n.translate('data.search.aggs.metrics.overallSumLabel', { defaultMessage: 'overall sum', @@ -31,11 +36,20 @@ const sumBucketTitle = i18n.translate('data.search.aggs.metrics.sumBucketTitle', defaultMessage: 'Sum Bucket', }); -export const bucketSumMetricAgg = new MetricAggType({ - name: METRIC_TYPES.SUM_BUCKET, - title: sumBucketTitle, - makeLabel: agg => makeNestedLabel(agg, overallSumLabel), - subtype: siblingPipelineAggHelper.subtype, - params: [...siblingPipelineAggHelper.params()], - getFormat: siblingPipelineAggHelper.getFormat, -}); +export const getBucketSumMetricAgg = ({ + getInternalStartServices, +}: BucketSumMetricAggDependencies) => { + return new MetricAggType( + { + name: METRIC_TYPES.SUM_BUCKET, + title: sumBucketTitle, + makeLabel: agg => makeNestedLabel(agg, overallSumLabel), + subtype: siblingPipelineAggHelper.subtype, + params: [...siblingPipelineAggHelper.params()], + getFormat: siblingPipelineAggHelper.getFormat, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/cardinality.ts b/src/plugins/data/public/search/aggs/metrics/cardinality.ts index 88cdf3175665e..10b6b5aff1abd 100644 --- a/src/plugins/data/public/search/aggs/metrics/cardinality.ts +++ b/src/plugins/data/public/search/aggs/metrics/cardinality.ts @@ -18,36 +18,48 @@ */ import { i18n } from '@kbn/i18n'; -import { MetricAggType } from './metric_agg_type'; +import { MetricAggType, IMetricAggConfig } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; -import { getFieldFormats } from '../../../../public/services'; +import { GetInternalStartServicesFn } from '../../../types'; const uniqueCountTitle = i18n.translate('data.search.aggs.metrics.uniqueCountTitle', { defaultMessage: 'Unique Count', }); -export const cardinalityMetricAgg = new MetricAggType({ - name: METRIC_TYPES.CARDINALITY, - title: uniqueCountTitle, - makeLabel(aggConfig) { - return i18n.translate('data.search.aggs.metrics.uniqueCountLabel', { - defaultMessage: 'Unique count of {field}', - values: { field: aggConfig.getFieldDisplayName() }, - }); - }, - getFormat() { - const fieldFormatsService = getFieldFormats(); +export interface CardinalityMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} - return fieldFormatsService.getDefaultInstance(KBN_FIELD_TYPES.NUMBER); - }, - params: [ +export const getCardinalityMetricAgg = ({ + getInternalStartServices, +}: CardinalityMetricAggDependencies) => + new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: Object.values(KBN_FIELD_TYPES).filter( - type => type !== KBN_FIELD_TYPES.HISTOGRAM - ), + name: METRIC_TYPES.CARDINALITY, + title: uniqueCountTitle, + makeLabel(aggConfig: IMetricAggConfig) { + return i18n.translate('data.search.aggs.metrics.uniqueCountLabel', { + defaultMessage: 'Unique count of {field}', + values: { field: aggConfig.getFieldDisplayName() }, + }); + }, + getFormat() { + const { fieldFormats } = getInternalStartServices(); + + return fieldFormats.getDefaultInstance(KBN_FIELD_TYPES.NUMBER); + }, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: Object.values(KBN_FIELD_TYPES).filter( + type => type !== KBN_FIELD_TYPES.HISTOGRAM + ), + }, + ], }, - ], -}); + { + getInternalStartServices, + } + ); diff --git a/src/plugins/data/public/search/aggs/metrics/count.ts b/src/plugins/data/public/search/aggs/metrics/count.ts index 3ec1e18d66ab9..bd0b83798c7db 100644 --- a/src/plugins/data/public/search/aggs/metrics/count.ts +++ b/src/plugins/data/public/search/aggs/metrics/count.ts @@ -21,28 +21,38 @@ import { i18n } from '@kbn/i18n'; import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; -import { getFieldFormats } from '../../../../public/services'; +import { GetInternalStartServicesFn } from '../../../types'; -export const countMetricAgg = new MetricAggType({ - name: METRIC_TYPES.COUNT, - title: i18n.translate('data.search.aggs.metrics.countTitle', { - defaultMessage: 'Count', - }), - hasNoDsl: true, - makeLabel() { - return i18n.translate('data.search.aggs.metrics.countLabel', { - defaultMessage: 'Count', - }); - }, - getFormat() { - const fieldFormatsService = getFieldFormats(); +export interface CountMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} - return fieldFormatsService.getDefaultInstance(KBN_FIELD_TYPES.NUMBER); - }, - getValue(agg, bucket) { - return bucket.doc_count; - }, - isScalable() { - return true; - }, -}); +export const getCountMetricAgg = ({ getInternalStartServices }: CountMetricAggDependencies) => + new MetricAggType( + { + name: METRIC_TYPES.COUNT, + title: i18n.translate('data.search.aggs.metrics.countTitle', { + defaultMessage: 'Count', + }), + hasNoDsl: true, + makeLabel() { + return i18n.translate('data.search.aggs.metrics.countLabel', { + defaultMessage: 'Count', + }); + }, + getFormat() { + const { fieldFormats } = getInternalStartServices(); + + return fieldFormats.getDefaultInstance(KBN_FIELD_TYPES.NUMBER); + }, + getValue(agg, bucket) { + return bucket.doc_count; + }, + isScalable() { + return true; + }, + }, + { + getInternalStartServices, + } + ); diff --git a/src/plugins/data/public/search/aggs/metrics/cumulative_sum.ts b/src/plugins/data/public/search/aggs/metrics/cumulative_sum.ts index a5d02459900bb..8ca922e144a1f 100644 --- a/src/plugins/data/public/search/aggs/metrics/cumulative_sum.ts +++ b/src/plugins/data/public/search/aggs/metrics/cumulative_sum.ts @@ -22,6 +22,11 @@ import { MetricAggType } from './metric_agg_type'; import { parentPipelineAggHelper } from './lib/parent_pipeline_agg_helper'; import { makeNestedLabel } from './lib/make_nested_label'; import { METRIC_TYPES } from './metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface CumulativeSumMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const cumulativeSumLabel = i18n.translate('data.search.aggs.metrics.cumulativeSumLabel', { defaultMessage: 'cumulative sum', @@ -31,11 +36,20 @@ const cumulativeSumTitle = i18n.translate('data.search.aggs.metrics.cumulativeSu defaultMessage: 'Cumulative Sum', }); -export const cumulativeSumMetricAgg = new MetricAggType({ - name: METRIC_TYPES.CUMULATIVE_SUM, - title: cumulativeSumTitle, - subtype: parentPipelineAggHelper.subtype, - makeLabel: agg => makeNestedLabel(agg, cumulativeSumLabel), - params: [...parentPipelineAggHelper.params()], - getFormat: parentPipelineAggHelper.getFormat, -}); +export const getCumulativeSumMetricAgg = ({ + getInternalStartServices, +}: CumulativeSumMetricAggDependencies) => { + return new MetricAggType( + { + name: METRIC_TYPES.CUMULATIVE_SUM, + title: cumulativeSumTitle, + subtype: parentPipelineAggHelper.subtype, + makeLabel: agg => makeNestedLabel(agg, cumulativeSumLabel), + params: [...parentPipelineAggHelper.params()], + getFormat: parentPipelineAggHelper.getFormat, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/derivative.ts b/src/plugins/data/public/search/aggs/metrics/derivative.ts index 1169a527b0668..5752a72c846aa 100644 --- a/src/plugins/data/public/search/aggs/metrics/derivative.ts +++ b/src/plugins/data/public/search/aggs/metrics/derivative.ts @@ -22,6 +22,11 @@ import { MetricAggType } from './metric_agg_type'; import { parentPipelineAggHelper } from './lib/parent_pipeline_agg_helper'; import { makeNestedLabel } from './lib/make_nested_label'; import { METRIC_TYPES } from './metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface DerivativeMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const derivativeLabel = i18n.translate('data.search.aggs.metrics.derivativeLabel', { defaultMessage: 'derivative', @@ -31,13 +36,22 @@ const derivativeTitle = i18n.translate('data.search.aggs.metrics.derivativeTitle defaultMessage: 'Derivative', }); -export const derivativeMetricAgg = new MetricAggType({ - name: METRIC_TYPES.DERIVATIVE, - title: derivativeTitle, - subtype: parentPipelineAggHelper.subtype, - makeLabel(agg) { - return makeNestedLabel(agg, derivativeLabel); - }, - params: [...parentPipelineAggHelper.params()], - getFormat: parentPipelineAggHelper.getFormat, -}); +export const getDerivativeMetricAgg = ({ + getInternalStartServices, +}: DerivativeMetricAggDependencies) => { + return new MetricAggType( + { + name: METRIC_TYPES.DERIVATIVE, + title: derivativeTitle, + subtype: parentPipelineAggHelper.subtype, + makeLabel(agg) { + return makeNestedLabel(agg, derivativeLabel); + }, + params: [...parentPipelineAggHelper.params()], + getFormat: parentPipelineAggHelper.getFormat, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/geo_bounds.ts b/src/plugins/data/public/search/aggs/metrics/geo_bounds.ts index 8a9f66f4b22a8..00927ebba56bf 100644 --- a/src/plugins/data/public/search/aggs/metrics/geo_bounds.ts +++ b/src/plugins/data/public/search/aggs/metrics/geo_bounds.ts @@ -21,6 +21,11 @@ import { i18n } from '@kbn/i18n'; import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface GeoBoundsMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const geoBoundsTitle = i18n.translate('data.search.aggs.metrics.geoBoundsTitle', { defaultMessage: 'Geo Bounds', @@ -30,15 +35,24 @@ const geoBoundsLabel = i18n.translate('data.search.aggs.metrics.geoBoundsLabel', defaultMessage: 'Geo Bounds', }); -export const geoBoundsMetricAgg = new MetricAggType({ - name: METRIC_TYPES.GEO_BOUNDS, - title: geoBoundsTitle, - makeLabel: () => geoBoundsLabel, - params: [ +export const getGeoBoundsMetricAgg = ({ + getInternalStartServices, +}: GeoBoundsMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.GEO_POINT, + name: METRIC_TYPES.GEO_BOUNDS, + title: geoBoundsTitle, + makeLabel: () => geoBoundsLabel, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.GEO_POINT, + }, + ], }, - ], -}); + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/geo_centroid.ts b/src/plugins/data/public/search/aggs/metrics/geo_centroid.ts index a4e4413843bdd..a4b084f794a5d 100644 --- a/src/plugins/data/public/search/aggs/metrics/geo_centroid.ts +++ b/src/plugins/data/public/search/aggs/metrics/geo_centroid.ts @@ -21,6 +21,11 @@ import { i18n } from '@kbn/i18n'; import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface GeoCentroidMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const geoCentroidTitle = i18n.translate('data.search.aggs.metrics.geoCentroidTitle', { defaultMessage: 'Geo Centroid', @@ -30,18 +35,27 @@ const geoCentroidLabel = i18n.translate('data.search.aggs.metrics.geoCentroidLab defaultMessage: 'Geo Centroid', }); -export const geoCentroidMetricAgg = new MetricAggType({ - name: METRIC_TYPES.GEO_CENTROID, - title: geoCentroidTitle, - makeLabel: () => geoCentroidLabel, - params: [ +export const getGeoCentroidMetricAgg = ({ + getInternalStartServices, +}: GeoCentroidMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.GEO_POINT, + name: METRIC_TYPES.GEO_CENTROID, + title: geoCentroidTitle, + makeLabel: () => geoCentroidLabel, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.GEO_POINT, + }, + ], + getValue(agg, bucket) { + return bucket[agg.id] && bucket[agg.id].location; + }, }, - ], - getValue(agg, bucket) { - return bucket[agg.id] && bucket[agg.id].location; - }, -}); + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/max.ts b/src/plugins/data/public/search/aggs/metrics/max.ts index 0cfb7be699a95..88e8b485cb73f 100644 --- a/src/plugins/data/public/search/aggs/metrics/max.ts +++ b/src/plugins/data/public/search/aggs/metrics/max.ts @@ -21,25 +21,37 @@ import { i18n } from '@kbn/i18n'; import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; const maxTitle = i18n.translate('data.search.aggs.metrics.maxTitle', { defaultMessage: 'Max', }); -export const maxMetricAgg = new MetricAggType({ - name: METRIC_TYPES.MAX, - title: maxTitle, - makeLabel(aggConfig) { - return i18n.translate('data.search.aggs.metrics.maxLabel', { - defaultMessage: 'Max {field}', - values: { field: aggConfig.getFieldDisplayName() }, - }); - }, - params: [ +export interface MaxMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getMaxMetricAgg = ({ getInternalStartServices }: MaxMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: [KBN_FIELD_TYPES.NUMBER, KBN_FIELD_TYPES.DATE], + name: METRIC_TYPES.MAX, + title: maxTitle, + makeLabel(aggConfig) { + return i18n.translate('data.search.aggs.metrics.maxLabel', { + defaultMessage: 'Max {field}', + values: { field: aggConfig.getFieldDisplayName() }, + }); + }, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: [KBN_FIELD_TYPES.NUMBER, KBN_FIELD_TYPES.DATE], + }, + ], }, - ], -}); + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/median.test.ts b/src/plugins/data/public/search/aggs/metrics/median.test.ts index ad55837ec9a30..f80c46026f50a 100644 --- a/src/plugins/data/public/search/aggs/metrics/median.test.ts +++ b/src/plugins/data/public/search/aggs/metrics/median.test.ts @@ -17,16 +17,24 @@ * under the License. */ -import { medianMetricAgg } from './median'; +import { getMedianMetricAgg, MedianMetricAggDependencies } from './median'; import { AggConfigs, IAggConfigs } from '../agg_configs'; import { mockAggTypesRegistry } from '../test_helpers'; import { METRIC_TYPES } from './metric_agg_types'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('AggTypeMetricMedianProvider class', () => { let aggConfigs: IAggConfigs; + const aggTypesDependencies: MedianMetricAggDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; beforeEach(() => { - const typesRegistry = mockAggTypesRegistry([medianMetricAgg]); + const typesRegistry = mockAggTypesRegistry([getMedianMetricAgg(aggTypesDependencies)]); const field = { name: 'bytes', }; diff --git a/src/plugins/data/public/search/aggs/metrics/median.ts b/src/plugins/data/public/search/aggs/metrics/median.ts index faa0694cd5312..a398f017602b0 100644 --- a/src/plugins/data/public/search/aggs/metrics/median.ts +++ b/src/plugins/data/public/search/aggs/metrics/median.ts @@ -21,33 +21,49 @@ import { i18n } from '@kbn/i18n'; import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; const medianTitle = i18n.translate('data.search.aggs.metrics.medianTitle', { defaultMessage: 'Median', }); -export const medianMetricAgg = new MetricAggType({ - name: METRIC_TYPES.MEDIAN, - dslName: 'percentiles', - title: medianTitle, - makeLabel(aggConfig) { - return i18n.translate('data.search.aggs.metrics.medianLabel', { - defaultMessage: 'Median {field}', - values: { field: aggConfig.getFieldDisplayName() }, - }); - }, - params: [ +export interface MedianMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getMedianMetricAgg = ({ getInternalStartServices }: MedianMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: [KBN_FIELD_TYPES.NUMBER, KBN_FIELD_TYPES.DATE, KBN_FIELD_TYPES.HISTOGRAM], - write(agg, output) { - output.params.field = agg.getParam('field').name; - output.params.percents = [50]; + name: METRIC_TYPES.MEDIAN, + dslName: 'percentiles', + title: medianTitle, + makeLabel(aggConfig) { + return i18n.translate('data.search.aggs.metrics.medianLabel', { + defaultMessage: 'Median {field}', + values: { field: aggConfig.getFieldDisplayName() }, + }); + }, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: [ + KBN_FIELD_TYPES.NUMBER, + KBN_FIELD_TYPES.DATE, + KBN_FIELD_TYPES.HISTOGRAM, + ], + write(agg, output) { + output.params.field = agg.getParam('field').name; + output.params.percents = [50]; + }, + }, + ], + getValue(agg, bucket) { + return bucket[agg.id].values['50.0']; }, }, - ], - getValue(agg, bucket) { - return bucket[agg.id].values['50.0']; - }, -}); + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/metric_agg_type.ts b/src/plugins/data/public/search/aggs/metrics/metric_agg_type.ts index 05c4cb3de4bdf..bb16cba1bee62 100644 --- a/src/plugins/data/public/search/aggs/metrics/metric_agg_type.ts +++ b/src/plugins/data/public/search/aggs/metrics/metric_agg_type.ts @@ -23,8 +23,8 @@ import { AggParamType } from '../param_types/agg'; import { AggConfig } from '../agg_config'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; -import { getFieldFormats } from '../../../../public/services'; import { FieldTypes } from '../param_types'; +import { GetInternalStartServicesFn } from '../../../types'; export interface IMetricAggConfig extends AggConfig { type: InstanceType; @@ -44,6 +44,10 @@ interface MetricAggTypeConfig subtype?: string; } +interface MetricAggTypeDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + // TODO need to make a more explicit interface for this export type IMetricAggType = MetricAggType; @@ -57,8 +61,11 @@ export class MetricAggType {}; - constructor(config: MetricAggTypeConfig) { - super(config); + constructor( + config: MetricAggTypeConfig, + dependencies: MetricAggTypeDependencies + ) { + super(config, dependencies); this.getValue = config.getValue || @@ -78,11 +85,9 @@ export class MetricAggType { - const fieldFormatsService = getFieldFormats(); + const { fieldFormats } = dependencies.getInternalStartServices(); const field = agg.getField(); - return field - ? field.format - : fieldFormatsService.getDefaultInstance(KBN_FIELD_TYPES.NUMBER); + return field ? field.format : fieldFormats.getDefaultInstance(KBN_FIELD_TYPES.NUMBER); }); this.subtype = diff --git a/src/plugins/data/public/search/aggs/metrics/min.ts b/src/plugins/data/public/search/aggs/metrics/min.ts index 0a9abf1edcd04..aae16f357186c 100644 --- a/src/plugins/data/public/search/aggs/metrics/min.ts +++ b/src/plugins/data/public/search/aggs/metrics/min.ts @@ -21,25 +21,37 @@ import { i18n } from '@kbn/i18n'; import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; const minTitle = i18n.translate('data.search.aggs.metrics.minTitle', { defaultMessage: 'Min', }); -export const minMetricAgg = new MetricAggType({ - name: METRIC_TYPES.MIN, - title: minTitle, - makeLabel(aggConfig) { - return i18n.translate('data.search.aggs.metrics.minLabel', { - defaultMessage: 'Min {field}', - values: { field: aggConfig.getFieldDisplayName() }, - }); - }, - params: [ +export interface MinMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getMinMetricAgg = ({ getInternalStartServices }: MinMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: [KBN_FIELD_TYPES.NUMBER, KBN_FIELD_TYPES.DATE], + name: METRIC_TYPES.MIN, + title: minTitle, + makeLabel(aggConfig) { + return i18n.translate('data.search.aggs.metrics.minLabel', { + defaultMessage: 'Min {field}', + values: { field: aggConfig.getFieldDisplayName() }, + }); + }, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: [KBN_FIELD_TYPES.NUMBER, KBN_FIELD_TYPES.DATE], + }, + ], }, - ], -}); + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/moving_avg.ts b/src/plugins/data/public/search/aggs/metrics/moving_avg.ts index cb733507858bc..94b9b1d8cd487 100644 --- a/src/plugins/data/public/search/aggs/metrics/moving_avg.ts +++ b/src/plugins/data/public/search/aggs/metrics/moving_avg.ts @@ -22,6 +22,11 @@ import { MetricAggType } from './metric_agg_type'; import { parentPipelineAggHelper } from './lib/parent_pipeline_agg_helper'; import { makeNestedLabel } from './lib/make_nested_label'; import { METRIC_TYPES } from './metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface MovingAvgMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const movingAvgTitle = i18n.translate('data.search.aggs.metrics.movingAvgTitle', { defaultMessage: 'Moving Avg', @@ -31,34 +36,43 @@ const movingAvgLabel = i18n.translate('data.search.aggs.metrics.movingAvgLabel', defaultMessage: 'moving avg', }); -export const movingAvgMetricAgg = new MetricAggType({ - name: METRIC_TYPES.MOVING_FN, - dslName: 'moving_fn', - title: movingAvgTitle, - subtype: parentPipelineAggHelper.subtype, - makeLabel: agg => makeNestedLabel(agg, movingAvgLabel), - params: [ - ...parentPipelineAggHelper.params(), +export const getMovingAvgMetricAgg = ({ + getInternalStartServices, +}: MovingAvgMetricAggDependencies) => { + return new MetricAggType( { - name: 'window', - default: 5, + name: METRIC_TYPES.MOVING_FN, + dslName: 'moving_fn', + title: movingAvgTitle, + subtype: parentPipelineAggHelper.subtype, + makeLabel: agg => makeNestedLabel(agg, movingAvgLabel), + params: [ + ...parentPipelineAggHelper.params(), + { + name: 'window', + default: 5, + }, + { + name: 'script', + default: 'MovingFunctions.unweightedAvg(values)', + }, + ], + getValue(agg, bucket) { + /** + * The previous implementation using `moving_avg` did not + * return any bucket in case there are no documents or empty window. + * The `moving_fn` aggregation returns buckets with the value null if the + * window is empty or doesn't return any value if the sibiling metric + * is null. Since our generic MetricAggType.getValue implementation + * would return the value 0 for null buckets, we need a specific + * implementation here, that preserves the null value. + */ + return bucket[agg.id] ? bucket[agg.id].value : null; + }, + getFormat: parentPipelineAggHelper.getFormat, }, { - name: 'script', - default: 'MovingFunctions.unweightedAvg(values)', - }, - ], - getValue(agg, bucket) { - /** - * The previous implementation using `moving_avg` did not - * return any bucket in case there are no documents or empty window. - * The `moving_fn` aggregation returns buckets with the value null if the - * window is empty or doesn't return any value if the sibiling metric - * is null. Since our generic MetricAggType.getValue implementation - * would return the value 0 for null buckets, we need a specific - * implementation here, that preserves the null value. - */ - return bucket[agg.id] ? bucket[agg.id].value : null; - }, - getFormat: parentPipelineAggHelper.getFormat, -}); + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/parent_pipeline.test.ts b/src/plugins/data/public/search/aggs/metrics/parent_pipeline.test.ts index 02e63f653f94f..af983a50f6c23 100644 --- a/src/plugins/data/public/search/aggs/metrics/parent_pipeline.test.ts +++ b/src/plugins/data/public/search/aggs/metrics/parent_pipeline.test.ts @@ -17,26 +17,47 @@ * under the License. */ -import { derivativeMetricAgg } from './derivative'; -import { cumulativeSumMetricAgg } from './cumulative_sum'; -import { movingAvgMetricAgg } from './moving_avg'; -import { serialDiffMetricAgg } from './serial_diff'; +import { getDerivativeMetricAgg } from './derivative'; +import { getCumulativeSumMetricAgg } from './cumulative_sum'; +import { getMovingAvgMetricAgg } from './moving_avg'; +import { getSerialDiffMetricAgg } from './serial_diff'; import { AggConfigs } from '../agg_configs'; -import { mockDataServices, mockAggTypesRegistry } from '../test_helpers'; +import { mockAggTypesRegistry } from '../test_helpers'; import { IMetricAggConfig, MetricAggType } from './metric_agg_type'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { GetInternalStartServicesFn } from '../../../types'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('parent pipeline aggs', function() { - beforeEach(() => { - mockDataServices(); + const getInternalStartServices: GetInternalStartServicesFn = () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), }); const typesRegistry = mockAggTypesRegistry(); const metrics = [ - { name: 'derivative', title: 'Derivative', provider: derivativeMetricAgg }, - { name: 'cumulative_sum', title: 'Cumulative Sum', provider: cumulativeSumMetricAgg }, - { name: 'moving_avg', title: 'Moving Avg', provider: movingAvgMetricAgg, dslName: 'moving_fn' }, - { name: 'serial_diff', title: 'Serial Diff', provider: serialDiffMetricAgg }, + { + name: 'derivative', + title: 'Derivative', + provider: getDerivativeMetricAgg({ getInternalStartServices }), + }, + { + name: 'cumulative_sum', + title: 'Cumulative Sum', + provider: getCumulativeSumMetricAgg({ getInternalStartServices }), + }, + { + name: 'moving_avg', + title: 'Moving Avg', + provider: getMovingAvgMetricAgg({ getInternalStartServices }), + dslName: 'moving_fn', + }, + { + name: 'serial_diff', + title: 'Serial Diff', + provider: getSerialDiffMetricAgg({ getInternalStartServices }), + }, ]; metrics.forEach(metric => { diff --git a/src/plugins/data/public/search/aggs/metrics/percentile_ranks.test.ts b/src/plugins/data/public/search/aggs/metrics/percentile_ranks.test.ts index 628f1cd204ee5..2944fc8c11b23 100644 --- a/src/plugins/data/public/search/aggs/metrics/percentile_ranks.test.ts +++ b/src/plugins/data/public/search/aggs/metrics/percentile_ranks.test.ts @@ -17,18 +17,28 @@ * under the License. */ -import { IPercentileRanksAggConfig, percentileRanksMetricAgg } from './percentile_ranks'; +import { + IPercentileRanksAggConfig, + getPercentileRanksMetricAgg, + PercentileRanksMetricAggDependencies, +} from './percentile_ranks'; import { AggConfigs, IAggConfigs } from '../agg_configs'; -import { mockDataServices, mockAggTypesRegistry } from '../test_helpers'; +import { mockAggTypesRegistry } from '../test_helpers'; import { METRIC_TYPES } from './metric_agg_types'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('AggTypesMetricsPercentileRanksProvider class', function() { let aggConfigs: IAggConfigs; + const aggTypesDependencies: PercentileRanksMetricAggDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; beforeEach(() => { - mockDataServices(); - - const typesRegistry = mockAggTypesRegistry([percentileRanksMetricAgg]); + const typesRegistry = mockAggTypesRegistry([getPercentileRanksMetricAgg(aggTypesDependencies)]); const field = { name: 'bytes', }; @@ -65,7 +75,7 @@ describe('AggTypesMetricsPercentileRanksProvider class', function() { }); it('uses the custom label if it is set', function() { - const responseAggs: any = percentileRanksMetricAgg.getResponseAggs( + const responseAggs: any = getPercentileRanksMetricAgg(aggTypesDependencies).getResponseAggs( aggConfigs.aggs[0] as IPercentileRanksAggConfig ); diff --git a/src/plugins/data/public/search/aggs/metrics/percentile_ranks.ts b/src/plugins/data/public/search/aggs/metrics/percentile_ranks.ts index 7dc0f70ea7b80..0d79665ff9c4e 100644 --- a/src/plugins/data/public/search/aggs/metrics/percentile_ranks.ts +++ b/src/plugins/data/public/search/aggs/metrics/percentile_ranks.ts @@ -23,68 +23,86 @@ import { getResponseAggConfigClass, IResponseAggConfig } from './lib/get_respons import { getPercentileValue } from './percentiles_get_value'; import { METRIC_TYPES } from './metric_agg_types'; import { FIELD_FORMAT_IDS, KBN_FIELD_TYPES } from '../../../../common'; -import { getFieldFormats } from '../../../../public/services'; +import { GetInternalStartServicesFn } from '../../../types'; // required by the values editor export type IPercentileRanksAggConfig = IResponseAggConfig; -const valueProps = { - makeLabel(this: IPercentileRanksAggConfig) { - const fieldFormatsService = getFieldFormats(); - const field = this.getField(); - const format = - (field && field.format) || fieldFormatsService.getDefaultInstance(KBN_FIELD_TYPES.NUMBER); - const customLabel = this.getParam('customLabel'); - const label = customLabel || this.getFieldDisplayName(); +export interface PercentileRanksMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} - return i18n.translate('data.search.aggs.metrics.percentileRanks.valuePropsLabel', { - defaultMessage: 'Percentile rank {format} of "{label}"', - values: { format: format.convert(this.key, 'text'), label }, - }); - }, -}; +const getValueProps = (getInternalStartServices: GetInternalStartServicesFn) => { + return { + makeLabel(this: IPercentileRanksAggConfig) { + const { fieldFormats } = getInternalStartServices(); + const field = this.getField(); + const format = + (field && field.format) || fieldFormats.getDefaultInstance(KBN_FIELD_TYPES.NUMBER); + const customLabel = this.getParam('customLabel'); + const label = customLabel || this.getFieldDisplayName(); -export const percentileRanksMetricAgg = new MetricAggType({ - name: METRIC_TYPES.PERCENTILE_RANKS, - title: i18n.translate('data.search.aggs.metrics.percentileRanksTitle', { - defaultMessage: 'Percentile Ranks', - }), - makeLabel(agg) { - return i18n.translate('data.search.aggs.metrics.percentileRanksLabel', { - defaultMessage: 'Percentile ranks of {field}', - values: { field: agg.getFieldDisplayName() }, - }); - }, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: [KBN_FIELD_TYPES.NUMBER, KBN_FIELD_TYPES.HISTOGRAM], - }, - { - name: 'values', - default: [], + return i18n.translate('data.search.aggs.metrics.percentileRanks.valuePropsLabel', { + defaultMessage: 'Percentile rank {format} of "{label}"', + values: { format: format.convert(this.key, 'text'), label }, + }); }, + }; +}; + +export const getPercentileRanksMetricAgg = ({ + getInternalStartServices, +}: PercentileRanksMetricAggDependencies) => { + return new MetricAggType( { - write(agg, output) { - output.params.keyed = false; + name: METRIC_TYPES.PERCENTILE_RANKS, + title: i18n.translate('data.search.aggs.metrics.percentileRanksTitle', { + defaultMessage: 'Percentile Ranks', + }), + makeLabel(agg) { + return i18n.translate('data.search.aggs.metrics.percentileRanksLabel', { + defaultMessage: 'Percentile ranks of {field}', + values: { field: agg.getFieldDisplayName() }, + }); }, - }, - ], - getResponseAggs(agg) { - const ValueAggConfig = getResponseAggConfigClass(agg, valueProps); - const values = agg.getParam('values'); + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: [KBN_FIELD_TYPES.NUMBER, KBN_FIELD_TYPES.HISTOGRAM], + }, + { + name: 'values', + default: [], + }, + { + write(agg, output) { + output.params.keyed = false; + }, + }, + ], + getResponseAggs(agg) { + const ValueAggConfig = getResponseAggConfigClass( + agg, + getValueProps(getInternalStartServices) + ); + const values = agg.getParam('values'); - return values.map((value: any) => new ValueAggConfig(value)); - }, - getFormat() { - const fieldFormatsService = getFieldFormats(); - return ( - fieldFormatsService.getInstance(FIELD_FORMAT_IDS.PERCENT) || - fieldFormatsService.getDefaultInstance(KBN_FIELD_TYPES.NUMBER) - ); - }, - getValue(agg, bucket) { - return getPercentileValue(agg, bucket) / 100; - }, -}); + return values.map((value: any) => new ValueAggConfig(value)); + }, + getFormat() { + const { fieldFormats } = getInternalStartServices(); + return ( + fieldFormats.getInstance(FIELD_FORMAT_IDS.PERCENT) || + fieldFormats.getDefaultInstance(KBN_FIELD_TYPES.NUMBER) + ); + }, + getValue(agg, bucket) { + return getPercentileValue(agg, bucket) / 100; + }, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/percentiles.test.ts b/src/plugins/data/public/search/aggs/metrics/percentiles.test.ts index e077bc0f8c773..33bd42df74cc7 100644 --- a/src/plugins/data/public/search/aggs/metrics/percentiles.test.ts +++ b/src/plugins/data/public/search/aggs/metrics/percentiles.test.ts @@ -17,16 +17,28 @@ * under the License. */ -import { IPercentileAggConfig, percentilesMetricAgg } from './percentiles'; +import { + IPercentileAggConfig, + getPercentilesMetricAgg, + PercentilesMetricAggDependencies, +} from './percentiles'; import { AggConfigs, IAggConfigs } from '../agg_configs'; import { mockAggTypesRegistry } from '../test_helpers'; import { METRIC_TYPES } from './metric_agg_types'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('AggTypesMetricsPercentilesProvider class', () => { let aggConfigs: IAggConfigs; + const aggTypesDependencies: PercentilesMetricAggDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; beforeEach(() => { - const typesRegistry = mockAggTypesRegistry([percentilesMetricAgg]); + const typesRegistry = mockAggTypesRegistry([getPercentilesMetricAgg(aggTypesDependencies)]); const field = { name: 'bytes', }; @@ -63,7 +75,7 @@ describe('AggTypesMetricsPercentilesProvider class', () => { }); it('uses the custom label if it is set', () => { - const responseAggs: any = percentilesMetricAgg.getResponseAggs( + const responseAggs: any = getPercentilesMetricAgg(aggTypesDependencies).getResponseAggs( aggConfigs.aggs[0] as IPercentileAggConfig ); diff --git a/src/plugins/data/public/search/aggs/metrics/percentiles.ts b/src/plugins/data/public/search/aggs/metrics/percentiles.ts index a39d68248d608..040a52588dd94 100644 --- a/src/plugins/data/public/search/aggs/metrics/percentiles.ts +++ b/src/plugins/data/public/search/aggs/metrics/percentiles.ts @@ -24,9 +24,14 @@ import { KBN_FIELD_TYPES } from '../../../../common'; import { getResponseAggConfigClass, IResponseAggConfig } from './lib/get_response_agg_config_class'; import { getPercentileValue } from './percentiles_get_value'; import { ordinalSuffix } from './lib/ordinal_suffix'; +import { GetInternalStartServicesFn } from '../../../types'; export type IPercentileAggConfig = IResponseAggConfig; +export interface PercentilesMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + const valueProps = { makeLabel(this: IPercentileAggConfig) { const customLabel = this.getParam('customLabel'); @@ -39,38 +44,51 @@ const valueProps = { }, }; -export const percentilesMetricAgg = new MetricAggType({ - name: METRIC_TYPES.PERCENTILES, - title: i18n.translate('data.search.aggs.metrics.percentilesTitle', { - defaultMessage: 'Percentiles', - }), - makeLabel(agg) { - return i18n.translate('data.search.aggs.metrics.percentilesLabel', { - defaultMessage: 'Percentiles of {field}', - values: { field: agg.getFieldDisplayName() }, - }); - }, - params: [ - { - name: 'field', - type: 'field', - filterFieldTypes: [KBN_FIELD_TYPES.NUMBER, KBN_FIELD_TYPES.DATE, KBN_FIELD_TYPES.HISTOGRAM], - }, - { - name: 'percents', - default: [1, 5, 25, 50, 75, 95, 99], - }, +export const getPercentilesMetricAgg = ({ + getInternalStartServices, +}: PercentilesMetricAggDependencies) => { + return new MetricAggType( { - write(agg, output) { - output.params.keyed = false; + name: METRIC_TYPES.PERCENTILES, + title: i18n.translate('data.search.aggs.metrics.percentilesTitle', { + defaultMessage: 'Percentiles', + }), + makeLabel(agg) { + return i18n.translate('data.search.aggs.metrics.percentilesLabel', { + defaultMessage: 'Percentiles of {field}', + values: { field: agg.getFieldDisplayName() }, + }); }, - }, - ], - getResponseAggs(agg) { - const ValueAggConfig = getResponseAggConfigClass(agg, valueProps); + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: [ + KBN_FIELD_TYPES.NUMBER, + KBN_FIELD_TYPES.DATE, + KBN_FIELD_TYPES.HISTOGRAM, + ], + }, + { + name: 'percents', + default: [1, 5, 25, 50, 75, 95, 99], + }, + { + write(agg, output) { + output.params.keyed = false; + }, + }, + ], + getResponseAggs(agg) { + const ValueAggConfig = getResponseAggConfigClass(agg, valueProps); - return agg.getParam('percents').map((percent: any) => new ValueAggConfig(percent)); - }, + return agg.getParam('percents').map((percent: any) => new ValueAggConfig(percent)); + }, - getValue: getPercentileValue, -}); + getValue: getPercentileValue, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/serial_diff.ts b/src/plugins/data/public/search/aggs/metrics/serial_diff.ts index 5af6e1952d135..2b1498560f862 100644 --- a/src/plugins/data/public/search/aggs/metrics/serial_diff.ts +++ b/src/plugins/data/public/search/aggs/metrics/serial_diff.ts @@ -22,6 +22,11 @@ import { MetricAggType } from './metric_agg_type'; import { parentPipelineAggHelper } from './lib/parent_pipeline_agg_helper'; import { makeNestedLabel } from './lib/make_nested_label'; import { METRIC_TYPES } from './metric_agg_types'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface SerialDiffMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const serialDiffTitle = i18n.translate('data.search.aggs.metrics.serialDiffTitle', { defaultMessage: 'Serial Diff', @@ -31,11 +36,20 @@ const serialDiffLabel = i18n.translate('data.search.aggs.metrics.serialDiffLabel defaultMessage: 'serial diff', }); -export const serialDiffMetricAgg = new MetricAggType({ - name: METRIC_TYPES.SERIAL_DIFF, - title: serialDiffTitle, - subtype: parentPipelineAggHelper.subtype, - makeLabel: agg => makeNestedLabel(agg, serialDiffLabel), - params: [...parentPipelineAggHelper.params()], - getFormat: parentPipelineAggHelper.getFormat, -}); +export const getSerialDiffMetricAgg = ({ + getInternalStartServices, +}: SerialDiffMetricAggDependencies) => { + return new MetricAggType( + { + name: METRIC_TYPES.SERIAL_DIFF, + title: serialDiffTitle, + subtype: parentPipelineAggHelper.subtype, + makeLabel: agg => makeNestedLabel(agg, serialDiffLabel), + params: [...parentPipelineAggHelper.params()], + getFormat: parentPipelineAggHelper.getFormat, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/sibling_pipeline.test.ts b/src/plugins/data/public/search/aggs/metrics/sibling_pipeline.test.ts index 8389ed8262ce5..ab480fe44227e 100644 --- a/src/plugins/data/public/search/aggs/metrics/sibling_pipeline.test.ts +++ b/src/plugins/data/public/search/aggs/metrics/sibling_pipeline.test.ts @@ -17,27 +17,47 @@ * under the License. */ -import { bucketSumMetricAgg } from './bucket_sum'; -import { bucketAvgMetricAgg } from './bucket_avg'; -import { bucketMinMetricAgg } from './bucket_min'; -import { bucketMaxMetricAgg } from './bucket_max'; +import { getBucketSumMetricAgg } from './bucket_sum'; +import { getBucketAvgMetricAgg } from './bucket_avg'; +import { getBucketMinMetricAgg } from './bucket_min'; +import { getBucketMaxMetricAgg } from './bucket_max'; import { AggConfigs } from '../agg_configs'; import { IMetricAggConfig, MetricAggType } from './metric_agg_type'; -import { mockDataServices, mockAggTypesRegistry } from '../test_helpers'; +import { mockAggTypesRegistry } from '../test_helpers'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { GetInternalStartServicesFn } from '../../../types'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('sibling pipeline aggs', () => { - beforeEach(() => { - mockDataServices(); + const getInternalStartServices: GetInternalStartServicesFn = () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), }); const typesRegistry = mockAggTypesRegistry(); const metrics = [ - { name: 'sum_bucket', title: 'Overall Sum', provider: bucketSumMetricAgg }, - { name: 'avg_bucket', title: 'Overall Average', provider: bucketAvgMetricAgg }, - { name: 'min_bucket', title: 'Overall Min', provider: bucketMinMetricAgg }, - { name: 'max_bucket', title: 'Overall Max', provider: bucketMaxMetricAgg }, + { + name: 'sum_bucket', + title: 'Overall Sum', + provider: getBucketSumMetricAgg({ getInternalStartServices }), + }, + { + name: 'avg_bucket', + title: 'Overall Average', + provider: getBucketAvgMetricAgg({ getInternalStartServices }), + }, + { + name: 'min_bucket', + title: 'Overall Min', + provider: getBucketMinMetricAgg({ getInternalStartServices }), + }, + { + name: 'max_bucket', + title: 'Overall Max', + provider: getBucketMaxMetricAgg({ getInternalStartServices }), + }, ]; metrics.forEach(metric => { diff --git a/src/plugins/data/public/search/aggs/metrics/std_deviation.test.ts b/src/plugins/data/public/search/aggs/metrics/std_deviation.test.ts index 0679831b1e6ac..6bbff3009cc11 100644 --- a/src/plugins/data/public/search/aggs/metrics/std_deviation.test.ts +++ b/src/plugins/data/public/search/aggs/metrics/std_deviation.test.ts @@ -17,13 +17,25 @@ * under the License. */ -import { IStdDevAggConfig, stdDeviationMetricAgg } from './std_deviation'; +import { + IStdDevAggConfig, + getStdDeviationMetricAgg, + StdDeviationMetricAggDependencies, +} from './std_deviation'; import { AggConfigs } from '../agg_configs'; import { mockAggTypesRegistry } from '../test_helpers'; import { METRIC_TYPES } from './metric_agg_types'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('AggTypeMetricStandardDeviationProvider class', () => { - const typesRegistry = mockAggTypesRegistry([stdDeviationMetricAgg]); + const aggTypesDependencies: StdDeviationMetricAggDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; + const typesRegistry = mockAggTypesRegistry([getStdDeviationMetricAgg(aggTypesDependencies)]); const getAggConfigs = (customLabel?: string) => { const field = { name: 'memory', @@ -58,7 +70,7 @@ describe('AggTypeMetricStandardDeviationProvider class', () => { it('uses the custom label if it is set', () => { const aggConfigs = getAggConfigs('custom label'); - const responseAggs: any = stdDeviationMetricAgg.getResponseAggs( + const responseAggs: any = getStdDeviationMetricAgg(aggTypesDependencies).getResponseAggs( aggConfigs.aggs[0] as IStdDevAggConfig ); @@ -72,7 +84,7 @@ describe('AggTypeMetricStandardDeviationProvider class', () => { it('uses the default labels if custom label is not set', () => { const aggConfigs = getAggConfigs(); - const responseAggs: any = stdDeviationMetricAgg.getResponseAggs( + const responseAggs: any = getStdDeviationMetricAgg(aggTypesDependencies).getResponseAggs( aggConfigs.aggs[0] as IStdDevAggConfig ); diff --git a/src/plugins/data/public/search/aggs/metrics/std_deviation.ts b/src/plugins/data/public/search/aggs/metrics/std_deviation.ts index 5e069e317e052..e972132542ceb 100644 --- a/src/plugins/data/public/search/aggs/metrics/std_deviation.ts +++ b/src/plugins/data/public/search/aggs/metrics/std_deviation.ts @@ -23,6 +23,7 @@ import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { getResponseAggConfigClass, IResponseAggConfig } from './lib/get_response_agg_config_class'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; interface ValProp { valProp: string[]; @@ -34,6 +35,10 @@ export interface IStdDevAggConfig extends IResponseAggConfig { valProp: () => ValProp; } +export interface StdDeviationMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + const responseAggConfigProps = { valProp(this: IStdDevAggConfig) { const customLabel = this.getParam('customLabel'); @@ -75,33 +80,42 @@ const responseAggConfigProps = { }, }; -export const stdDeviationMetricAgg = new MetricAggType({ - name: METRIC_TYPES.STD_DEV, - dslName: 'extended_stats', - title: i18n.translate('data.search.aggs.metrics.standardDeviationTitle', { - defaultMessage: 'Standard Deviation', - }), - makeLabel(agg) { - return i18n.translate('data.search.aggs.metrics.standardDeviationLabel', { - defaultMessage: 'Standard Deviation of {field}', - values: { field: agg.getFieldDisplayName() }, - }); - }, - params: [ +export const getStdDeviationMetricAgg = ({ + getInternalStartServices, +}: StdDeviationMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.NUMBER, - }, - ], + name: METRIC_TYPES.STD_DEV, + dslName: 'extended_stats', + title: i18n.translate('data.search.aggs.metrics.standardDeviationTitle', { + defaultMessage: 'Standard Deviation', + }), + makeLabel(agg) { + return i18n.translate('data.search.aggs.metrics.standardDeviationLabel', { + defaultMessage: 'Standard Deviation of {field}', + values: { field: agg.getFieldDisplayName() }, + }); + }, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.NUMBER, + }, + ], - getResponseAggs(agg) { - const ValueAggConfig = getResponseAggConfigClass(agg, responseAggConfigProps); + getResponseAggs(agg) { + const ValueAggConfig = getResponseAggConfigClass(agg, responseAggConfigProps); - return [new ValueAggConfig('std_lower'), new ValueAggConfig('std_upper')]; - }, + return [new ValueAggConfig('std_lower'), new ValueAggConfig('std_upper')]; + }, - getValue(agg, bucket) { - return get(bucket[agg.parentId], agg.valProp()); - }, -}); + getValue(agg, bucket) { + return get(bucket[agg.parentId], agg.valProp()); + }, + }, + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/sum.ts b/src/plugins/data/public/search/aggs/metrics/sum.ts index ffb117dda0839..545c6d6a4939e 100644 --- a/src/plugins/data/public/search/aggs/metrics/sum.ts +++ b/src/plugins/data/public/search/aggs/metrics/sum.ts @@ -21,28 +21,40 @@ import { i18n } from '@kbn/i18n'; import { MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; const sumTitle = i18n.translate('data.search.aggs.metrics.sumTitle', { defaultMessage: 'Sum', }); -export const sumMetricAgg = new MetricAggType({ - name: METRIC_TYPES.SUM, - title: sumTitle, - makeLabel(aggConfig) { - return i18n.translate('data.search.aggs.metrics.sumLabel', { - defaultMessage: 'Sum of {field}', - values: { field: aggConfig.getFieldDisplayName() }, - }); - }, - isScalable() { - return true; - }, - params: [ +export interface SumMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + +export const getSumMetricAgg = ({ getInternalStartServices }: SumMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - filterFieldTypes: KBN_FIELD_TYPES.NUMBER, + name: METRIC_TYPES.SUM, + title: sumTitle, + makeLabel(aggConfig) { + return i18n.translate('data.search.aggs.metrics.sumLabel', { + defaultMessage: 'Sum of {field}', + values: { field: aggConfig.getFieldDisplayName() }, + }); + }, + isScalable() { + return true; + }, + params: [ + { + name: 'field', + type: 'field', + filterFieldTypes: KBN_FIELD_TYPES.NUMBER, + }, + ], }, - ], -}); + { + getInternalStartServices, + } + ); +}; diff --git a/src/plugins/data/public/search/aggs/metrics/top_hit.test.ts b/src/plugins/data/public/search/aggs/metrics/top_hit.test.ts index c65a714f26247..8294ad09bae22 100644 --- a/src/plugins/data/public/search/aggs/metrics/top_hit.test.ts +++ b/src/plugins/data/public/search/aggs/metrics/top_hit.test.ts @@ -18,15 +18,23 @@ */ import { dropRight, last } from 'lodash'; -import { topHitMetricAgg } from './top_hit'; +import { getTopHitMetricAgg, TopHitMetricAggDependencies } from './top_hit'; import { AggConfigs } from '../agg_configs'; import { mockAggTypesRegistry } from '../test_helpers'; import { IMetricAggConfig } from './metric_agg_type'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('Top hit metric', () => { let aggDsl: Record; let aggConfig: IMetricAggConfig; + const aggTypesDependencies: TopHitMetricAggDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; const init = ({ fieldName = 'field', @@ -36,7 +44,7 @@ describe('Top hit metric', () => { fieldType = KBN_FIELD_TYPES.NUMBER, size = 1, }: any) => { - const typesRegistry = mockAggTypesRegistry([topHitMetricAgg]); + const typesRegistry = mockAggTypesRegistry([getTopHitMetricAgg(aggTypesDependencies)]); const field = { name: fieldName, displayName: fieldName, @@ -91,7 +99,7 @@ describe('Top hit metric', () => { it('should return a label prefixed with Last if sorting in descending order', () => { init({ fieldName: 'bytes' }); - expect(topHitMetricAgg.makeLabel(aggConfig)).toEqual('Last bytes'); + expect(getTopHitMetricAgg(aggTypesDependencies).makeLabel(aggConfig)).toEqual('Last bytes'); }); it('should return a label prefixed with First if sorting in ascending order', () => { @@ -99,7 +107,7 @@ describe('Top hit metric', () => { fieldName: 'bytes', sortOrder: 'asc', }); - expect(topHitMetricAgg.makeLabel(aggConfig)).toEqual('First bytes'); + expect(getTopHitMetricAgg(aggTypesDependencies).makeLabel(aggConfig)).toEqual('First bytes'); }); it('should request the _source field', () => { @@ -140,7 +148,7 @@ describe('Top hit metric', () => { }; init({ fieldName: '@tags' }); - expect(topHitMetricAgg.getValue(aggConfig, bucket)).toBe(null); + expect(getTopHitMetricAgg(aggTypesDependencies).getValue(aggConfig, bucket)).toBe(null); }); // it('should return undefined if the field does not appear in the source', () => { @@ -159,7 +167,7 @@ describe('Top hit metric', () => { }; init({ fieldName: '@tags' }); - expect(topHitMetricAgg.getValue(aggConfig, bucket)).toBe(undefined); + expect(getTopHitMetricAgg(aggTypesDependencies).getValue(aggConfig, bucket)).toBe(undefined); }); it('should return the field value from the top hit', () => { @@ -178,7 +186,7 @@ describe('Top hit metric', () => { }; init({ fieldName: '@tags' }); - expect(topHitMetricAgg.getValue(aggConfig, bucket)).toBe('aaa'); + expect(getTopHitMetricAgg(aggTypesDependencies).getValue(aggConfig, bucket)).toBe('aaa'); }); it('should return the object if the field value is an object', () => { @@ -200,7 +208,9 @@ describe('Top hit metric', () => { init({ fieldName: '@tags' }); - expect(topHitMetricAgg.getValue(aggConfig, bucket)).toEqual({ label: 'aaa' }); + expect(getTopHitMetricAgg(aggTypesDependencies).getValue(aggConfig, bucket)).toEqual({ + label: 'aaa', + }); }); it('should return an array if the field has more than one values', () => { @@ -219,7 +229,10 @@ describe('Top hit metric', () => { }; init({ fieldName: '@tags' }); - expect(topHitMetricAgg.getValue(aggConfig, bucket)).toEqual(['aaa', 'bbb']); + expect(getTopHitMetricAgg(aggTypesDependencies).getValue(aggConfig, bucket)).toEqual([ + 'aaa', + 'bbb', + ]); }); it('should return undefined if the field is not in the source nor in the doc_values field', () => { @@ -241,7 +254,7 @@ describe('Top hit metric', () => { }; init({ fieldName: 'machine.os.raw', readFromDocValues: true }); - expect(topHitMetricAgg.getValue(aggConfig, bucket)).toBe(undefined); + expect(getTopHitMetricAgg(aggTypesDependencies).getValue(aggConfig, bucket)).toBe(undefined); }); describe('Multivalued field and first/last X docs', () => { @@ -250,7 +263,9 @@ describe('Top hit metric', () => { fieldName: 'bytes', size: 2, }); - expect(topHitMetricAgg.makeLabel(aggConfig)).toEqual('Last 2 bytes'); + expect(getTopHitMetricAgg(aggTypesDependencies).makeLabel(aggConfig)).toEqual( + 'Last 2 bytes' + ); }); it('should return a label prefixed with First X docs if sorting in ascending order', () => { @@ -259,7 +274,9 @@ describe('Top hit metric', () => { size: 2, sortOrder: 'asc', }); - expect(topHitMetricAgg.makeLabel(aggConfig)).toEqual('First 2 bytes'); + expect(getTopHitMetricAgg(aggTypesDependencies).makeLabel(aggConfig)).toEqual( + 'First 2 bytes' + ); }); [ @@ -334,7 +351,9 @@ describe('Top hit metric', () => { }; init({ fieldName: 'bytes', aggregate: agg.type }); - expect(topHitMetricAgg.getValue(aggConfig, bucket)).toEqual(agg.result); + expect(getTopHitMetricAgg(aggTypesDependencies).getValue(aggConfig, bucket)).toEqual( + agg.result + ); }); it(`should return the result of the ${agg.type} aggregation over the last X docs - ${agg.description}`, () => { @@ -358,7 +377,9 @@ describe('Top hit metric', () => { }; init({ fieldName: 'bytes', aggregate: agg.type }); - expect(topHitMetricAgg.getValue(aggConfig, bucket)).toEqual(agg.result); + expect(getTopHitMetricAgg(aggTypesDependencies).getValue(aggConfig, bucket)).toEqual( + agg.result + ); }); }); }); diff --git a/src/plugins/data/public/search/aggs/metrics/top_hit.ts b/src/plugins/data/public/search/aggs/metrics/top_hit.ts index d0c668c577e62..15da2b485aee7 100644 --- a/src/plugins/data/public/search/aggs/metrics/top_hit.ts +++ b/src/plugins/data/public/search/aggs/metrics/top_hit.ts @@ -22,6 +22,11 @@ import { i18n } from '@kbn/i18n'; import { IMetricAggConfig, MetricAggType } from './metric_agg_type'; import { METRIC_TYPES } from './metric_agg_types'; import { KBN_FIELD_TYPES } from '../../../../common'; +import { GetInternalStartServicesFn } from '../../../types'; + +export interface TopHitMetricAggDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} const isNumericFieldSelected = (agg: IMetricAggConfig) => { const field = agg.getParam('field'); @@ -29,214 +34,225 @@ const isNumericFieldSelected = (agg: IMetricAggConfig) => { return field && field.type && field.type === KBN_FIELD_TYPES.NUMBER; }; -export const topHitMetricAgg = new MetricAggType({ - name: METRIC_TYPES.TOP_HITS, - title: i18n.translate('data.search.aggs.metrics.topHitTitle', { - defaultMessage: 'Top Hit', - }), - makeLabel(aggConfig) { - const lastPrefixLabel = i18n.translate('data.search.aggs.metrics.topHit.lastPrefixLabel', { - defaultMessage: 'Last', - }); - const firstPrefixLabel = i18n.translate('data.search.aggs.metrics.topHit.firstPrefixLabel', { - defaultMessage: 'First', - }); - - let prefix = - aggConfig.getParam('sortOrder').value === 'desc' ? lastPrefixLabel : firstPrefixLabel; - - const size = aggConfig.getParam('size'); - - if (size !== 1) { - prefix += ` ${size}`; - } - - const field = aggConfig.getParam('field'); - - return `${prefix} ${field ? field.displayName : ''}`; - }, - params: [ +export const getTopHitMetricAgg = ({ getInternalStartServices }: TopHitMetricAggDependencies) => { + return new MetricAggType( { - name: 'field', - type: 'field', - onlyAggregatable: false, - filterFieldTypes: Object.values(KBN_FIELD_TYPES).filter( - type => type !== KBN_FIELD_TYPES.HISTOGRAM - ), - write(agg, output) { - const field = agg.getParam('field'); - output.params = {}; - - if (field.scripted) { - output.params.script_fields = { - [field.name]: { - script: { - source: field.script, - lang: field.lang, - }, - }, - }; - } else { - if (field.readFromDocValues) { - // always format date fields as date_time to avoid - // displaying unformatted dates like epoch_millis - // or other not-accepted momentjs formats - const format = field.type === KBN_FIELD_TYPES.DATE ? 'date_time' : 'use_field_mapping'; - output.params.docvalue_fields = [{ field: field.name, format }]; + name: METRIC_TYPES.TOP_HITS, + title: i18n.translate('data.search.aggs.metrics.topHitTitle', { + defaultMessage: 'Top Hit', + }), + makeLabel(aggConfig) { + const lastPrefixLabel = i18n.translate('data.search.aggs.metrics.topHit.lastPrefixLabel', { + defaultMessage: 'Last', + }); + const firstPrefixLabel = i18n.translate( + 'data.search.aggs.metrics.topHit.firstPrefixLabel', + { + defaultMessage: 'First', } - output.params._source = field.name === '_source' ? true : field.name; + ); + + let prefix = + aggConfig.getParam('sortOrder').value === 'desc' ? lastPrefixLabel : firstPrefixLabel; + + const size = aggConfig.getParam('size'); + + if (size !== 1) { + prefix += ` ${size}`; } + + const field = aggConfig.getParam('field'); + + return `${prefix} ${field ? field.displayName : ''}`; }, - }, - { - name: 'aggregate', - type: 'optioned', - options: [ + params: [ { - text: i18n.translate('data.search.aggs.metrics.topHit.minLabel', { - defaultMessage: 'Min', - }), - isCompatible: isNumericFieldSelected, - disabled: true, - value: 'min', - }, - { - text: i18n.translate('data.search.aggs.metrics.topHit.maxLabel', { - defaultMessage: 'Max', - }), - isCompatible: isNumericFieldSelected, - disabled: true, - value: 'max', + name: 'field', + type: 'field', + onlyAggregatable: false, + filterFieldTypes: Object.values(KBN_FIELD_TYPES).filter( + type => type !== KBN_FIELD_TYPES.HISTOGRAM + ), + write(agg, output) { + const field = agg.getParam('field'); + output.params = {}; + + if (field.scripted) { + output.params.script_fields = { + [field.name]: { + script: { + source: field.script, + lang: field.lang, + }, + }, + }; + } else { + if (field.readFromDocValues) { + // always format date fields as date_time to avoid + // displaying unformatted dates like epoch_millis + // or other not-accepted momentjs formats + const format = + field.type === KBN_FIELD_TYPES.DATE ? 'date_time' : 'use_field_mapping'; + output.params.docvalue_fields = [{ field: field.name, format }]; + } + output.params._source = field.name === '_source' ? true : field.name; + } + }, }, { - text: i18n.translate('data.search.aggs.metrics.topHit.sumLabel', { - defaultMessage: 'Sum', - }), - isCompatible: isNumericFieldSelected, - disabled: true, - value: 'sum', + name: 'aggregate', + type: 'optioned', + options: [ + { + text: i18n.translate('data.search.aggs.metrics.topHit.minLabel', { + defaultMessage: 'Min', + }), + isCompatible: isNumericFieldSelected, + disabled: true, + value: 'min', + }, + { + text: i18n.translate('data.search.aggs.metrics.topHit.maxLabel', { + defaultMessage: 'Max', + }), + isCompatible: isNumericFieldSelected, + disabled: true, + value: 'max', + }, + { + text: i18n.translate('data.search.aggs.metrics.topHit.sumLabel', { + defaultMessage: 'Sum', + }), + isCompatible: isNumericFieldSelected, + disabled: true, + value: 'sum', + }, + { + text: i18n.translate('data.search.aggs.metrics.topHit.averageLabel', { + defaultMessage: 'Average', + }), + isCompatible: isNumericFieldSelected, + disabled: true, + value: 'average', + }, + { + text: i18n.translate('data.search.aggs.metrics.topHit.concatenateLabel', { + defaultMessage: 'Concatenate', + }), + isCompatible(aggConfig: IMetricAggConfig) { + return _.get(aggConfig.params, 'field.filterFieldTypes', '*') === '*'; + }, + disabled: true, + value: 'concat', + }, + ], + write: _.noop, }, { - text: i18n.translate('data.search.aggs.metrics.topHit.averageLabel', { - defaultMessage: 'Average', - }), - isCompatible: isNumericFieldSelected, - disabled: true, - value: 'average', + name: 'size', + default: 1, }, { - text: i18n.translate('data.search.aggs.metrics.topHit.concatenateLabel', { - defaultMessage: 'Concatenate', - }), - isCompatible(aggConfig: IMetricAggConfig) { - return _.get(aggConfig.params, 'field.filterFieldTypes', '*') === '*'; + name: 'sortField', + type: 'field', + filterFieldTypes: [ + KBN_FIELD_TYPES.NUMBER, + KBN_FIELD_TYPES.DATE, + KBN_FIELD_TYPES.IP, + KBN_FIELD_TYPES.STRING, + ], + default(agg: IMetricAggConfig) { + return agg.getIndexPattern().timeFieldName; }, - disabled: true, - value: 'concat', - }, - ], - write: _.noop, - }, - { - name: 'size', - default: 1, - }, - { - name: 'sortField', - type: 'field', - filterFieldTypes: [ - KBN_FIELD_TYPES.NUMBER, - KBN_FIELD_TYPES.DATE, - KBN_FIELD_TYPES.IP, - KBN_FIELD_TYPES.STRING, - ], - default(agg: IMetricAggConfig) { - return agg.getIndexPattern().timeFieldName; - }, - write: _.noop, // prevent default write, it is handled below - }, - { - name: 'sortOrder', - type: 'optioned', - default: 'desc', - options: [ - { - text: i18n.translate('data.search.aggs.metrics.topHit.descendingLabel', { - defaultMessage: 'Descending', - }), - value: 'desc', + write: _.noop, // prevent default write, it is handled below }, { - text: i18n.translate('data.search.aggs.metrics.topHit.ascendingLabel', { - defaultMessage: 'Ascending', - }), - value: 'asc', - }, - ], - write(agg, output) { - const sortField = agg.params.sortField; - const sortOrder = agg.params.sortOrder; - - if (sortField.scripted) { - output.params.sort = [ + name: 'sortOrder', + type: 'optioned', + default: 'desc', + options: [ { - _script: { - script: { - source: sortField.script, - lang: sortField.lang, - }, - type: sortField.type, - order: sortOrder.value, - }, + text: i18n.translate('data.search.aggs.metrics.topHit.descendingLabel', { + defaultMessage: 'Descending', + }), + value: 'desc', }, - ]; - } else { - output.params.sort = [ { - [sortField.name]: { - order: sortOrder.value, - }, + text: i18n.translate('data.search.aggs.metrics.topHit.ascendingLabel', { + defaultMessage: 'Ascending', + }), + value: 'asc', }, - ]; + ], + write(agg, output) { + const sortField = agg.params.sortField; + const sortOrder = agg.params.sortOrder; + + if (sortField.scripted) { + output.params.sort = [ + { + _script: { + script: { + source: sortField.script, + lang: sortField.lang, + }, + type: sortField.type, + order: sortOrder.value, + }, + }, + ]; + } else { + output.params.sort = [ + { + [sortField.name]: { + order: sortOrder.value, + }, + }, + ]; + } + }, + }, + ], + getValue(agg, bucket) { + const hits: any[] = _.get(bucket, `${agg.id}.hits.hits`); + if (!hits || !hits.length) { + return null; } - }, - }, - ], - getValue(agg, bucket) { - const hits: any[] = _.get(bucket, `${agg.id}.hits.hits`); - if (!hits || !hits.length) { - return null; - } - const path = agg.getParam('field').name; + const path = agg.getParam('field').name; - let values = _.flatten( - hits.map(hit => - path === '_source' ? hit._source : agg.getIndexPattern().flattenHit(hit, true)[path] - ) - ); + let values = _.flatten( + hits.map(hit => + path === '_source' ? hit._source : agg.getIndexPattern().flattenHit(hit, true)[path] + ) + ); - if (values.length === 1) { - values = values[0]; - } + if (values.length === 1) { + values = values[0]; + } + + if (Array.isArray(values)) { + if (!_.compact(values).length) { + return null; + } + + const aggregate = agg.getParam('aggregate'); - if (Array.isArray(values)) { - if (!_.compact(values).length) { - return null; - } - - const aggregate = agg.getParam('aggregate'); - - switch (aggregate.value) { - case 'max': - return _.max(values); - case 'min': - return _.min(values); - case 'sum': - return _.sum(values); - case 'average': - return _.sum(values) / values.length; - } + switch (aggregate.value) { + case 'max': + return _.max(values); + case 'min': + return _.min(values); + case 'sum': + return _.sum(values); + case 'average': + return _.sum(values) / values.length; + } + } + return values; + }, + }, + { + getInternalStartServices, } - return values; - }, -}); + ); +}; diff --git a/src/plugins/data/public/search/aggs/param_types/field.test.ts b/src/plugins/data/public/search/aggs/param_types/field.test.ts index 0182471392910..ea7931130b84a 100644 --- a/src/plugins/data/public/search/aggs/param_types/field.test.ts +++ b/src/plugins/data/public/search/aggs/param_types/field.test.ts @@ -18,11 +18,20 @@ */ import { BaseParamType } from './base'; -import { FieldParamType } from './field'; +import { FieldParamType, FieldParamTypeDependencies } from './field'; import { ES_FIELD_TYPES, KBN_FIELD_TYPES } from '../../../../common'; import { IAggConfig } from '../agg_config'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; +import { notificationServiceMock } from '../../../../../../../src/core/public/mocks'; describe('Field', () => { + const fieldParamTypeDependencies: FieldParamTypeDependencies = { + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), + }; + const indexPattern = { id: '1234', title: 'logstash-*', @@ -52,10 +61,13 @@ describe('Field', () => { describe('constructor', () => { it('it is an instance of BaseParamType', () => { - const aggParam = new FieldParamType({ - name: 'field', - type: 'field', - }); + const aggParam = new FieldParamType( + { + name: 'field', + type: 'field', + }, + fieldParamTypeDependencies + ); expect(aggParam instanceof BaseParamType).toBeTruthy(); }); @@ -63,10 +75,13 @@ describe('Field', () => { describe('getAvailableFields', () => { it('should return only aggregatable fields by default', () => { - const aggParam = new FieldParamType({ - name: 'field', - type: 'field', - }); + const aggParam = new FieldParamType( + { + name: 'field', + type: 'field', + }, + fieldParamTypeDependencies + ); const fields = aggParam.getAvailableFields(agg); @@ -78,10 +93,13 @@ describe('Field', () => { }); it('should return all fields if onlyAggregatable is false', () => { - const aggParam = new FieldParamType({ - name: 'field', - type: 'field', - }); + const aggParam = new FieldParamType( + { + name: 'field', + type: 'field', + }, + fieldParamTypeDependencies + ); aggParam.onlyAggregatable = false; @@ -91,10 +109,13 @@ describe('Field', () => { }); it('should return all fields if filterFieldTypes was not specified', () => { - const aggParam = new FieldParamType({ - name: 'field', - type: 'field', - }); + const aggParam = new FieldParamType( + { + name: 'field', + type: 'field', + }, + fieldParamTypeDependencies + ); indexPattern.fields[1].aggregatable = true; diff --git a/src/plugins/data/public/search/aggs/param_types/field.ts b/src/plugins/data/public/search/aggs/param_types/field.ts index 34b77e14a3a71..4d67f41905c5a 100644 --- a/src/plugins/data/public/search/aggs/param_types/field.ts +++ b/src/plugins/data/public/search/aggs/param_types/field.ts @@ -24,7 +24,7 @@ import { BaseParamType } from './base'; import { propFilter } from '../filter'; import { isNestedField, KBN_FIELD_TYPES } from '../../../../common'; import { Field as IndexPatternField } from '../../../index_patterns'; -import { getNotifications } from '../../../../public/services'; +import { GetInternalStartServicesFn } from '../../../types'; const filterByType = propFilter('type'); @@ -32,13 +32,20 @@ export type FieldTypes = KBN_FIELD_TYPES | KBN_FIELD_TYPES[] | '*'; // TODO need to make a more explicit interface for this export type IFieldParamType = FieldParamType; +export interface FieldParamTypeDependencies { + getInternalStartServices: GetInternalStartServicesFn; +} + export class FieldParamType extends BaseParamType { required = true; scriptable = true; filterFieldTypes: FieldTypes; onlyAggregatable: boolean; - constructor(config: Record) { + constructor( + config: Record, + { getInternalStartServices }: FieldParamTypeDependencies + ) { super(config); this.filterFieldTypes = config.filterFieldTypes || '*'; @@ -87,7 +94,7 @@ export class FieldParamType extends BaseParamType { // @ts-ignore const validField = this.getAvailableFields(aggConfig).find((f: any) => f.name === fieldName); if (!validField) { - getNotifications().toasts.addDanger( + getInternalStartServices().notifications.toasts.addDanger( i18n.translate( 'data.search.aggs.paramTypes.field.invalidSavedFieldParameterErrorMessage', { diff --git a/src/plugins/data/public/search/aggs/test_helpers/mock_agg_types_registry.ts b/src/plugins/data/public/search/aggs/test_helpers/mock_agg_types_registry.ts index 57d27b7da6313..2383affa2a8c5 100644 --- a/src/plugins/data/public/search/aggs/test_helpers/mock_agg_types_registry.ts +++ b/src/plugins/data/public/search/aggs/test_helpers/mock_agg_types_registry.ts @@ -18,12 +18,13 @@ */ // eslint-disable-next-line @kbn/eslint/no-restricted-paths -import { coreMock } from '../../../../../../../src/core/public/mocks'; +import { coreMock, notificationServiceMock } from '../../../../../../../src/core/public/mocks'; import { AggTypesRegistry, AggTypesRegistryStart } from '../agg_types_registry'; import { getAggTypes } from '../agg_types'; -import { BucketAggType } from '../buckets/_bucket_agg_type'; +import { BucketAggType } from '../buckets/bucket_agg_type'; import { MetricAggType } from '../metrics/metric_agg_type'; import { queryServiceMock } from '../../../query/mocks'; +import { fieldFormatsServiceMock } from '../../../field_formats/mocks'; /** * Testing utility which creates a new instance of AggTypesRegistry, @@ -55,8 +56,11 @@ export function mockAggTypesRegistry | MetricAggTyp const core = coreMock.createSetup(); const aggTypes = getAggTypes({ uiSettings: core.uiSettings, - notifications: core.notifications, query: queryServiceMock.createSetupContract(), + getInternalStartServices: () => ({ + fieldFormats: fieldFormatsServiceMock.createStartContract(), + notifications: notificationServiceMock.createStartContract(), + }), }); aggTypes.buckets.forEach(type => registrySetup.registerBucket(type)); diff --git a/src/plugins/data/public/search/search_service.ts b/src/plugins/data/public/search/search_service.ts index dc1c99f76d59a..42f31ef450d28 100644 --- a/src/plugins/data/public/search/search_service.ts +++ b/src/plugins/data/public/search/search_service.ts @@ -26,6 +26,7 @@ import { getEsClient, LegacyApiCaller } from './es_client'; import { ES_SEARCH_STRATEGY, DEFAULT_SEARCH_STRATEGY } from '../../common/search'; import { esSearchStrategyProvider } from './es_search/es_search_strategy'; import { QuerySetup } from '../query/query_service'; +import { GetInternalStartServicesFn } from '../types'; import { SearchInterceptor } from './search_interceptor'; import { getAggTypes, @@ -44,6 +45,7 @@ import { interface SearchServiceSetupDependencies { packageInfo: PackageInfo; query: QuerySetup; + getInternalStartServices: GetInternalStartServicesFn; } /** @@ -81,7 +83,7 @@ export class SearchService implements Plugin { public setup( core: CoreSetup, - { packageInfo, query }: SearchServiceSetupDependencies + { packageInfo, query, getInternalStartServices }: SearchServiceSetupDependencies ): ISearchSetup { this.esClient = getEsClient(core.injectedMetadata, core.http, packageInfo); this.registerSearchStrategyProvider(SYNC_SEARCH_STRATEGY, syncSearchStrategyProvider); @@ -91,7 +93,7 @@ export class SearchService implements Plugin { const aggTypes = getAggTypes({ query, uiSettings: core.uiSettings, - notifications: core.notifications, + getInternalStartServices, }); aggTypes.buckets.forEach(b => aggTypesSetup.registerBucket(b)); diff --git a/src/plugins/data/public/types.ts b/src/plugins/data/public/types.ts index 45160cbf30179..e24e01d241278 100644 --- a/src/plugins/data/public/types.ts +++ b/src/plugins/data/public/types.ts @@ -71,3 +71,12 @@ export interface IDataPluginServices extends Partial { storage: IStorageWrapper; data: DataPublicPluginStart; } + +/** @internal **/ +export interface InternalStartServices { + fieldFormats: FieldFormatsStart; + notifications: CoreStart['notifications']; +} + +/** @internal **/ +export type GetInternalStartServicesFn = () => InternalStartServices; From 459d6ec365982dfa94badee8b18e2f2eb4fc91ca Mon Sep 17 00:00:00 2001 From: Patrick Mueller Date: Tue, 7 Apr 2020 08:30:17 -0400 Subject: [PATCH 16/36] [Alerting] for email action, set tls.rejectUnauthorized: false when secure: false (#62380) resolves https://github.com/elastic/kibana/issues/62372 See the referenced issue for background. Eventually we will probably have to have a separate setting for `tls.rejectUnauthorized`, not base it on the value of the `secure` config property. But this will likely be useful for a number of smtp servers used by customers. --- .../actions/server/builtin_action_types/lib/send_email.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts index 74eead0708545..47d7aff8022ce 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts @@ -65,6 +65,11 @@ export async function sendEmail(logger: Logger, options: SendEmailOptions): Prom transportConfig.host = host; transportConfig.port = port; transportConfig.secure = !!secure; + if (!transportConfig.secure) { + transportConfig.tls = { + rejectUnauthorized: false, + }; + } } const nodemailerTransport = nodemailer.createTransport(transportConfig); From 994aa63e50ebde87cef7f8b68f94511d9b7bacaa Mon Sep 17 00:00:00 2001 From: Jonathan Buttner <56361221+jonathan-buttner@users.noreply.github.com> Date: Tue, 7 Apr 2020 08:50:30 -0400 Subject: [PATCH 17/36] [EPM] Store map visualizations from the package registry and use saved object ID (#62059) * Using saved objects id instead of creating one * Adding map to list of types * Fixing typing errors * Reverting id change * Reverting asset id Co-authored-by: Elastic Machine --- .../ingest_manager/common/services/package_to_config.test.ts | 1 + x-pack/plugins/ingest_manager/common/types/models/epm.ts | 1 + .../applications/ingest_manager/sections/epm/constants.tsx | 2 ++ 3 files changed, 4 insertions(+) diff --git a/x-pack/plugins/ingest_manager/common/services/package_to_config.test.ts b/x-pack/plugins/ingest_manager/common/services/package_to_config.test.ts index 357f407811880..5fa7af2dda79a 100644 --- a/x-pack/plugins/ingest_manager/common/services/package_to_config.test.ts +++ b/x-pack/plugins/ingest_manager/common/services/package_to_config.test.ts @@ -24,6 +24,7 @@ describe('Ingest Manager - packageToConfig', () => { visualization: [], search: [], 'index-pattern': [], + map: [], }, }, status: InstallationStatus.notInstalled, diff --git a/x-pack/plugins/ingest_manager/common/types/models/epm.ts b/x-pack/plugins/ingest_manager/common/types/models/epm.ts index 28786530db018..efa6621001038 100644 --- a/x-pack/plugins/ingest_manager/common/types/models/epm.ts +++ b/x-pack/plugins/ingest_manager/common/types/models/epm.ts @@ -28,6 +28,7 @@ export enum KibanaAssetType { visualization = 'visualization', search = 'search', indexPattern = 'index-pattern', + map = 'map', } export enum ElasticsearchAssetType { diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/epm/constants.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/epm/constants.tsx index 3a6dfe4a87daf..685199245df18 100644 --- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/epm/constants.tsx +++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/epm/constants.tsx @@ -24,6 +24,7 @@ export const AssetTitleMap: Record = { search: 'Saved Search', visualization: 'Visualization', input: 'Agent input', + map: 'Map', }; export const ServiceTitleMap: Record = { @@ -36,6 +37,7 @@ export const AssetIcons: Record = { 'index-pattern': 'indexPatternApp', search: 'searchProfilerApp', visualization: 'visualizeApp', + map: 'mapApp', }; export const ServiceIcons: Record = { From 6fdd7b4c9b0fc5f5fb9cd325ee6c705df2218db0 Mon Sep 17 00:00:00 2001 From: Dario Gieselaar Date: Tue, 7 Apr 2020 16:06:13 +0200 Subject: [PATCH 18/36] [APM] Prevent error rate alert trigger from rendering NaN (#62754) * [APM] Prevent error rate alert trigger from rendering NaN Closes #62458. * Use params instead of alertParams --- .../components/shared/ErrorRateAlertTrigger/index.tsx | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/x-pack/legacy/plugins/apm/public/components/shared/ErrorRateAlertTrigger/index.tsx b/x-pack/legacy/plugins/apm/public/components/shared/ErrorRateAlertTrigger/index.tsx index 9bfc5936a555e..b7e23c2979cb8 100644 --- a/x-pack/legacy/plugins/apm/public/components/shared/ErrorRateAlertTrigger/index.tsx +++ b/x-pack/legacy/plugins/apm/public/components/shared/ErrorRateAlertTrigger/index.tsx @@ -6,6 +6,7 @@ import React from 'react'; import { EuiFieldNumber } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; +import { isFinite } from 'lodash'; import { ForLastExpression } from '../../../../../../../plugins/triggers_actions_ui/public'; import { ALERT_TYPES_CONFIG } from '../../../../../../../plugins/apm/common/alert_types'; import { ServiceAlertTrigger } from '../ServiceAlertTrigger'; @@ -37,15 +38,17 @@ export function ErrorRateAlertTrigger(props: Props) { ...alertParams }; + const threshold = isFinite(params.threshold) ? params.threshold : ''; + const fields = [ setAlertParams('threshold', parseInt(e.target.value, 10)) From d565db0dbd5d5e855491acbede9424aefc579cca Mon Sep 17 00:00:00 2001 From: Oliver Gupte Date: Tue, 7 Apr 2020 07:06:49 -0700 Subject: [PATCH 19/36] [APM] Service map - Fix taxi edge arrow orientation (#62741) Co-authored-by: Elastic Machine --- .../apm/public/components/app/ServiceMap/cytoscapeOptions.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts b/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts index 0438842f7af10..92f66f698f044 100644 --- a/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts +++ b/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts @@ -83,7 +83,7 @@ const style: cytoscape.Stylesheet[] = [ style: { 'curve-style': 'taxi', // @ts-ignore - 'taxi-direction': 'rightward', + 'taxi-direction': 'auto', 'line-color': lineColor, 'overlay-opacity': 0, 'target-arrow-color': lineColor, From 30b6d42c42dcaa1377121bef41ffb3a113db2e17 Mon Sep 17 00:00:00 2001 From: Oliver Gupte Date: Tue, 7 Apr 2020 07:06:55 -0700 Subject: [PATCH 20/36] [APM] Service map - fixes irrelevant services on data refresh (#62750) Co-authored-by: Elastic Machine --- .../apm/public/components/app/ServiceMap/Cytoscape.tsx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Cytoscape.tsx b/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Cytoscape.tsx index 7bdc6aebbd9a0..21bedc204f48b 100644 --- a/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Cytoscape.tsx +++ b/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Cytoscape.tsx @@ -124,6 +124,12 @@ export function Cytoscape({ // Trigger a custom "data" event when data changes useEffect(() => { if (cy && elements.length > 0) { + const renderedElements = cy.elements('node,edge'); + const latestElementIds = elements.map(el => el.data.id); + const absentElements = renderedElements.filter( + el => !latestElementIds.includes(el.id()) + ); + cy.remove(absentElements); cy.add(elements); cy.trigger('data'); } From cd1e11bce6e14b9b7635a3cd46786ed1d545c26a Mon Sep 17 00:00:00 2001 From: Nathan L Smith Date: Tue, 7 Apr 2020 09:08:38 -0500 Subject: [PATCH 21/36] Add service map icon for rum-js agent type (#62721) * Add service map icon for rum-js agent type We previously were only checking for "js-base" as the RUM `agent.name` but it can report either "js-base" or "rum-js", so make that work. I saw an "opbeans-react" service on a map generated by apm-integration-testing that Gil had running last week. Not sure if that's a newer or older version because I don't see it on apm.elstc.co. Also clean up the icons storybook a little. Fixes #62336. * use isRumAgentName Co-authored-by: Elastic Machine --- .../app/ServiceMap/Cytoscape.stories.tsx | 34 +++++++++---------- .../public/components/app/ServiceMap/icons.ts | 12 +++++-- 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Cytoscape.stories.tsx b/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Cytoscape.stories.tsx index 46754c8c7cb6b..a8d3b843a1f3d 100644 --- a/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Cytoscape.stories.tsx +++ b/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Cytoscape.stories.tsx @@ -75,27 +75,17 @@ storiesOf('app/ServiceMap/Cytoscape', module) const cy = cytoscape(); const elements = [ { data: { id: 'default' } }, - { data: { id: 'cache', label: 'cache', 'span.type': 'cache' } }, - { data: { id: 'database', label: 'database', 'span.type': 'db' } }, + { data: { id: 'cache', 'span.type': 'cache' } }, + { data: { id: 'database', 'span.type': 'db' } }, { data: { id: 'elasticsearch', - label: 'elasticsearch', 'span.type': 'db', 'span.subtype': 'elasticsearch' } }, - { - data: { id: 'external', label: 'external', 'span.type': 'external' } - }, - { - data: { - id: 'messaging', - label: 'messaging', - 'span.type': 'messaging' - } - }, - + { data: { id: 'external', 'span.type': 'external' } }, + { data: { id: 'messaging', 'span.type': 'messaging' } }, { data: { id: 'dotnet', @@ -119,11 +109,18 @@ storiesOf('app/ServiceMap/Cytoscape', module) }, { data: { - id: 'js-base', - 'service.name': 'js-base service', + id: 'RUM (js-base)', + 'service.name': 'RUM service', 'agent.name': 'js-base' } }, + { + data: { + id: 'RUM (rum-js)', + 'service.name': 'RUM service', + 'agent.name': 'rum-js' + } + }, { data: { id: 'nodejs', @@ -163,7 +160,8 @@ storiesOf('app/ServiceMap/Cytoscape', module) description={
                     agent.name: {node.data('agent.name') || 'undefined'},
-                    span.type: {node.data('span.type') || 'undefined'}
+                    span.type: {node.data('span.type') || 'undefined'},
+                    span.subtype: {node.data('span.subtype') || 'undefined'}
                   
} icon={ @@ -174,7 +172,7 @@ storiesOf('app/ServiceMap/Cytoscape', module) width={80} /> } - title={node.data('label')} + title={node.data('id')} /> ))} diff --git a/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/icons.ts b/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/icons.ts index 4925ffba310b5..dd9b48d312725 100644 --- a/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/icons.ts +++ b/x-pack/legacy/plugins/apm/public/components/app/ServiceMap/icons.ts @@ -5,11 +5,12 @@ */ import cytoscape from 'cytoscape'; +import { isRumAgentName } from '../../../../../../../plugins/apm/common/agent_name'; import { AGENT_NAME, SERVICE_NAME, - SPAN_TYPE, - SPAN_SUBTYPE + SPAN_SUBTYPE, + SPAN_TYPE } from '../../../../../../../plugins/apm/common/elasticsearch_fieldnames'; import databaseIcon from './icons/database.svg'; import defaultIconImport from './icons/default.svg'; @@ -62,7 +63,12 @@ export function iconForNode(node: cytoscape.NodeSingular) { const type = node.data(SPAN_TYPE); if (node.data(SERVICE_NAME)) { - return serviceIcons[node.data(AGENT_NAME) as string]; + const agentName = node.data(AGENT_NAME); + // RUM can have multiple names. Normalize it + const normalizedAgentName = isRumAgentName(agentName) + ? 'js-base' + : agentName; + return serviceIcons[normalizedAgentName]; } else if (isIE11) { return defaultIcon; } else if ( From 95505bf1e1a3981b3d9de0a4564ea858ebd3ef17 Mon Sep 17 00:00:00 2001 From: Dario Gieselaar Date: Tue, 7 Apr 2020 16:17:02 +0200 Subject: [PATCH 22/36] =?UTF-8?q?[APM]=20make=20sure=20environment=20query?= =?UTF-8?q?=20is=20correct=20for=20service=20maps=E2=80=A6=20(#62764)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes #62207. Co-authored-by: Elastic Machine --- .../lib/service_map/get_service_map_service_node_info.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/x-pack/plugins/apm/server/lib/service_map/get_service_map_service_node_info.ts b/x-pack/plugins/apm/server/lib/service_map/get_service_map_service_node_info.ts index 0fe825e8ace35..d7e28828572d5 100644 --- a/x-pack/plugins/apm/server/lib/service_map/get_service_map_service_node_info.ts +++ b/x-pack/plugins/apm/server/lib/service_map/get_service_map_service_node_info.ts @@ -41,9 +41,7 @@ export async function getServiceMapServiceNodeInfo({ const filter: ESFilter[] = [ { range: rangeFilter(start, end) }, { term: { [SERVICE_NAME]: serviceName } }, - ...(environment - ? [{ term: { [SERVICE_ENVIRONMENT]: SERVICE_ENVIRONMENT } }] - : []) + ...(environment ? [{ term: { [SERVICE_ENVIRONMENT]: environment } }] : []) ]; const minutes = Math.abs((end - start) / (1000 * 60)); From d1e8d0d6eced553b6c2e3dd8a1fde6178a91f898 Mon Sep 17 00:00:00 2001 From: Lukas Olson Date: Tue, 7 Apr 2020 07:21:28 -0700 Subject: [PATCH 23/36] [Search] Properly add slash preceding path in async search (#62722) * [Search] Properly add slash preceding path in async search * Fix tests Co-authored-by: Elastic Machine --- .../server/search/es_search_strategy.test.ts | 8 ++++---- .../data_enhanced/server/search/es_search_strategy.ts | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/data_enhanced/server/search/es_search_strategy.test.ts b/x-pack/plugins/data_enhanced/server/search/es_search_strategy.test.ts index 88c576c70bdf0..a8a42fe11e7ce 100644 --- a/x-pack/plugins/data_enhanced/server/search/es_search_strategy.test.ts +++ b/x-pack/plugins/data_enhanced/server/search/es_search_strategy.test.ts @@ -71,7 +71,7 @@ describe('ES search strategy', () => { expect(mockApiCaller.mock.calls[0][0]).toBe('transport.request'); const { method, path, body } = mockApiCaller.mock.calls[0][1]; expect(method).toBe('POST'); - expect(path).toBe('logstash-*/_async_search'); + expect(path).toBe('/logstash-*/_async_search'); expect(body).toEqual({ query: {} }); }); @@ -94,7 +94,7 @@ describe('ES search strategy', () => { expect(mockApiCaller.mock.calls[0][0]).toBe('transport.request'); const { method, path, body } = mockApiCaller.mock.calls[0][1]; expect(method).toBe('GET'); - expect(path).toBe('_async_search/foo'); + expect(path).toBe('/_async_search/foo'); expect(body).toEqual(undefined); }); @@ -117,7 +117,7 @@ describe('ES search strategy', () => { expect(mockApiCaller.mock.calls[0][0]).toBe('transport.request'); const { method, path } = mockApiCaller.mock.calls[0][1]; expect(method).toBe('POST'); - expect(path).toBe('foo-%E7%A8%8B/_async_search'); + expect(path).toBe('/foo-%E7%A8%8B/_async_search'); }); it('calls the rollup API if the index is a rollup type', async () => { @@ -139,6 +139,6 @@ describe('ES search strategy', () => { expect(mockApiCaller.mock.calls[0][0]).toBe('transport.request'); const { method, path } = mockApiCaller.mock.calls[0][1]; expect(method).toBe('POST'); - expect(path).toBe('foo-%E7%A8%8B/_rollup_search'); + expect(path).toBe('/foo-%E7%A8%8B/_rollup_search'); }); }); diff --git a/x-pack/plugins/data_enhanced/server/search/es_search_strategy.ts b/x-pack/plugins/data_enhanced/server/search/es_search_strategy.ts index 301f184af7d81..6b329bccab4a7 100644 --- a/x-pack/plugins/data_enhanced/server/search/es_search_strategy.ts +++ b/x-pack/plugins/data_enhanced/server/search/es_search_strategy.ts @@ -45,7 +45,7 @@ export const enhancedEsSearchStrategyProvider: TSearchStrategyProvider = async id => { const method = 'DELETE'; - const path = encodeURI(`_async_search/${id}`); + const path = encodeURI(`/_async_search/${id}`); await caller('transport.request', { method, path }); }; @@ -66,7 +66,7 @@ async function asyncSearch( const { body = undefined, index = undefined, ...queryParams } = request.id ? {} : params; const method = request.id ? 'GET' : 'POST'; - const path = encodeURI(request.id ? `_async_search/${request.id}` : `${index}/_async_search`); + const path = encodeURI(request.id ? `/_async_search/${request.id}` : `/${index}/_async_search`); // Wait up to 1s for the response to return const query = toSnakeCase({ waitForCompletionTimeout: '1s', ...queryParams }); @@ -87,7 +87,7 @@ async function rollupSearch( ) { const { body, index, ...params } = request.params; const method = 'POST'; - const path = encodeURI(`${index}/_rollup_search`); + const path = encodeURI(`/${index}/_rollup_search`); const query = toSnakeCase(params); const rawResponse = await ((caller( From 8eb9fdd6eb7a9020b6924441ba60fc6b54387541 Mon Sep 17 00:00:00 2001 From: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> Date: Tue, 7 Apr 2020 10:27:11 -0400 Subject: [PATCH 24/36] [SIEM] Update beat doc (#61902) * add new ecs description * new auditbeat/filebeat description * update description winlogbeat * bring back description in pictures * review I + use ECS doc as last ressource when you do not know the index * update test * safety default just in case * fix functional test Co-authored-by: Elastic Machine --- .../elasticsearch_adapter.test.ts | 93 +- .../lib/index_fields/elasticsearch_adapter.ts | 55 +- .../utils/beat_schema/8.0.0/auditbeat.ts | 10217 ++++--- .../server/utils/beat_schema/8.0.0/ecs.ts | 7508 +++-- .../utils/beat_schema/8.0.0/filebeat.ts | 24055 ++++++++++++---- .../utils/beat_schema/8.0.0/packetbeat.ts | 8895 ++++-- .../server/utils/beat_schema/index.test.ts | 569 +- .../siem/server/utils/beat_schema/index.ts | 22 +- .../siem/server/utils/beat_schema/type.ts | 39 +- .../test/api_integration/apis/siem/sources.ts | 2 +- 10 files changed, 36923 insertions(+), 14532 deletions(-) diff --git a/x-pack/legacy/plugins/siem/server/lib/index_fields/elasticsearch_adapter.test.ts b/x-pack/legacy/plugins/siem/server/lib/index_fields/elasticsearch_adapter.test.ts index 93472b8539efd..20bc1387a3c4e 100644 --- a/x-pack/legacy/plugins/siem/server/lib/index_fields/elasticsearch_adapter.test.ts +++ b/x-pack/legacy/plugins/siem/server/lib/index_fields/elasticsearch_adapter.test.ts @@ -23,77 +23,108 @@ describe('Index Fields', () => { ).toEqual( sortBy('name', [ { - aggregatable: true, - category: 'base', description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', + 'Date/time when the event originated.\n\nThis is the date/time extracted from the event, typically representing when\nthe event was generated by the source.\n\nIf the event source has no original timestamp, this value is typically populated\nby the first time the event was received by the pipeline.\n\nRequired field for all events.', example: '2016-05-23T08:05:34.853Z', - indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', - searchable: true, type: 'date', + searchable: true, + aggregatable: true, + category: 'base', + indexes: ['auditbeat', 'filebeat', 'packetbeat'], }, { + description: 'Each document has an _id that uniquely identifies it', + example: 'Y-6TfmcB0WOhS6qyMv3s', + footnote: '', + group: 1, + level: 'core', + name: '_id', + required: true, + type: 'string', + searchable: true, + aggregatable: false, + readFromDocValues: true, + category: '_id', + indexes: ['auditbeat', 'filebeat', 'packetbeat'], + }, + { + description: + 'An index is like a ‘database’ in a relational database. It has a mapping which defines multiple types. An index is a logical namespace which maps to one or more primary shards and can have zero or more replica shards.', + example: 'auditbeat-8.0.0-2019.02.19-000001', + footnote: '', + group: 1, + level: 'core', + name: '_index', + required: true, + type: 'string', + searchable: true, aggregatable: true, - category: 'agent', + readFromDocValues: true, + category: '_index', + indexes: ['auditbeat', 'filebeat', 'packetbeat'], + }, + { description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', + 'Ephemeral identifier of this agent (if one exists).\n\nThis id normally changes across restarts, but `agent.id` does not.', example: '8a4f500f', - indexes: ['auditbeat'], name: 'agent.ephemeral_id', - searchable: true, type: 'string', - }, - { + searchable: true, aggregatable: true, category: 'agent', - indexes: ['filebeat'], + indexes: ['auditbeat'], + }, + { name: 'agent.hostname', searchable: true, type: 'string', - }, - { aggregatable: true, category: 'agent', + indexes: ['filebeat'], + }, + { description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', + 'Unique identifier of this agent (if one exists).\n\nExample: For Beats this would be beat.id.', example: '8a4f500d', - indexes: ['packetbeat'], name: 'agent.id', - searchable: true, type: 'string', - }, - { + searchable: true, aggregatable: true, category: 'agent', + indexes: ['packetbeat'], + }, + { description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', + 'Custom name of the agent.\n\nThis is a name that can be given to an agent. This can be helpful if for example\ntwo Filebeat instances are running on the same host but a human readable separation\nis needed on which Filebeat instance data is coming from.\n\nIf no name is given, the name is often left empty.', example: 'foo', - indexes: ['auditbeat', 'filebeat'], name: 'agent.name', - searchable: true, type: 'string', - }, - { + searchable: true, aggregatable: true, category: 'agent', + indexes: ['auditbeat', 'filebeat'], + }, + { description: - 'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.', + 'Type of the agent.\n\nThe agent type stays always the same and should be given by the agent used.\nIn case of Filebeat the agent would always be Filebeat also if two Filebeat\ninstances are run on the same machine.', example: 'filebeat', - indexes: ['auditbeat', 'packetbeat'], name: 'agent.type', - searchable: true, type: 'string', - }, - { + searchable: true, aggregatable: true, category: 'agent', + indexes: ['auditbeat', 'packetbeat'], + }, + { description: 'Version of the agent.', example: '6.0.0-rc2', - indexes: ['auditbeat', 'filebeat'], name: 'agent.version', - searchable: true, type: 'string', + searchable: true, + aggregatable: true, + category: 'agent', + indexes: ['auditbeat', 'filebeat'], }, ]) ); diff --git a/x-pack/legacy/plugins/siem/server/lib/index_fields/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/index_fields/elasticsearch_adapter.ts index 48b9750ddd949..7cfb5ad391149 100644 --- a/x-pack/legacy/plugins/siem/server/lib/index_fields/elasticsearch_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/index_fields/elasticsearch_adapter.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { get } from 'lodash/fp'; +import { isEmpty, get } from 'lodash/fp'; import { IndexField } from '../../graphql/types'; import { @@ -51,6 +51,23 @@ export class ElasticsearchIndexFieldAdapter implements FieldsAdapter { } } +const missingFields = [ + { + name: '_id', + type: 'string', + searchable: true, + aggregatable: false, + readFromDocValues: true, + }, + { + name: '_index', + type: 'string', + searchable: true, + aggregatable: true, + readFromDocValues: true, + }, +]; + export const formatIndexFields = ( responsesIndexFields: IndexFieldDescriptor[][], indexesAlias: IndexAlias[] @@ -59,20 +76,23 @@ export const formatIndexFields = ( .reduce( (accumulator: IndexField[], indexFields: IndexFieldDescriptor[], indexesAliasIdx: number) => [ ...accumulator, - ...indexFields.reduce((itemAccumulator: IndexField[], index: IndexFieldDescriptor) => { - const alias: IndexAlias = indexesAlias[indexesAliasIdx]; - const splitName = index.name.split('.'); - const category = baseCategoryFields.includes(splitName[0]) ? 'base' : splitName[0]; - return [ - ...itemAccumulator, - { - ...(hasDocumentation(alias, index.name) ? getDocumentation(alias, index.name) : {}), - ...index, - category, - indexes: [alias], - } as IndexField, - ]; - }, []), + ...[...missingFields, ...indexFields].reduce( + (itemAccumulator: IndexField[], index: IndexFieldDescriptor) => { + const alias: IndexAlias = indexesAlias[indexesAliasIdx]; + const splitName = index.name.split('.'); + const category = baseCategoryFields.includes(splitName[0]) ? 'base' : splitName[0]; + return [ + ...itemAccumulator, + { + ...(hasDocumentation(alias, index.name) ? getDocumentation(alias, index.name) : {}), + ...index, + category, + indexes: [alias], + } as IndexField, + ]; + }, + [] + ), ], [] ) @@ -84,7 +104,10 @@ export const formatIndexFields = ( ...accumulator.slice(0, alreadyExistingIndexField), { ...existingIndexField, - indexes: [...existingIndexField.indexes, ...indexfield.indexes], + description: isEmpty(existingIndexField.description) + ? indexfield.description + : existingIndexField.description, + indexes: Array.from(new Set([...existingIndexField.indexes, ...indexfield.indexes])), }, ...accumulator.slice(alreadyExistingIndexField + 1), ]; diff --git a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/auditbeat.ts b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/auditbeat.ts index 773d4ed6a7e95..76c865679dd05 100644 --- a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/auditbeat.ts +++ b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/auditbeat.ts @@ -15,91 +15,129 @@ export const auditbeatSchema: Schema = [ { key: 'ecs', title: 'ECS', - description: 'ECS fields.', + description: 'ECS Fields.', fields: [ { name: '@timestamp', - type: 'date', level: 'core', required: true, - example: '2016-05-23T08:05:34.853Z', + type: 'date', description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - }, - { - name: 'tags', - level: 'core', - type: 'keyword', - example: '["production", "env2"]', - description: 'List of keywords used to tag each event.', + 'Date/time when the event originated.\n\nThis is the date/time extracted from the event, typically representing when\nthe event was generated by the source.\n\nIf the event source has no original timestamp, this value is typically populated\nby the first time the event was received by the pipeline.\n\nRequired field for all events.', + example: '2016-05-23T08:05:34.853Z', }, { name: 'labels', level: 'core', type: 'object', - example: { - env: 'production', - application: 'foo-bar', - }, + object_type: 'keyword', description: - 'Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: `docker` and `k8s` labels.', + 'Custom key/value pairs.\n\nCan be used to add meta information to events. Should not contain nested objects.\nAll values are stored as keyword.\n\nExample: `docker` and `k8s` labels.', + example: '{"application": "foo-bar", "env": "production"}', }, { name: 'message', level: 'core', type: 'text', - example: 'Hello World', description: - 'For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message.', + 'For log events the message field contains the log message, optimized\nfor viewing in a log viewer.\n\nFor structured logs without an original message field, other fields can be concatenated\nto form a human-readable summary of the event.\n\nIf multiple messages exist, they can be combined into one message.', + example: 'Hello World', + }, + { + name: 'tags', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'List of keywords used to tag each event.', + example: '["production", "env2"]', }, { name: 'agent', title: 'Agent', group: 2, description: - 'The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken.', + 'The agent fields contain the data about the software entity, if\nany, that collects, detects, or observes events on a host, or takes measurements\non a host.\n\nExamples include Beats. Agents may also run on observers. ECS agent.* fields\nshall be populated with details of the agent running on the host or observer\nwhere the event happened or the measurement was taken.', footnote: - 'Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server.', + 'Examples: In the case of Beats for logs, the agent.name is filebeat.\nFor APM, it is the agent running in the app/service. The agent information does\nnot change if data is sent through queuing systems like Kafka, Redis, or processing\nsystems such as Logstash or APM Server.', type: 'group', fields: [ { - name: 'version', + name: 'ephemeral_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Ephemeral identifier of this agent (if one exists).\n\nThis id normally changes across restarts, but `agent.id` does not.', + example: '8a4f500f', + }, + { + name: 'id', level: 'core', type: 'keyword', - description: 'Version of the agent.', - example: '6.0.0-rc2', + ignore_above: 1024, + description: + 'Unique identifier of this agent (if one exists).\n\nExample: For Beats this would be beat.id.', + example: '8a4f500d', }, { name: 'name', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', + 'Custom name of the agent.\n\nThis is a name that can be given to an agent. This can be helpful if for example\ntwo Filebeat instances are running on the same host but a human readable separation\nis needed on which Filebeat instance data is coming from.\n\nIf no name is given, the name is often left empty.', example: 'foo', }, { name: 'type', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.', + 'Type of the agent.\n\nThe agent type stays always the same and should be given by the agent used.\nIn case of Filebeat the agent would always be Filebeat also if two Filebeat\ninstances are run on the same machine.', example: 'filebeat', }, { - name: 'id', + name: 'version', level: 'core', type: 'keyword', + ignore_above: 1024, + description: 'Version of the agent.', + example: '6.0.0-rc2', + }, + ], + }, + { + name: 'as', + title: 'Autonomous System', + group: 2, + description: + 'An autonomous system (AS) is a collection of connected Internet Protocol\n(IP) routing prefixes under the control of one or more network operators on\nbehalf of a single administrative entity or domain that presents a common, clearly\ndefined routing policy to the internet.', + type: 'group', + fields: [ + { + name: 'number', + level: 'extended', + type: 'long', description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'ephemeral_id', + name: 'organization.name', level: 'extended', type: 'keyword', - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', }, ], }, @@ -108,4693 +146,7750 @@ export const auditbeatSchema: Schema = [ title: 'Client', group: 2, description: - 'A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', + 'A client is defined as the initiator of a network connection for\nevents regarding sessions, connections, or bidirectional flow records.\n\nFor TCP events, the client is the initiator of the TCP connection that sends\nthe SYN packet(s). For other protocols, the client is generally the initiator\nor requestor in the network transaction. Some systems use the term "originator"\nto refer the client in TCP connections. The client fields describe details about\nthe system acting as the client in the network event. Client fields are usually\npopulated in conjunction with server fields. Client fields are generally not\npopulated for packet-level events.\n\nClient / server representations can add semantic context to an exchange, which\nis helpful to visualize the data in certain situations. If your context falls\nin that category, you should still ensure that source and destination are filled\nappropriately.', type: 'group', fields: [ { name: 'address', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Some event client addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', }, { - name: 'ip', - level: 'core', - type: 'ip', - description: 'IP address of the client. Can be one or multiple IPv4 or IPv6 addresses.', + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'port', + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', level: 'core', type: 'long', - description: 'Port of the client.', + format: 'bytes', + description: 'Bytes sent from the client to the server.', + example: 184, }, { - name: 'mac', + name: 'domain', level: 'core', type: 'keyword', - description: 'MAC address of the client.', + ignore_above: 1024, + description: 'Client domain.', }, { - name: 'domain', + name: 'geo.city_name', level: 'core', type: 'keyword', - description: 'Client domain.', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'bytes', + name: 'geo.continent_name', level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the client to the server.', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'packets', + name: 'geo.country_iso_code', level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the client to the server.', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, - ], - }, - { - name: 'cloud', - title: 'Cloud', - group: 2, - description: 'Fields related to the cloud or infrastructure the events are coming from.', - footnote: - 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.', - type: 'group', - fields: [ { - name: 'provider', + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', level: 'extended', - example: 'ec2', type: 'keyword', + ignore_above: 1024, description: - 'Name of the cloud provider. Example values are ec2, gce, or digitalocean.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'availability_zone', - level: 'extended', - example: 'us-east-1c', + name: 'geo.region_iso_code', + level: 'core', type: 'keyword', - description: 'Availability zone in which this host is running.', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'region', - level: 'extended', + name: 'geo.region_name', + level: 'core', type: 'keyword', - example: 'us-east-1', - description: 'Region in which this host is running.', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { - name: 'instance.id', - level: 'extended', - type: 'keyword', - example: 'i-1234567890abcdef0', - description: 'Instance ID of the host machine.', + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the client.\n\nCan be one or multiple IPv4 or IPv6 addresses.', }, { - name: 'instance.name', - level: 'extended', + name: 'mac', + level: 'core', type: 'keyword', - description: 'Instance name of the host machine.', + ignore_above: 1024, + description: 'MAC address of the client.', }, { - name: 'machine.type', + name: 'nat.ip', level: 'extended', - type: 'keyword', - example: 't2.medium', - description: 'Machine type of the host machine.', + type: 'ip', + description: + 'Translated IP of source based NAT sessions (e.g. internal client\nto internet).\n\nTypically connections traversing load balancers, firewalls, or routers.', }, { - name: 'account.id', + name: 'nat.port', level: 'extended', - type: 'keyword', - example: 666777888999, + type: 'long', + format: 'string', description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', + 'Translated port of source based NAT sessions (e.g. internal client\nto internet).\n\nTypically connections traversing load balancers, firewalls, or routers.', }, - ], - }, - { - name: 'container', - title: 'Container', - group: 2, - description: - 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.', - type: 'group', - fields: [ { - name: 'runtime', - level: 'extended', - type: 'keyword', - description: 'Runtime managing this container.', - example: 'docker', + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the client to the server.', + example: 12, }, { - name: 'id', + name: 'port', level: 'core', + type: 'long', + format: 'string', + description: 'Port of the client.', + }, + { + name: 'registered_domain', + level: 'extended', type: 'keyword', - description: 'Unique container id.', + ignore_above: 1024, + description: + 'The highest registered client domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', }, { - name: 'image.name', + name: 'top_level_domain', level: 'extended', type: 'keyword', - description: 'Name of the image the container was built on.', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', }, { - name: 'image.tag', + name: 'user.domain', level: 'extended', type: 'keyword', - description: 'Container image tag.', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'name', + name: 'user.email', level: 'extended', type: 'keyword', - description: 'Container name.', + ignore_above: 1024, + description: 'User email address.', }, { - name: 'labels', + name: 'user.full_name', level: 'extended', - type: 'object', - object_type: 'keyword', - description: 'Image labels.', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', }, - ], - }, - { - name: 'destination', - title: 'Destination', - group: 2, - description: - 'Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields.', - type: 'group', - fields: [ { - name: 'address', + name: 'user.group.domain', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'ip', - level: 'core', - type: 'ip', - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'port', - level: 'core', - type: 'long', - description: 'Port of the destination.', + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', }, { - name: 'mac', - level: 'core', + name: 'user.hash', + level: 'extended', type: 'keyword', - description: 'MAC address of the destination.', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', }, { - name: 'domain', + name: 'user.id', level: 'core', type: 'keyword', - description: 'Destination domain.', + ignore_above: 1024, + description: 'Unique identifiers of the user.', }, { - name: 'bytes', + name: 'user.name', level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the destination to the source.', - }, - { - name: 'packets', - level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the destination to the source.', - }, - { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Short name or login of the user.', + example: 'albert', }, ], }, { - name: 'ecs', - title: 'ECS', + name: 'cloud', + title: 'Cloud', group: 2, - description: 'Meta-information specific to ECS.', + description: 'Fields related to the cloud or infrastructure the events are coming\nfrom.', + footnote: + 'Examples: If Metricbeat is running on an EC2 host and fetches data\nfrom its host, the cloud info contains the data about this machine. If Metricbeat\nruns on a remote machine outside the cloud and fetches data from a service running\nin the cloud, the field contains cloud data from the machine the service is\nrunning on.', type: 'group', fields: [ { - name: 'version', - level: 'core', + name: 'account.id', + level: 'extended', type: 'keyword', - required: true, + ignore_above: 1024, description: - 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. The current version is 1.0.0-beta2 .', - example: '1.0.0-beta2', + 'The cloud account or organization id used to identify different\nentities in a multi-tenant environment.\n\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier.', + example: 666777888999, }, - ], - }, - { - name: 'error', - title: 'Error', - group: 2, - description: - 'These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error.', - type: 'group', - fields: [ { - name: 'id', - level: 'core', + name: 'availability_zone', + level: 'extended', type: 'keyword', - description: 'Unique identifier for the error.', + ignore_above: 1024, + description: 'Availability zone in which this host is running.', + example: 'us-east-1c', }, { - name: 'message', - level: 'core', - type: 'text', - description: 'Error message.', + name: 'instance.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Instance ID of the host machine.', + example: 'i-1234567890abcdef0', }, { - name: 'code', - level: 'core', + name: 'instance.name', + level: 'extended', type: 'keyword', - description: 'Error code describing the error.', + ignore_above: 1024, + description: 'Instance name of the host machine.', }, - ], - }, - { - name: 'event', - title: 'Event', - group: 2, - description: - 'The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host.', - type: 'group', - fields: [ { - name: 'id', - level: 'core', + name: 'machine.type', + level: 'extended', type: 'keyword', - description: 'Unique ID to describe the event.', - example: '8a4f500d', + ignore_above: 1024, + description: 'Machine type of the host machine.', + example: 't2.medium', }, { - name: 'kind', + name: 'provider', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'The kind of the event. This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'state', + 'Name of the cloud provider. Example values are aws, azure, gcp,\nor digitalocean.', + example: 'aws', }, { - name: 'category', - level: 'core', + name: 'region', + level: 'extended', type: 'keyword', - description: - 'Event category. This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'user-management', + ignore_above: 1024, + description: 'Region in which this host is running.', + example: 'us-east-1', }, + ], + }, + { + name: 'code_signature', + title: 'Code Signature', + group: 2, + description: 'These fields contain information about binary code signatures.', + type: 'group', + fields: [ { - name: 'action', + name: 'exists', level: 'core', - type: 'keyword', - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, }, { - name: 'outcome', + name: 'status', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'The outcome of the event. If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'success', - }, - { - name: 'type', - level: 'core', - type: 'keyword', - description: 'Reserved for future usage. Please avoid using this field for user data.', + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'module', + name: 'subject_name', level: 'core', type: 'keyword', - description: - 'Name of the module this data is coming from. This information is coming from the modules used in Beats or Logstash.', - example: 'mysql', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'dataset', - level: 'core', - type: 'keyword', + name: 'trusted', + level: 'extended', + type: 'boolean', description: - 'Name of the dataset. The concept of a `dataset` (fileset / metricset) is used in Beats as a subset of modules. It contains the information which is currently stored in metricset.name and metricset.module or fileset.name.', - example: 'stats', + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, }, { - name: 'severity', - level: 'core', - type: 'long', - example: '7', + name: 'valid', + level: 'extended', + type: 'boolean', description: - "Severity describes the severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events. ", + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, + ], + }, + { + name: 'container', + title: 'Container', + group: 2, + description: + 'Container fields are used for meta information about the specific\ncontainer that is the source of information.\n\nThese fields help correlate data based containers from any runtime.', + type: 'group', + fields: [ { - name: 'original', + name: 'id', level: 'core', type: 'keyword', - example: - 'Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232', - description: - 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`.', - index: false, - doc_values: false, + ignore_above: 1024, + description: 'Unique container id.', }, { - name: 'hash', + name: 'image.name', level: 'extended', type: 'keyword', - example: '123456789012345678901234567890ABCD', - description: - 'Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity.', - }, - { - name: 'duration', - level: 'core', - type: 'long', - format: 'duration', - input_format: 'nanoseconds', - description: - 'Duration of the event in nanoseconds. If event.start and event.end are known this value should be the difference between the end and start time.', + ignore_above: 1024, + description: 'Name of the image the container was built on.', }, { - name: 'timezone', + name: 'image.tag', level: 'extended', type: 'keyword', - description: - 'This field should be populated when the event\'s timestamp does not include timezone information already (e.g. default Syslog timestamps). It\'s optional otherwise. Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00").', - }, - { - name: 'created', - level: 'core', - type: 'date', - description: - 'event.created contains the date when the event was created. This timestamp is distinct from @timestamp in that @timestamp contains the processed timestamp. For logs these two timestamps can be different as the timestamp in the log line and when the event is read for example by Filebeat are not identical. `@timestamp` must contain the timestamp extracted from the log line, event.created when the log line is read. The same could apply to package capturing where @timestamp contains the timestamp extracted from the network package and event.created when the event was created. In case the two timestamps are identical, @timestamp should be used.', + ignore_above: 1024, + description: 'Container image tags.', }, { - name: 'start', + name: 'labels', level: 'extended', - type: 'date', - description: - 'event.start contains the date when the event started or when the activity was first observed.', + type: 'object', + object_type: 'keyword', + description: 'Image labels.', }, { - name: 'end', + name: 'name', level: 'extended', - type: 'date', - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - }, - { - name: 'risk_score', - level: 'core', - type: 'float', - description: - "Risk score or priority of the event (e.g. security solutions). Use your system's original value here. ", + type: 'keyword', + ignore_above: 1024, + description: 'Container name.', }, { - name: 'risk_score_norm', + name: 'runtime', level: 'extended', - type: 'float', - description: - 'Normalized risk score or priority of the event, on a scale of 0 to 100. This is mainly useful if you use more than one system that assigns risk scores, and you want to see a normalized value across all systems.', + type: 'keyword', + ignore_above: 1024, + description: 'Runtime managing this container.', + example: 'docker', }, ], }, { - name: 'file', + name: 'destination', + title: 'Destination', group: 2, - title: 'File', description: - 'A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.', + 'Destination fields describe details about the destination of a packet/event.\n\nDestination fields are usually populated in conjunction with source fields.', type: 'group', fields: [ { - name: 'path', + name: 'address', level: 'extended', type: 'keyword', - description: 'Path to the file.', + ignore_above: 1024, + description: + 'Some event destination addresses are defined ambiguously. The\nevent will sometimes list an IP, a domain or a unix socket. You should always\nstore the raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', }, { - name: 'target_path', + name: 'as.number', level: 'extended', - type: 'keyword', - description: 'Target path for symlinks.', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'extension', + name: 'as.organization.name', level: 'extended', type: 'keyword', - description: 'File extension. This should allow easy filtering by file extensions.', - example: 'png', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', }, { - name: 'type', - level: 'extended', - type: 'keyword', - description: 'File type (file, dir, or symlink).', + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the destination to the source.', + example: 184, }, { - name: 'device', - level: 'extended', + name: 'domain', + level: 'core', type: 'keyword', - description: 'Device that is the source of the file.', + ignore_above: 1024, + description: 'Destination domain.', }, { - name: 'inode', - level: 'extended', + name: 'geo.city_name', + level: 'core', type: 'keyword', - description: 'Inode representing the file in the filesystem.', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'uid', - level: 'extended', + name: 'geo.continent_name', + level: 'core', type: 'keyword', - description: 'The user ID (UID) or security identifier (SID) of the file owner.', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'owner', - level: 'extended', + name: 'geo.country_iso_code', + level: 'core', type: 'keyword', - description: "File owner's username.", + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'gid', - level: 'extended', + name: 'geo.country_name', + level: 'core', type: 'keyword', - description: 'Primary group ID (GID) of the file.', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'group', - level: 'extended', - type: 'keyword', - description: 'Primary group name of the file.', - }, - { - name: 'mode', - level: 'extended', - type: 'keyword', - example: 416, - description: 'Mode of the file in octal representation.', - }, - { - name: 'size', - level: 'extended', - type: 'long', - format: 'bytes', - description: 'File size in bytes (field is only added when `type` is `file`).', - }, - { - name: 'mtime', - level: 'extended', - type: 'date', - description: 'Last time file content was modified.', - }, - { - name: 'ctime', - level: 'extended', - type: 'date', - description: 'Last time file metadata changed.', - }, - ], - }, - { - name: 'group', - title: 'Group', - group: 2, - description: - 'The group fields are meant to represent groups that are relevant to the event.', - type: 'group', - fields: [ - { - name: 'id', - level: 'extended', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'name', + name: 'geo.name', level: 'extended', type: 'keyword', - description: 'Name of the group.', - }, - ], - }, - { - name: 'host', - title: 'Host', - group: 2, - description: - 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.', - type: 'group', - fields: [ - { - name: 'hostname', - level: 'core', - type: 'keyword', + ignore_above: 1024, description: - 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'name', + name: 'geo.region_iso_code', level: 'core', type: 'keyword', - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'id', + name: 'geo.region_name', level: 'core', type: 'keyword', - description: - 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { name: 'ip', level: 'core', type: 'ip', - description: 'Host ip address.', + description: + 'IP address of the destination.\n\nCan be one or multiple IPv4 or IPv6 addresses.', }, { name: 'mac', level: 'core', type: 'keyword', - description: 'Host mac address.', + ignore_above: 1024, + description: 'MAC address of the destination.', }, { - name: 'type', - level: 'core', - type: 'keyword', + name: 'nat.ip', + level: 'extended', + type: 'ip', description: - 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.', + 'Translated ip of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', }, { - name: 'architecture', - level: 'core', - type: 'keyword', - example: 'x86_64', - description: 'Operating system architecture.', + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Port the source session is translated to by NAT Device.\n\nTypically used with load balancers, firewalls, or routers.', }, { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, - { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', - }, - ], + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the destination to the source.', + example: 12, }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the destination.', }, - ], - }, - { - name: 'http', - title: 'HTTP', - group: 2, - description: 'Fields related to HTTP activity.', - type: 'group', - fields: [ { - name: 'request.method', + name: 'registered_domain', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Http request method. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'get, post, put', + 'The highest registered destination domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', }, { - name: 'request.body.content', + name: 'top_level_domain', level: 'extended', type: 'keyword', - description: 'The full http request body.', - example: 'Hello world', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', }, { - name: 'request.referrer', + name: 'user.domain', level: 'extended', type: 'keyword', - description: 'Referrer for this HTTP request.', - example: 'https://blog.example.com/', - }, - { - name: 'response.status_code', - level: 'extended', - type: 'long', - description: 'Http response status code.', - example: 404, + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'response.body.content', + name: 'user.email', level: 'extended', type: 'keyword', - description: 'The full http response body.', - example: 'Hello world', + ignore_above: 1024, + description: 'User email address.', }, { - name: 'version', + name: 'user.full_name', level: 'extended', type: 'keyword', - description: 'Http version.', - example: 1.1, + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', }, { - name: 'request.bytes', + name: 'user.group.domain', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Total size in bytes of the request (body and headers).', - example: 1437, + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'request.body.bytes', + name: 'user.group.id', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Size in bytes of the request body.', - example: 887, + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'response.bytes', + name: 'user.group.name', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Total size in bytes of the response (body and headers).', - example: 1437, + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', }, { - name: 'response.body.bytes', + name: 'user.hash', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Size in bytes of the response body.', - example: 887, + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', }, - ], - }, - { - name: 'log', - title: 'Log', - description: 'Fields which are specific to log events.', - type: 'group', - fields: [ { - name: 'level', + name: 'user.id', level: 'core', type: 'keyword', - description: 'Log level of the log event. Some examples are `WARN`, `ERR`, `INFO`.', - example: 'ERR', + ignore_above: 1024, + description: 'Unique identifiers of the user.', }, { - name: 'original', + name: 'user.name', level: 'core', type: 'keyword', - example: 'Sep 19 08:26:10 localhost My log', - index: false, - doc_values: false, - description: - " This is the original log message and contains the full log message before splitting it up in multiple parts. In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. ", + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', }, ], }, { - name: 'network', - title: 'Network', + name: 'dll', + title: 'DLL', group: 2, description: - 'The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event.', + 'These fields contain information about code libraries dynamically\nloaded into processes.\n\n\nMany operating systems refer to "shared code libraries" with different names,\nbut this field set refers to all of the following:\n\n* Dynamic-link library (`.dll`) commonly used on Windows\n\n* Shared Object (`.so`) commonly used on Unix-like operating systems\n\n* Dynamic library (`.dylib`) commonly used on macOS', type: 'group', fields: [ { - name: 'name', + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.status', level: 'extended', type: 'keyword', - description: 'Name given by operators to sections of their network.', - example: 'Guest Wifi', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'type', + name: 'code_signature.subject_name', level: 'core', type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'code_signature.trusted', + level: 'extended', + type: 'boolean', description: - 'In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'ipv4', + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, }, { - name: 'iana_number', + name: 'code_signature.valid', level: 'extended', - type: 'keyword', + type: 'boolean', description: - 'IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number.', - example: 6, + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, { - name: 'transport', - level: 'core', + name: 'hash.md5', + level: 'extended', type: 'keyword', - description: - 'Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'tcp', + ignore_above: 1024, + description: 'MD5 hash.', + default_field: false, }, { - name: 'application', + name: 'hash.sha1', level: 'extended', type: 'keyword', - description: - 'A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'aim', + ignore_above: 1024, + description: 'SHA1 hash.', + default_field: false, }, { - name: 'protocol', - level: 'core', + name: 'hash.sha256', + level: 'extended', type: 'keyword', - description: - 'L7 Network protocol name. ex. http, lumberjack, transport protocol. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'http', + ignore_above: 1024, + description: 'SHA256 hash.', + default_field: false, }, { - name: 'direction', + name: 'hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + default_field: false, + }, + { + name: 'name', level: 'core', type: 'keyword', + ignore_above: 1024, description: - "Direction of the network traffic. Recommended values are: * inbound * outbound * internal * external * unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view. When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. ", - example: 'inbound', + 'Name of the library.\n\nThis generally maps to the name of the file on disk.', + example: 'kernel32.dll', + default_field: false, }, { - name: 'forwarded_ip', - level: 'core', - type: 'ip', - description: 'Host IP address when the source IP address is the proxy.', - example: '192.1.1.2', - }, - { - name: 'community_id', + name: 'path', level: 'extended', type: 'keyword', - description: - 'A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec.', - example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=', - }, - { - name: 'bytes', - level: 'core', - type: 'long', - format: 'bytes', - description: - 'Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum.', - example: 368, - }, - { - name: 'packets', - level: 'core', - type: 'long', - description: - 'Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum.', - example: 24, - }, - ], - }, - { - name: 'observer', - title: 'Observer', - group: 2, - description: - 'An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS.', - type: 'group', - fields: [ - { - name: 'mac', - level: 'core', - type: 'keyword', - description: 'MAC address of the observer', - }, - { - name: 'ip', - level: 'core', - type: 'ip', - description: 'IP address of the observer.', + ignore_above: 1024, + description: 'Full file path of the library.', + example: 'C:\\Windows\\System32\\kernel32.dll', + default_field: false, }, { - name: 'hostname', - level: 'core', + name: 'pe.company', + level: 'extended', type: 'keyword', - description: 'Hostname of the observer.', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'vendor', - level: 'core', + name: 'pe.description', + level: 'extended', type: 'keyword', - description: 'observer vendor information.', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, }, { - name: 'version', - level: 'core', + name: 'pe.file_version', + level: 'extended', type: 'keyword', - description: 'Observer version.', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, }, { - name: 'serial_number', + name: 'pe.original_file_name', level: 'extended', type: 'keyword', - description: 'Observer serial number.', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, }, { - name: 'type', - level: 'core', + name: 'pe.product', + level: 'extended', type: 'keyword', - description: - 'The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`.', - example: 'firewall', - }, - { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, - { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', - }, - ], - }, - { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, }, ], }, { - name: 'organization', - title: 'Organization', + name: 'dns', + title: 'DNS', group: 2, description: - 'The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations.', + 'Fields describing DNS queries and answers.\n\nDNS events should either represent a single DNS query prior to getting answers\n(`dns.type:query`) or they should represent a full exchange and contain the\nquery details as well as all of the answers that were provided for this query\n(`dns.type:answer`).', type: 'group', fields: [ { - name: 'name', + name: 'answers', level: 'extended', - type: 'keyword', - description: 'Organization name.', + type: 'object', + object_type: 'keyword', + description: + 'An array containing an object for each answer section returned\nby the server.\n\nThe main keys that should be present in these objects are defined by ECS.\nRecords that have more information may contain more keys than what ECS defines.\n\nNot all DNS data sources give all details about DNS answers. At minimum, answer\nobjects must contain the `data` key. If more information is available, map\nas much of it to ECS as possible, and add any additional fields to the answer\nobjects as custom fields.', }, { - name: 'id', + name: 'answers.class', level: 'extended', type: 'keyword', - description: 'Unique identifier for the organization.', + ignore_above: 1024, + description: 'The class of DNS data contained in this resource record.', + example: 'IN', }, - ], - }, - { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ { - name: 'platform', + name: 'answers.data', level: 'extended', type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', + ignore_above: 1024, + description: + 'The data describing the resource.\n\nThe meaning of this data depends on the type and class of the resource record.', + example: '10.10.10.10', }, { - name: 'name', + name: 'answers.name', level: 'extended', type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', + ignore_above: 1024, + description: + 'The domain name to which this resource record pertains.\n\nIf a chain of CNAME is being resolved, each answer `name` should be the\none that corresponds with the answer `data`. It should not simply be the\noriginal `question.name` repeated.', + example: 'www.google.com', }, { - name: 'full', + name: 'answers.ttl', level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', + type: 'long', + description: + 'The time interval in seconds that this resource record may be cached\nbefore it should be discarded. Zero values mean that the data should not be\ncached.', + example: 180, }, { - name: 'family', + name: 'answers.type', level: 'extended', type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', + ignore_above: 1024, + description: 'The type of data contained in this resource record.', + example: 'CNAME', }, { - name: 'version', + name: 'header_flags', level: 'extended', type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', + ignore_above: 1024, + description: + 'Array of 2 letter DNS header flags.\n\nExpected values are: AA, TC, RD, RA, AD, CD, DO.', + example: ['RD', 'RA'], }, { - name: 'kernel', + name: 'id', level: 'extended', type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', + ignore_above: 1024, + description: + 'The DNS packet identifier assigned by the program that generated\nthe query. The identifier is copied to the response.', + example: 62111, }, - ], - }, - { - name: 'process', - title: 'Process', - group: 2, - description: - 'These fields contain information about a process. These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation.', - type: 'group', - fields: [ { - name: 'pid', - level: 'core', - type: 'long', - description: 'Process id.', - example: 'ssh', + name: 'op_code', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The DNS operation code that specifies the kind of query in the\nmessage. This value is set by the originator of a query and copied into the\nresponse.', + example: 'QUERY', }, { - name: 'name', + name: 'question.class', level: 'extended', type: 'keyword', - description: 'Process name. Sometimes called program name or similar.', - example: 'ssh', + ignore_above: 1024, + description: 'The class of records being queried.', + example: 'IN', }, { - name: 'ppid', + name: 'question.name', level: 'extended', - type: 'long', - description: 'Process parent id.', + type: 'keyword', + ignore_above: 1024, + description: + 'The name being queried.\n\nIf the name field contains non-printable characters (below 32 or above 126),\nthose characters should be represented as escaped base 10 integers (\\DDD).\nBack slashes and quotes should be escaped. Tabs, carriage returns, and line\nfeeds should be converted to \\t, \\r, and \\n respectively.', + example: 'www.google.com', }, { - name: 'args', + name: 'question.registered_domain', level: 'extended', type: 'keyword', - description: 'Process arguments. May be filtered to protect sensitive information.', - example: ['ssh', '-l', 'user', '10.0.0.16'], + ignore_above: 1024, + description: + 'The highest registered domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', }, { - name: 'executable', + name: 'question.subdomain', level: 'extended', type: 'keyword', - description: 'Absolute path to the process executable.', - example: '/usr/bin/ssh', + ignore_above: 1024, + description: + 'The subdomain is all of the labels under the registered_domain.\n\nIf the domain has multiple levels of subdomain, such as "sub2.sub1.example.com",\nthe subdomain field should contain "sub2.sub1", with no trailing period.', + example: 'www', }, { - name: 'title', + name: 'question.top_level_domain', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Process title. The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened.', + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', }, { - name: 'thread.id', + name: 'question.type', level: 'extended', - type: 'long', - example: 4242, - description: 'Thread ID.', + type: 'keyword', + ignore_above: 1024, + description: 'The type of record being queried.', + example: 'AAAA', }, { - name: 'start', + name: 'resolved_ip', level: 'extended', - type: 'date', - example: '2016-05-23T08:05:34.853Z', - description: 'The time the process started.', + type: 'ip', + description: + 'Array containing all IPs seen in `answers.data`.\n\nThe `answers` array can be difficult to use, because of the variety of data\nformats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip`\nmakes it possible to index them as IP addresses, and makes them easier to\nvisualize and query for.', + example: ['10.10.10.10', '10.10.10.11'], }, { - name: 'working_directory', + name: 'response_code', level: 'extended', type: 'keyword', - example: '/home/alice', - description: 'The working directory of the process.', + ignore_above: 1024, + description: 'The DNS response code.', + example: 'NOERROR', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of DNS event captured, query or answer.\n\nIf your source of DNS events only gives you DNS queries, you should only create\ndns events of type `dns.type:query`.\n\nIf your source of DNS events gives you answers as well, you should create\none event per query (optionally as soon as the query is seen). And a second\nevent containing all query details as well as an array of answers.', + example: 'answer', }, ], }, { - name: 'related', - title: 'Related', + name: 'ecs', + title: 'ECS', group: 2, - description: - 'This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`.', + description: 'Meta-information specific to ECS.', type: 'group', fields: [ { - name: 'ip', - level: 'extended', - type: 'ip', - description: 'All of the IPs seen on your event.', + name: 'version', + level: 'core', + required: true, + type: 'keyword', + ignore_above: 1024, + description: + 'ECS version this event conforms to. `ecs.version` is a required\nfield and must exist in all events.\n\nWhen querying across multiple indices -- which may conform to slightly different\nECS versions -- this field lets integrations adjust to the schema version\nof the events.', + example: '1.0.0', }, ], }, { - name: 'server', - title: 'Server', + name: 'error', + title: 'Error', group: 2, description: - 'A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', + 'These fields can represent errors of any kind.\n\nUse them for errors that happen while fetching events or in cases where the\nevent itself contains an error.', type: 'group', fields: [ { - name: 'address', - level: 'extended', - type: 'keyword', - description: - 'Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - }, - { - name: 'ip', - level: 'core', - type: 'ip', - description: 'IP address of the server. Can be one or multiple IPv4 or IPv6 addresses.', - }, - { - name: 'port', - level: 'core', - type: 'long', - description: 'Port of the server.', - }, - { - name: 'mac', + name: 'code', level: 'core', type: 'keyword', - description: 'MAC address of the server.', + ignore_above: 1024, + description: 'Error code describing the error.', }, { - name: 'domain', + name: 'id', level: 'core', type: 'keyword', - description: 'Server domain.', - }, - { - name: 'bytes', - level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the server to the client.', + ignore_above: 1024, + description: 'Unique identifier for the error.', }, { - name: 'packets', + name: 'message', level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the server to the client.', + type: 'text', + description: 'Error message.', }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, + name: 'stack_trace', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'The stack trace of this error in plain text.', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The type of the error, for example the class name of the exception.', + example: 'java.lang.NullPointerException', }, ], }, { - name: 'service', - title: 'Service', + name: 'event', + title: 'Event', group: 2, description: - 'The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version.', + 'The event fields are used for context information about the log\nor metric event itself.\n\nA log is defined as an event containing details of something that happened.\nLog events must include the time at which the thing happened. Examples of log\nevents include a process starting on a host, a network packet being sent from\na source to a destination, or a network connection between a client and a server\nbeing initiated or closed. A metric is defined as an event containing one or\nmore numerical measurements and the time at which the measurement was taken.\nExamples of metric events include memory pressure measured on a host and device\ntemperature. See the `event.kind` definition in this section for additional\ndetails about metric and state events.', type: 'group', fields: [ { - name: 'id', + name: 'action', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Unique identifier of the running service. This id should uniquely identify this service. This makes it possible to correlate logs and metrics for one specific service. Example: If you are experiencing issues with one redis instance, you can filter on that id to see metrics and logs for that single instance.', - example: 'd37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6', + 'The action captured by the event.\n\nThis describes the information in the event. It is more specific than `event.category`.\nExamples are `group-add`, `process-started`, `file-created`. The value is\nnormally defined by the implementer.', + example: 'user-password-change', }, { - name: 'name', + name: 'category', level: 'core', type: 'keyword', - example: 'elasticsearch-metrics', + ignore_above: 1024, description: - 'Name of the service data is collected from. The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified.', + 'This is one of four ECS Categorization Fields, and indicates the\nsecond level in the ECS category hierarchy.\n\n`event.category` represents the "big buckets" of ECS categories. For example,\nfiltering on `event.category:process` yields all events relating to process\nactivity. This field is closely related to `event.type`, which is used as\na subcategory.\n\nThis field is an array. This will allow proper categorization of some events\nthat fall in multiple categories.', + example: 'authentication', }, { - name: 'type', - level: 'core', + name: 'code', + level: 'extended', type: 'keyword', - example: 'elasticsearch', + ignore_above: 1024, description: - 'The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`.', + 'Identification code for this event, if one exists.\n\nSome event sources use event codes to identify messages unambiguously, regardless\nof message language or wording adjustments over time. An example of this is\nthe Windows Event ID.', + example: 4648, }, { - name: 'state', + name: 'created', level: 'core', - type: 'keyword', - description: 'Current state of the service.', + type: 'date', + description: + 'event.created contains the date/time when the event was first\nread by an agent, or by your pipeline.\n\nThis field is distinct from @timestamp in that @timestamp typically contain\nthe time extracted from the original event.\n\nIn most situations, these two timestamps will be slightly different. The difference\ncan be used to calculate the delay between your source generating an event,\nand the time when your agent first processed it. This can be used to monitor\nyour agent or pipeline ability to keep up with your event source.\n\nIn case the two timestamps are identical, @timestamp should be used.', + example: '2016-05-23T08:05:34.857Z', }, { - name: 'version', + name: 'dataset', level: 'core', type: 'keyword', - example: '3.2.4', + ignore_above: 1024, description: - 'Version of the service the data was collected from. This allows to look at a data set only for a specific version of a service.', + 'Name of the dataset.\n\nIf an event source publishes more than one type of log or events (e.g. access\nlog, error log), the dataset is used to specify which one the event comes\nfrom.\n\nIt is recommended but not required to start the dataset name with the module\nname, followed by a dot, then the dataset name.', + example: 'apache.access', }, { - name: 'ephemeral_id', + name: 'duration', + level: 'core', + type: 'long', + format: 'duration', + input_format: 'nanoseconds', + output_format: 'asMilliseconds', + output_precision: 1, + description: + 'Duration of the event in nanoseconds.\n\nIf event.start and event.end are known this value should be the difference\nbetween the end and start time.', + }, + { + name: 'end', level: 'extended', - type: 'keyword', + type: 'date', description: - 'Ephemeral identifier of this service (if one exists). This id normally changes across restarts, but `service.id` does not.', - example: '8a4f500f', + 'event.end contains the date when the event ended or when the activity\nwas last observed.', }, - ], - }, - { - name: 'source', - title: 'Source', - group: 2, - description: - 'Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields.', - type: 'group', - fields: [ { - name: 'address', + name: 'hash', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Hash (perhaps logstash fingerprint) of raw field to be able to\ndemonstrate log integrity.', + example: '123456789012345678901234567890ABCD', }, { - name: 'ip', + name: 'id', level: 'core', - type: 'ip', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', + type: 'keyword', + ignore_above: 1024, + description: 'Unique ID to describe the event.', + example: '8a4f500d', }, { - name: 'port', + name: 'ingested', level: 'core', - type: 'long', - description: 'Port of the source.', + type: 'date', + description: + 'Timestamp when an event arrived in the central data store.\n\nThis is different from `@timestamp`, which is when the event originally occurred. It is\nalso different from `event.created`, which is meant to capture the first time\nan agent saw the event.\n\nIn normal conditions, assuming no tampering, the timestamps should chronologically\nlook like this: `@timestamp` < `event.created` < `event.ingested`.', + example: '2016-05-23T08:05:35.101Z', + default_field: false, }, { - name: 'mac', + name: 'kind', level: 'core', type: 'keyword', - description: 'MAC address of the source.', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nhighest level in the ECS category hierarchy.\n\n`event.kind` gives high-level information about what type of information the\nevent contains, without being specific to the contents of the event. For example,\nvalues of this field distinguish alert events from metric events.\n\nThe value of this field can be used to inform how these kinds of events should\nbe handled. They may warrant different retention, different access control,\nit may also help understand whether the data coming in at a regular interval\nor not.', + example: 'alert', }, { - name: 'domain', + name: 'module', level: 'core', type: 'keyword', - description: 'Source domain.', + ignore_above: 1024, + description: + 'Name of the module this data is coming from.\n\nIf your monitoring agent supports the concept of modules or plugins to process\nevents of a given source (e.g. Apache logs), `event.module` should contain\nthe name of this module.', + example: 'apache', }, { - name: 'bytes', + name: 'original', level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the source to the destination.', + type: 'keyword', + ignore_above: 1024, + description: + 'Raw text message of entire event. Used to demonstrate log integrity.\n\nThis field is not indexed and doc_values are disabled. It cannot be searched,\nbut it can be retrieved from `_source`.', + example: + 'Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100|\nworm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232', }, { - name: 'packets', + name: 'outcome', level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the source to the destination.', - }, - { - name: 'geo', - title: 'Geo', - group: 2, + type: 'keyword', + ignore_above: 1024, description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + 'This is one of four ECS Categorization Fields, and indicates the\nlowest level in the ECS category hierarchy.\n\n`event.outcome` simply denotes whether the event represents a success or a\nfailure from the perspective of the entity that produced the event.\n\nNote that when a single transaction is described in multiple events, each\nevent may populate different values of `event.outcome`, according to their\nperspective.\n\nAlso note that in the case of a compound event (a single event that contains\nmultiple logical events), this field should be populated with the value that\nbest captures the overall success or failure from the perspective of the event\nproducer.\n\nFurther note that not all events will have an associated outcome. For example,\nthis field is generally not populated for metric events, events with `event.type:info`,\nor any events for which an outcome does not make logical sense.', + example: 'success', }, - ], - }, - { - name: 'url', - title: 'URL', - description: 'URL fields provide a complete URL, with scheme, host, and path.', - type: 'group', - fields: [ { - name: 'original', + name: 'provider', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not.', - example: - 'https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch', + 'Source of the event.\n\nEvent transports such as Syslog or the Windows Event Log typically mention\nthe source of an event. It can be the name of the software that generated\nthe event (e.g. Sysmon, httpd), or of a subsystem of the operating system\n(kernel, Microsoft-Windows-Security-Auditing).', + example: 'kernel', }, { - name: 'full', + name: 'reference', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source.', - example: 'https://www.elastic.co:443/search?q=elasticsearch#top', + 'Reference URL linking to additional information about this event.\n\nThis URL links to a static definition of the this event. Alert events, indicated\nby `event.kind:alert`, are a common use case for this field.', + example: 'https://system.vendor.com/event/#0001234', + default_field: false, }, { - name: 'scheme', - level: 'extended', - type: 'keyword', + name: 'risk_score', + level: 'core', + type: 'float', description: - 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.', - example: 'https', + "Risk score or priority of the event (e.g. security solutions).\nUse your system's original value here.", }, { - name: 'domain', + name: 'risk_score_norm', level: 'extended', - type: 'keyword', + type: 'float', description: - 'Domain of the request, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.', - example: 'www.elastic.co', + 'Normalized risk score or priority of the event, on a scale of\n0 to 100.\n\nThis is mainly useful if you use more than one system that assigns risk scores,\nand you want to see a normalized value across all systems.', }, { - name: 'port', + name: 'sequence', level: 'extended', - type: 'integer', - description: 'Port of the request, such as 443.', - example: 443, + type: 'long', + format: 'string', + description: + 'Sequence number of the event.\n\nThe sequence number is a value published by some event sources, to make the\nexact ordering of events unambiguous, regardless of the timestamp precision.', }, { - name: 'path', - level: 'extended', - type: 'keyword', - description: 'Path of the request, such as "/search".', + name: 'severity', + level: 'core', + type: 'long', + format: 'string', + description: + 'The numeric severity of the event according to your event source.\n\nWhat the different severity values mean can be different between sources and\nuse cases. It is up to the implementer to make sure severities are consistent\nacross events from the same source.\n\nThe Syslog severity belongs in `log.syslog.severity.code`. `event.severity`\nis meant to represent the severity according to the event source (e.g. firewall,\nIDS). If the event source does not publish its own severity, you may optionally\ncopy the `log.syslog.severity.code` to `event.severity`.', + example: 7, }, { - name: 'query', + name: 'start', level: 'extended', - type: 'keyword', + type: 'date', description: - 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.', + 'event.start contains the date when the event started or when the\nactivity was first observed.', }, { - name: 'fragment', + name: 'timezone', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.', + 'This field should be populated when the event timestamp does\nnot include timezone information already (e.g. default Syslog timestamps).\nIt is optional otherwise.\n\nAcceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"),\nabbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00").', }, { - name: 'username', - level: 'extended', + name: 'type', + level: 'core', type: 'keyword', - description: 'Username of the request.', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nthird level in the ECS category hierarchy.\n\n`event.type` represents a categorization "sub-bucket" that, when used along\nwith the `event.category` field values, enables filtering events down to a\nlevel appropriate for single visualization.\n\nThis field is an array. This will allow proper categorization of some events\nthat fall in multiple event types.', }, { - name: 'password', + name: 'url', level: 'extended', type: 'keyword', - description: 'Password of the request.', + ignore_above: 1024, + description: + 'URL linking to an external system to continue investigation of\nthis event.\n\nThis URL links to another system where in-depth investigation of the specific\noccurence of this event can take place. Alert events, indicated by `event.kind:alert`,\nare a common use case for this field.', + example: 'https://mysystem.mydomain.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe', + default_field: false, }, ], }, { - name: 'user', - title: 'User', + name: 'file', + title: 'File', group: 2, description: - 'The user fields describe information about the user that is relevant to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them.', - reusable: { - top_level: true, - expected: ['client', 'destination', 'host', 'server', 'source'], - }, + 'A file is defined as a set of information that has been created\non, or has existed on a filesystem.\n\nFile objects can be associated with host events, network events, and/or file\nevents (e.g., those produced by File Integrity Monitoring [FIM] products or\nservices). File fields provide details about the affected file associated with\nthe event or metric.', type: 'group', fields: [ { - name: 'id', - level: 'core', + name: 'accessed', + level: 'extended', + type: 'date', + description: + 'Last time the file was accessed.\n\nNote that not all filesystems keep track of access time.', + }, + { + name: 'attributes', + level: 'extended', type: 'keyword', - description: 'One or multiple unique identifiers of the user.', + ignore_above: 1024, + description: + 'Array of file attributes.\n\nAttributes names will vary by platform. Here is a non-exhaustive list of values\nthat are expected in this field: archive, compressed, directory, encrypted,\nexecute, hidden, read, readonly, system, write.', + example: '["readonly", "system"]', + default_field: false, }, { - name: 'name', + name: 'code_signature.exists', level: 'core', - type: 'keyword', - example: 'albert', - description: 'Short name or login of the user.', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, }, { - name: 'full_name', + name: 'code_signature.status', level: 'extended', type: 'keyword', - example: 'Albert Einstein', - description: "User's full name, if available. ", + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'email', - level: 'extended', + name: 'code_signature.subject_name', + level: 'core', type: 'keyword', - description: 'User email address.', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'hash', + name: 'code_signature.trusted', level: 'extended', - type: 'keyword', + type: 'boolean', description: - 'Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used.', + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, }, { - name: 'group', - title: 'Group', - group: 2, + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', description: - 'The group fields are meant to represent groups that are relevant to the event.', - type: 'group', - fields: [ - { - name: 'id', - level: 'extended', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: 'Name of the group.', - }, - ], + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, - ], - }, - { - name: 'user_agent', - title: 'User agent', - group: 2, - description: - 'The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string.', - type: 'group', - fields: [ { - name: 'original', + name: 'created', level: 'extended', - type: 'keyword', - description: 'Unparsed version of the user_agent.', - example: - 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1', + type: 'date', + description: + 'File creation time.\n\nNote that not all filesystems store the creation time.', }, { - name: 'name', + name: 'ctime', level: 'extended', - type: 'keyword', - example: 'Safari', - description: 'Name of the user agent.', + type: 'date', + description: + 'Last time the file attributes or metadata changed.\n\nNote that changes to the file content will update `mtime`. This implies `ctime`\nwill be adjusted at the same time, since `mtime` is an attribute of the file.', }, { - name: 'version', + name: 'device', level: 'extended', type: 'keyword', - description: 'Version of the user agent.', - example: 12, + ignore_above: 1024, + description: 'Device that is the source of the file.', + example: 'sda', }, { - name: 'device.name', + name: 'directory', level: 'extended', type: 'keyword', - example: 'iPhone', - description: 'Name of the device.', + ignore_above: 1024, + description: + 'Directory where the file is located. It should include the drive\nletter, when appropriate.', + example: '/home/alice', }, { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, - { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', - }, - ], + name: 'drive_letter', + level: 'extended', + type: 'keyword', + ignore_above: 1, + description: + 'Drive letter where the file is located. This field is only relevant\non Windows.\n\nThe value should be uppercase, and not include the colon.', + example: 'C', + default_field: false, }, - ], - }, - { - name: 'agent.hostname', - type: 'keyword', - description: 'Hostname of the agent.', - }, - ], - }, - { - key: 'beat', - title: 'Beat', - description: 'Contains common beat fields available in all event types.', - fields: [ - { - name: 'beat.timezone', - type: 'alias', - path: 'event.timezone', - migration: true, - }, - { - name: 'fields', - type: 'object', - object_type: 'keyword', - description: 'Contains user configurable fields.', - }, - { - name: 'error', - type: 'group', - description: 'Error fields containing additional info in case of errors.', - fields: [ { - name: 'type', + name: 'extension', + level: 'extended', type: 'keyword', - description: 'Error type.', + ignore_above: 1024, + description: 'File extension.', + example: 'png', }, - ], - }, - { - name: 'beat.name', - type: 'alias', - path: 'host.name', - migration: true, - }, - { - name: 'beat.hostname', - type: 'alias', - path: 'agent.hostname', - migration: true, - }, - ], - }, - { - key: 'cloud', - title: 'Cloud provider metadata', - description: 'Metadata from cloud providers added by the add_cloud_metadata processor.', - fields: [ - { - name: 'cloud.project.id', - example: 'project-x', - description: 'Name of the project in Google Cloud.', - }, - { - name: 'meta.cloud.provider', - type: 'alias', - path: 'cloud.provider', - migration: true, - }, - { - name: 'meta.cloud.instance_id', - type: 'alias', - path: 'cloud.instance.id', - migration: true, - }, - { - name: 'meta.cloud.instance_name', - type: 'alias', - path: 'cloud.instance.name', - migration: true, - }, - { - name: 'meta.cloud.machine_type', - type: 'alias', - path: 'cloud.machine.type', - migration: true, - }, - { - name: 'meta.cloud.availability_zone', - type: 'alias', - path: 'cloud.availability_zone', - migration: true, - }, - { - name: 'meta.cloud.project_id', - type: 'alias', - path: 'cloud.project.id', - migration: true, - }, - { - name: 'meta.cloud.region', - type: 'alias', - path: 'cloud.region', - migration: true, - }, - ], - }, - { - key: 'docker', - title: 'Docker', - description: 'Docker stats collected from Docker.', - short_config: false, - anchor: 'docker-processor', - fields: [ - { - name: 'docker', - type: 'group', - fields: [ { - name: 'container.id', - type: 'alias', - path: 'container.id', - migration: true, + name: 'gid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Primary group ID (GID) of the file.', + example: '1001', }, { - name: 'container.image', - type: 'alias', - path: 'container.image.name', - migration: true, + name: 'group', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Primary group name of the file.', + example: 'alice', }, { - name: 'container.name', - type: 'alias', - path: 'container.name', - migration: true, + name: 'hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', }, { - name: 'container.labels', - type: 'object', - object_type: 'keyword', - description: 'Image labels.', + name: 'hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', }, - ], - }, - ], - }, - { - key: 'host', - title: 'Host', - description: 'Info collected for the host machine.', - anchor: 'host-processor', - }, - { - key: 'kubernetes', - title: 'Kubernetes', - description: 'Kubernetes metadata added by the kubernetes processor', - short_config: false, - anchor: 'kubernetes-processor', - fields: [ - { - name: 'kubernetes', - type: 'group', - fields: [ { - name: 'pod.name', + name: 'hash.sha256', + level: 'extended', type: 'keyword', - description: 'Kubernetes pod name', + ignore_above: 1024, + description: 'SHA256 hash.', }, { - name: 'pod.uid', + name: 'hash.sha512', + level: 'extended', type: 'keyword', - description: 'Kubernetes Pod UID', + ignore_above: 1024, + description: 'SHA512 hash.', }, { - name: 'namespace', + name: 'inode', + level: 'extended', type: 'keyword', - description: 'Kubernetes namespace', + ignore_above: 1024, + description: 'Inode representing the file in the filesystem.', + example: '256383', }, { - name: 'node.name', + name: 'mime_type', + level: 'extended', type: 'keyword', - description: 'Kubernetes node name', + ignore_above: 1024, + description: + 'MIME type should identify the format of the file or stream of bytes\nusing https://www.iana.org/assignments/media-types/media-types.xhtml[IANA\nofficial types], where possible. When more than one type is applicable, the\nmost specific type should be used.', + default_field: false, }, { - name: 'labels', - type: 'object', - description: 'Kubernetes labels map', + name: 'mode', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Mode of the file in octal representation.', + example: '0640', }, { - name: 'annotations', - type: 'object', - description: 'Kubernetes annotations map', + name: 'mtime', + level: 'extended', + type: 'date', + description: 'Last time the file content was modified.', }, { - name: 'container.name', + name: 'name', + level: 'extended', type: 'keyword', - description: 'Kubernetes container name', + ignore_above: 1024, + description: 'Name of the file including the extension, without the directory.', + example: 'example.png', }, { - name: 'container.image', + name: 'owner', + level: 'extended', type: 'keyword', - description: 'Kubernetes container image', - }, - ], - }, - ], - }, - { - key: 'process', - title: 'Process', - description: 'Process metadata fields', - fields: [ - { - name: 'process', - type: 'group', - fields: [ - { - name: 'exe', - type: 'alias', - path: 'process.executable', - migration: true, - }, - ], - }, - ], - }, - { - key: 'common', - title: 'Common', - description: - 'These fields contain data about the environment in which the transaction or flow was captured.', - fields: [ - { - name: 'type', - description: - 'The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.', - required: true, - }, - { - name: 'server.process.name', - description: 'The name of the process that served the transaction.', - }, - { - name: 'server.process.args', - description: 'The command-line of the process that served the transaction.', - }, - { - name: 'server.process.executable', - description: 'Absolute path to the server process executable.', - }, - { - name: 'server.process.working_directory', - description: 'The working directory of the server process.', - }, - { - name: 'server.process.start', - description: 'The time the server process started.', - }, - { - name: 'client.process.name', - description: 'The name of the process that initiated the transaction.', - }, - { - name: 'client.process.args', - description: 'The command-line of the process that initiated the transaction.', - }, - { - name: 'client.process.executable', - description: 'Absolute path to the client process executable.', - }, - { - name: 'client.process.working_directory', - description: 'The working directory of the client process.', - }, - { - name: 'client.process.start', - description: 'The time the client process started.', - }, - { - name: 'real_ip', - type: 'alias', - path: 'network.forwarded_ip', - migration: true, - description: - 'If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default `X-Forwarded-For`. Unless this field is disabled, it always has a value, and it matches the `client_ip` for non proxy clients.', - }, - { - name: 'transport', - type: 'alias', - path: 'network.transport', - migration: true, - description: - 'The transport protocol used for the transaction. If not specified, then tcp is assumed.', - }, - ], - }, - { - key: 'flows_event', - title: 'Flow Event', - description: 'These fields contain data about the flow itself.', - fields: [ - { - name: 'flow.final', - type: 'boolean', - description: - 'Indicates if event is last event in flow. If final is false, the event reports an intermediate flow state only.', - }, - { - name: 'flow.id', - description: 'Internal flow ID based on connection meta data and address.', - }, - { - name: 'flow.vlan', - type: 'long', - description: - "VLAN identifier from the 802.1q frame. In case of a multi-tagged frame this field will be an array with the outer tag's VLAN identifier listed first. ", - }, - { - name: 'flow_id', - type: 'alias', - path: 'flow.id', - migration: true, - }, - { - name: 'final', - type: 'alias', - path: 'flow.final', - migration: true, - }, - { - name: 'vlan', - type: 'alias', - path: 'flow.vlan', - migration: true, - }, - { - name: 'source.stats.net_bytes_total', - type: 'alias', - path: 'source.bytes', - migration: true, - }, - { - name: 'source.stats.net_packets_total', - type: 'alias', - path: 'source.packets', - migration: true, - }, - { - name: 'dest.stats.net_bytes_total', - type: 'alias', - path: 'destination.bytes', - migration: true, - }, - { - name: 'dest.stats.net_packets_total', - type: 'alias', - path: 'destination.packets', - migration: true, - }, - ], - }, - { - key: 'trans_event', - title: 'Transaction Event', - description: 'These fields contain data about the transaction itself.', - fields: [ - { - name: 'status', - description: - 'The high level status of the transaction. The way to compute this value depends on the protocol, but the result has a meaning independent of the protocol.', - required: true, - possible_values: ['OK', 'Error', 'Server Error', 'Client Error'], - }, - { - name: 'method', - description: - 'The command/verb/method of the transaction. For HTTP, this is the method name (GET, POST, PUT, and so on), for SQL this is the verb (SELECT, UPDATE, DELETE, and so on).', - }, - { - name: 'resource', - description: - 'The logical resource that this transaction refers to. For HTTP, this is the URL path up to the last slash (/). For example, if the URL is `/users/1`, the resource is `/users`. For databases, the resource is typically the table name. The field is not filled for all transaction types.', - }, - { - name: 'path', - required: true, - description: - 'The path the transaction refers to. For HTTP, this is the URL. For SQL databases, this is the table name. For key-value stores, this is the key.', - }, - { - name: 'query', - type: 'keyword', - description: - 'The query in a human readable format. For HTTP, it will typically be something like `GET /users/_search?name=test`. For MySQL, it is something like `SELECT id from users where name=test`.', - }, - { - name: 'params', - type: 'text', - description: - 'The request parameters. For HTTP, these are the POST or GET parameters. For Thrift-RPC, these are the parameters from the request.', - }, - { - name: 'notes', - type: 'alias', - path: 'error.message', - description: - 'Messages from Packetbeat itself. This field usually contains error messages for interpreting the raw data. This information can be helpful for troubleshooting.', - }, - ], - }, - { - key: 'raw', - title: 'Raw', - description: 'These fields contain the raw transaction data.', - fields: [ - { - name: 'request', - type: 'text', - description: - 'For text protocols, this is the request as seen on the wire (application layer only). For binary protocols this is our representation of the request.', - }, - { - name: 'response', - type: 'text', - description: - 'For text protocols, this is the response as seen on the wire (application layer only). For binary protocols this is our representation of the request.', - }, - ], - }, - { - key: 'trans_measurements', - title: 'Measurements (Transactions)', - description: 'These fields contain measurements related to the transaction.', - fields: [ - { - name: 'bytes_in', - type: 'alias', - path: 'source.bytes', - description: - 'The number of bytes of the request. Note that this size is the application layer message length, without the length of the IP or TCP headers.', - }, - { - name: 'bytes_out', - type: 'alias', - path: 'destination.bytes', - description: - 'The number of bytes of the response. Note that this size is the application layer message length, without the length of the IP or TCP headers.', - }, - ], - }, - { - key: 'amqp', - title: 'AMQP', - description: 'AMQP specific event fields.', - fields: [ - { - name: 'amqp', - type: 'group', - fields: [ - { - name: 'reply-code', - type: 'long', - description: 'AMQP reply code to an error, similar to http reply-code', - example: 404, + ignore_above: 1024, + description: "File owner's username.", + example: 'alice', }, { - name: 'reply-text', + name: 'path', + level: 'extended', type: 'keyword', - description: 'Text explaining the error.', - }, - { - name: 'class-id', - type: 'long', - description: 'Failing method class.', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Full path to the file, including the file name. It should include\nthe drive letter, when appropriate.', + example: '/home/alice/example.png', }, { - name: 'method-id', - type: 'long', - description: 'Failing method ID.', + name: 'pe.company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'exchange', + name: 'pe.description', + level: 'extended', type: 'keyword', - description: 'Name of the exchange.', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, }, { - name: 'exchange-type', + name: 'pe.file_version', + level: 'extended', type: 'keyword', - description: 'Exchange type.', - example: 'fanout', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, }, { - name: 'passive', - type: 'boolean', - description: 'If set, do not create exchange/queue.', + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, }, { - name: 'durable', - type: 'boolean', - description: 'If set, request a durable exchange/queue.', + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, }, { - name: 'exclusive', - type: 'boolean', - description: 'If set, request an exclusive queue.', + name: 'size', + level: 'extended', + type: 'long', + description: 'File size in bytes.\n\nOnly relevant when `file.type` is "file".', + example: 16384, }, { - name: 'auto-delete', - type: 'boolean', - description: 'If set, auto-delete queue when unused.', + name: 'target_path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Target path for symlinks.', }, { - name: 'no-wait', - type: 'boolean', - description: 'If set, the server will not respond to the method.', + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'File type (file, dir, or symlink).', + example: 'file', }, { - name: 'consumer-tag', - description: 'Identifier for the consumer, valid within the current channel.', + name: 'uid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The user ID (UID) or security identifier (SID) of the file owner.', + example: '1001', }, + ], + }, + { + name: 'geo', + title: 'Geo', + group: 2, + description: + 'Geo fields can carry data about a specific location related to an\nevent.\n\nThis geolocation information can be derived from techniques such as Geo IP,\nor be user-supplied.', + type: 'group', + fields: [ { - name: 'delivery-tag', - type: 'long', - description: 'The server-assigned and channel-specific delivery tag.', + name: 'city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'message-count', - type: 'long', - description: - 'The number of messages in the queue, which will be zero for newly-declared queues.', + name: 'continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'consumer-count', - type: 'long', - description: 'The number of consumers of a queue.', + name: 'country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'routing-key', + name: 'country_name', + level: 'core', type: 'keyword', - description: 'Message routing key.', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'no-ack', - type: 'boolean', - description: 'If set, the server does not expect acknowledgements for messages.', + name: 'location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'no-local', - type: 'boolean', + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'If set, the server will not send messages to the connection that published them.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'if-unused', - type: 'boolean', - description: 'Delete only if unused.', + name: 'region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'if-empty', - type: 'boolean', - description: 'Delete only if empty.', + name: 'region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, + ], + }, + { + name: 'group', + title: 'Group', + group: 2, + description: + 'The group fields are meant to represent groups that are relevant\nto the event.', + type: 'group', + fields: [ { - name: 'queue', + name: 'domain', + level: 'extended', type: 'keyword', - description: 'The queue name identifies the queue within the vhost.', - }, - { - name: 'redelivered', - type: 'boolean', - description: - 'Indicates that the message has been previously delivered to this or another client.', - }, - { - name: 'multiple', - type: 'boolean', - description: 'Acknowledge multiple messages.', - }, - { - name: 'arguments', - type: 'object', + ignore_above: 1024, description: - 'Optional additional arguments passed to some methods. Can be of various types.', - }, - { - name: 'mandatory', - type: 'boolean', - description: 'Indicates mandatory routing.', + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'immediate', - type: 'boolean', - description: 'Request immediate delivery.', - }, - { - name: 'content-type', + name: 'id', + level: 'extended', type: 'keyword', - description: 'MIME content type.', - example: 'text/plain', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'content-encoding', + name: 'name', + level: 'extended', type: 'keyword', - description: 'MIME content encoding.', - }, - { - name: 'headers', - type: 'object', - object_type: 'keyword', - description: 'Message header field table.', + ignore_above: 1024, + description: 'Name of the group.', }, + ], + }, + { + name: 'hash', + title: 'Hash', + group: 2, + description: + 'The hash fields represent different hash algorithms and their values.\n\nField names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for\nother hashes by lowercasing the hash algorithm name and using underscore separators\nas appropriate (snake case, e.g. sha3_512).', + type: 'group', + fields: [ { - name: 'delivery-mode', + name: 'md5', + level: 'extended', type: 'keyword', - description: 'Non-persistent (1) or persistent (2).', - }, - { - name: 'priority', - type: 'long', - description: 'Message priority, 0 to 9.', + ignore_above: 1024, + description: 'MD5 hash.', }, { - name: 'correlation-id', + name: 'sha1', + level: 'extended', type: 'keyword', - description: 'Application correlation identifier.', + ignore_above: 1024, + description: 'SHA1 hash.', }, { - name: 'reply-to', + name: 'sha256', + level: 'extended', type: 'keyword', - description: 'Address to reply to.', + ignore_above: 1024, + description: 'SHA256 hash.', }, { - name: 'expiration', + name: 'sha512', + level: 'extended', type: 'keyword', - description: 'Message expiration specification.', + ignore_above: 1024, + description: 'SHA512 hash.', }, + ], + }, + { + name: 'host', + title: 'Host', + group: 2, + description: + 'A host is defined as a general computing instance.\n\nECS host.* fields should be populated with details about the host on which the\nevent happened, or from which the measurement was taken. Host types include\nhardware, virtual machines, Docker containers, and Kubernetes nodes.', + type: 'group', + fields: [ { - name: 'message-id', + name: 'architecture', + level: 'core', type: 'keyword', - description: 'Application message identifier.', + ignore_above: 1024, + description: 'Operating system architecture.', + example: 'x86_64', }, { - name: 'timestamp', + name: 'domain', + level: 'extended', type: 'keyword', - description: 'Message timestamp.', + ignore_above: 1024, + description: + 'Name of the domain of which the host is a member.\n\nFor example, on Windows this could be the host Active Directory domain\nor NetBIOS domain name. For Linux this could be the domain of the host\nLDAP provider.', + example: 'CONTOSO', + default_field: false, }, { - name: 'type', + name: 'geo.city_name', + level: 'core', type: 'keyword', - description: 'Message type name.', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'user-id', + name: 'geo.continent_name', + level: 'core', type: 'keyword', - description: 'Creating user id.', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'app-id', + name: 'geo.country_iso_code', + level: 'core', type: 'keyword', - description: 'Creating application id.', - }, - ], - }, - ], - }, - { - key: 'cassandra', - title: 'Cassandra', - description: 'Cassandra v4/3 specific event fields.', - fields: [ - { - name: 'no_request', - type: 'alias', - path: 'cassandra.no_request', - migration: true, - }, - { - name: 'cassandra', - type: 'group', - description: 'Information about the Cassandra request and response.', - fields: [ - { - name: 'no_request', - type: 'boolean', - description: 'Indicates that there is no request because this is a PUSH message.', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'request', - type: 'group', - description: 'Cassandra request.', - fields: [ - { - name: 'headers', - type: 'group', - description: 'Cassandra request headers.', - fields: [ - { - name: 'version', - type: 'long', - description: 'The version of the protocol.', - }, - { - name: 'flags', - type: 'keyword', - description: 'Flags applying to this frame.', - }, - { - name: 'stream', - type: 'keyword', - description: - 'A frame has a stream id. If a client sends a request message with the stream id X, it is guaranteed that the stream id of the response to that message will be X.', - }, - { - name: 'op', - type: 'keyword', - description: 'An operation type that distinguishes the actual message.', - }, - { - name: 'length', - type: 'long', - description: - 'A integer representing the length of the body of the frame (a frame is limited to 256MB in length).', - }, - ], - }, - { - name: 'query', - type: 'keyword', - description: 'The CQL query which client send to cassandra.', - }, - ], + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'response', - type: 'group', - description: 'Cassandra response.', - fields: [ - { - name: 'headers', - type: 'group', - description: - "Cassandra response headers, the structure is as same as request's header.", - fields: [ - { - name: 'version', - type: 'long', - description: 'The version of the protocol.', - }, - { - name: 'flags', - type: 'keyword', - description: 'Flags applying to this frame.', - }, - { - name: 'stream', - type: 'keyword', - description: - 'A frame has a stream id. If a client sends a request message with the stream id X, it is guaranteed that the stream id of the response to that message will be X.', - }, - { - name: 'op', - type: 'keyword', - description: 'An operation type that distinguishes the actual message.', - }, - { - name: 'length', - type: 'long', - description: - 'A integer representing the length of the body of the frame (a frame is limited to 256MB in length).', - }, - ], - }, - { - name: 'result', - type: 'group', - description: 'Details about the returned result.', - fields: [ - { - name: 'type', - type: 'keyword', - description: 'Cassandra result type.', - }, - { - name: 'rows', - type: 'group', - description: 'Details about the rows.', - fields: [ - { - name: 'num_rows', - type: 'long', - description: 'Representing the number of rows present in this result.', - }, - { - name: 'meta', - type: 'group', - description: 'Composed of result metadata.', - fields: [ - { - name: 'keyspace', - type: 'keyword', - description: - 'Only present after set Global_tables_spec, the keyspace name.', - }, - { - name: 'table', - type: 'keyword', - description: - 'Only present after set Global_tables_spec, the table name.', - }, - { - name: 'flags', - type: 'keyword', - description: - 'Provides information on the formatting of the remaining information.', - }, - { - name: 'col_count', - type: 'long', - description: - 'Representing the number of columns selected by the query that produced this result.', - }, - { - name: 'pkey_columns', - type: 'long', - description: 'Representing the PK columns index and counts.', - }, - { - name: 'paging_state', - type: 'keyword', - description: - 'The paging_state is a bytes value that should be used in QUERY/EXECUTE to continue paging and retrieve the remainder of the result for this query.', - }, - ], - }, - ], - }, - { - name: 'keyspace', - type: 'keyword', - description: 'Indicating the name of the keyspace that has been set.', - }, - { - name: 'schema_change', - type: 'group', - description: 'The result to a schema_change message.', - fields: [ - { - name: 'change', - type: 'keyword', - description: 'Representing the type of changed involved.', - }, - { - name: 'keyspace', - type: 'keyword', - description: 'This describes which keyspace has changed.', - }, - { - name: 'table', - type: 'keyword', - description: 'This describes which table has changed.', - }, - { - name: 'object', - type: 'keyword', - description: - 'This describes the name of said affected object (either the table, user type, function, or aggregate name).', - }, - { - name: 'target', - type: 'keyword', - description: - 'Target could be "FUNCTION" or "AGGREGATE", multiple arguments.', - }, - { - name: 'name', - type: 'keyword', - description: 'The function/aggregate name.', - }, - { - name: 'args', - type: 'keyword', - description: 'One string for each argument type (as CQL type).', - }, - ], - }, - { - name: 'prepared', - type: 'group', - description: 'The result to a PREPARE message.', - fields: [ - { - name: 'prepared_id', - type: 'keyword', - description: 'Representing the prepared query ID.', - }, - { - name: 'req_meta', - type: 'group', - description: 'This describes the request metadata.', - fields: [ - { - name: 'keyspace', - type: 'keyword', - description: - 'Only present after set Global_tables_spec, the keyspace name.', - }, - { - name: 'table', - type: 'keyword', - description: - 'Only present after set Global_tables_spec, the table name.', - }, - { - name: 'flags', - type: 'keyword', - description: - 'Provides information on the formatting of the remaining information.', - }, - { - name: 'col_count', - type: 'long', - description: - 'Representing the number of columns selected by the query that produced this result.', - }, - { - name: 'pkey_columns', - type: 'long', - description: 'Representing the PK columns index and counts.', - }, - { - name: 'paging_state', - type: 'keyword', - description: - 'The paging_state is a bytes value that should be used in QUERY/EXECUTE to continue paging and retrieve the remainder of the result for this query.', - }, - ], - }, - { - name: 'resp_meta', - type: 'group', - description: 'This describes the metadata for the result set.', - fields: [ - { - name: 'keyspace', - type: 'keyword', - description: - 'Only present after set Global_tables_spec, the keyspace name.', - }, - { - name: 'table', - type: 'keyword', - description: - 'Only present after set Global_tables_spec, the table name.', - }, - { - name: 'flags', - type: 'keyword', - description: - 'Provides information on the formatting of the remaining information.', - }, - { - name: 'col_count', - type: 'long', - description: - 'Representing the number of columns selected by the query that produced this result.', - }, - { - name: 'pkey_columns', - type: 'long', - description: 'Representing the PK columns index and counts.', - }, - { - name: 'paging_state', - type: 'keyword', - description: - 'The paging_state is a bytes value that should be used in QUERY/EXECUTE to continue paging and retrieve the remainder of the result for this query.', - }, - ], - }, - ], - }, - ], - }, - { - name: 'supported', - type: 'object', - object_type: 'keyword', - description: - 'Indicates which startup options are supported by the server. This message comes as a response to an OPTIONS message.', - }, - { - name: 'authentication', - type: 'group', - description: - 'Indicates that the server requires authentication, and which authentication mechanism to use.', - fields: [ - { - name: 'class', - type: 'keyword', - description: 'Indicates the full class name of the IAuthenticator in use', - }, - ], - }, - { - name: 'warnings', - type: 'keyword', - description: 'The text of the warnings, only occur when Warning flag was set.', - }, - { - name: 'event', - type: 'group', - description: - 'Event pushed by the server. A client will only receive events for the types it has REGISTERed to.', - fields: [ - { - name: 'type', - type: 'keyword', - description: 'Representing the event type.', - }, - { - name: 'change', - type: 'keyword', - description: - 'The message corresponding respectively to the type of change followed by the address of the new/removed node.', - }, - { - name: 'host', - type: 'keyword', - description: 'Representing the node ip.', - }, - { - name: 'port', - type: 'long', - description: 'Representing the node port.', - }, - { - name: 'schema_change', - type: 'group', - description: 'The events details related to schema change.', - fields: [ - { - name: 'change', - type: 'keyword', - description: 'Representing the type of changed involved.', - }, - { - name: 'keyspace', - type: 'keyword', - description: 'This describes which keyspace has changed.', - }, - { - name: 'table', - type: 'keyword', - description: 'This describes which table has changed.', - }, - { - name: 'object', - type: 'keyword', - description: - 'This describes the name of said affected object (either the table, user type, function, or aggregate name).', - }, - { - name: 'target', - type: 'keyword', - description: - 'Target could be "FUNCTION" or "AGGREGATE", multiple arguments.', - }, - { - name: 'name', - type: 'keyword', - description: 'The function/aggregate name.', - }, - { - name: 'args', - type: 'keyword', - description: 'One string for each argument type (as CQL type).', - }, - ], - }, - ], - }, - { - name: 'error', - type: 'group', - description: - 'Indicates an error processing a request. The body of the message will be an error code followed by a error message. Then, depending on the exception, more content may follow.', - fields: [ - { - name: 'code', - type: 'long', - description: 'The error code of the Cassandra response.', - }, - { - name: 'msg', - type: 'keyword', - description: 'The error message of the Cassandra response.', - }, - { - name: 'type', - type: 'keyword', - description: 'The error type of the Cassandra response.', - }, - { - name: 'details', - type: 'group', - description: 'The details of the error.', - fields: [ - { - name: 'read_consistency', - type: 'keyword', - description: - 'Representing the consistency level of the query that triggered the exception.', - }, - { - name: 'required', - type: 'long', - description: - 'Representing the number of nodes that should be alive to respect consistency level.', - }, - { - name: 'alive', - type: 'long', - description: - 'Representing the number of replicas that were known to be alive when the request had been processed (since an unavailable exception has been triggered).', - }, - { - name: 'received', - type: 'long', - description: - 'Representing the number of nodes having acknowledged the request.', - }, - { - name: 'blockfor', - type: 'long', - description: - 'Representing the number of replicas whose acknowledgement is required to achieve consistency level.', - }, - { - name: 'write_type', - type: 'keyword', - description: 'Describe the type of the write that timed out.', - }, - { - name: 'data_present', - type: 'boolean', - description: 'It means the replica that was asked for data had responded.', - }, - { - name: 'keyspace', - type: 'keyword', - description: 'The keyspace of the failed function.', - }, - { - name: 'table', - type: 'keyword', - description: 'The keyspace of the failed function.', - }, - { - name: 'stmt_id', - type: 'keyword', - description: 'Representing the unknown ID.', - }, - { - name: 'num_failures', - type: 'keyword', - description: - 'Representing the number of nodes that experience a failure while executing the request.', - }, - { - name: 'function', - type: 'keyword', - description: 'The name of the failed function.', - }, - { - name: 'arg_types', - type: 'keyword', - description: - 'One string for each argument type (as CQL type) of the failed function.', - }, - ], - }, - ], - }, - ], + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, - ], - }, - ], - }, - { - key: 'dhcpv4', - title: 'DHCPv4', - description: 'DHCPv4 event fields', - fields: [ - { - name: 'dhcpv4', - type: 'group', - fields: [ { - name: 'transaction_id', + name: 'geo.name', + level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Transaction ID, a random number chosen by the client, used by the client and server to associate messages and responses between a client and a server.', - }, - { - name: 'seconds', - type: 'long', - description: - 'Number of seconds elapsed since client began address acquisition or renewal process.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'flags', + name: 'geo.region_iso_code', + level: 'core', type: 'keyword', - description: - 'Flags are set by the client to indicate how the DHCP server should its reply -- either unicast or broadcast.', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'client_ip', - type: 'ip', - description: 'The current IP address of the client.', + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { - name: 'assigned_ip', - type: 'ip', + name: 'hostname', + level: 'core', + type: 'keyword', + ignore_above: 1024, description: - 'The IP address that the DHCP server is assigning to the client. This field is also known as "your" IP address.', + 'Hostname of the host.\n\nIt normally contains what the `hostname` command returns on the host machine.', }, { - name: 'server_ip', - type: 'ip', + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, description: - 'The IP address of the DHCP server that the client should use for the next step in the bootstrap process.', + 'Unique host id.\n\nAs hostname is not always unique, use values that are meaningful in your environment.\n\nExample: The current usage of `beat.name`.', }, { - name: 'relay_ip', + name: 'ip', + level: 'core', type: 'ip', - description: - 'The relay IP address used by the client to contact the server (i.e. a DHCP relay server).', + description: 'Host ip addresses.', }, { - name: 'client_mac', + name: 'mac', + level: 'core', type: 'keyword', - description: "The client's MAC address (layer two).", + ignore_above: 1024, + description: 'Host mac addresses.', }, { - name: 'server_name', + name: 'name', + level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'The name of the server sending the message. Optional. Used in DHCPOFFER or DHCPACK messages.', + 'Name of the host.\n\nIt can contain what `hostname` returns on Unix systems, the fully qualified\ndomain name, or a name specified by the user. The sender decides which value\nto use.', }, { - name: 'op_code', + name: 'os.family', + level: 'extended', type: 'keyword', - example: 'bootreply', - description: 'The message op code (bootrequest or bootreply).', - }, - { - name: 'hops', - type: 'long', - description: 'The number of hops the DHCP message went through.', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', }, { - name: 'hardware_type', + name: 'os.full', + level: 'extended', type: 'keyword', - description: - 'The type of hardware used for the local network (Ethernet, LocalTalk, etc).', - }, - { - name: 'option', - type: 'group', - fields: [ - { - name: 'message_type', - type: 'keyword', - example: 'ack', - description: - 'The specific type of DHCP message being sent (e.g. discover, offer, request, decline, ack, nak, release, inform).', - }, - { - name: 'parameter_request_list', - type: 'keyword', - description: - 'This option is used by a DHCP client to request values for specified configuration parameters.', - }, - { - name: 'requested_ip_address', - type: 'ip', - description: - 'This option is used in a client request (DHCPDISCOVER) to allow the client to request that a particular IP address be assigned.', - }, - { - name: 'server_identifier', - type: 'ip', - description: 'IP address of the individual DHCP server which handled this message.', - }, - { - name: 'broadcast_address', - type: 'ip', - description: - "This option specifies the broadcast address in use on the client's subnet. ", - }, - { - name: 'max_dhcp_message_size', - type: 'long', - description: - 'This option specifies the maximum length DHCP message that the client is willing to accept.', - }, - { - name: 'class_identifier', - type: 'keyword', - description: - "This option is used by DHCP clients to optionally identify the vendor type and configuration of a DHCP client. Vendors may choose to define specific vendor class identifiers to convey particular configuration or other identification information about a client. For example, the identifier may encode the client's hardware configuration. ", - }, - { - name: 'domain_name', - type: 'keyword', - description: - 'This option specifies the domain name that client should use when resolving hostnames via the Domain Name System.', - }, - { - name: 'dns_servers', - type: 'ip', - description: - 'The domain name server option specifies a list of Domain Name System servers available to the client.', - }, - { - name: 'vendor_identifying_options', - type: 'object', - description: - 'A DHCP client may use this option to unambiguously identify the vendor that manufactured the hardware on which the client is running, the software in use, or an industry consortium to which the vendor belongs. This field is described in RFC 3925.', - }, - { - name: 'subnet_mask', - type: 'ip', - description: 'The subnet mask that the client should use on the currnet network.', - }, - { - name: 'utc_time_offset_sec', - type: 'long', - description: - "The time offset field specifies the offset of the client's subnet in seconds from Coordinated Universal Time (UTC). ", - }, - { - name: 'router', - type: 'ip', - description: - "The router option specifies a list of IP addresses for routers on the client's subnet. ", - }, - { - name: 'time_servers', - type: 'ip', - description: - 'The time server option specifies a list of RFC 868 time servers available to the client.', - }, - { - name: 'ntp_servers', - type: 'ip', - description: - 'This option specifies a list of IP addresses indicating NTP servers available to the client.', - }, + ignore_above: 1024, + multi_fields: [ { - name: 'hostname', - type: 'keyword', - description: 'This option specifies the name of the client.', - }, - { - name: 'ip_address_lease_time_sec', - type: 'long', - description: - 'This option is used in a client request (DHCPDISCOVER or DHCPREQUEST) to allow the client to request a lease time for the IP address. In a server reply (DHCPOFFER), a DHCP server uses this option to specify the lease time it is willing to offer.', - }, - { - name: 'message', + name: 'text', type: 'text', - description: - 'This option is used by a DHCP server to provide an error message to a DHCP client in a DHCPNAK message in the event of a failure. A client may use this option in a DHCPDECLINE message to indicate the why the client declined the offered parameters.', - }, - { - name: 'renewal_time_sec', - type: 'long', - description: - 'This option specifies the time interval from address assignment until the client transitions to the RENEWING state.', - }, - { - name: 'rebinding_time_sec', - type: 'long', - description: - 'This option specifies the time interval from address assignment until the client transitions to the REBINDING state.', - }, - { - name: 'boot_file_name', - type: 'keyword', - description: - "This option is used to identify a bootfile when the 'file' field in the DHCP header has been used for DHCP options. ", + norms: false, + default_field: false, }, ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', }, - ], - }, - ], - }, - { - key: 'dns', - title: 'DNS', - description: 'DNS-specific event fields.', - fields: [ - { - name: 'dns', - type: 'group', - fields: [ { - name: 'id', - type: 'long', - description: - 'The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.', + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', }, { - name: 'op_code', - description: - 'The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response.', - example: 'QUERY', + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', }, { - name: 'flags.authoritative', - type: 'boolean', - description: - 'A DNS flag specifying that the responding server is an authority for the domain name used in the question.', + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', }, { - name: 'flags.recursion_available', - type: 'boolean', - description: - 'A DNS flag specifying whether recursive query support is available in the name server.', + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', }, { - name: 'flags.recursion_desired', - type: 'boolean', + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, description: - 'A DNS flag specifying that the client directs the server to pursue a query recursively. Recursive query support is optional.', + 'Type of host.\n\nFor Cloud providers this can be the machine type like `t2.medium`. If vm,\nthis could be the container, for example, or other information meaningful\nin your environment.', }, { - name: 'flags.authentic_data', - type: 'boolean', - description: - 'A DNS flag specifying that the recursive server considers the response authentic.', + name: 'uptime', + level: 'extended', + type: 'long', + description: 'Seconds the host has been up.', + example: 1325, }, { - name: 'flags.checking_disabled', - type: 'boolean', + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'A DNS flag specifying that the client disables the server signature validation of the query.', + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'flags.truncated_response', - type: 'boolean', - description: - 'A DNS flag specifying that only the first 512 bytes of the reply were returned.', + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', }, { - name: 'response_code', - description: 'The DNS status code.', - example: 'NOERROR', + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', }, { - name: 'question.name', + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'The domain name being queried. If the name field contains non-printable characters (below 32 or above 126), then those characters are represented as escaped base 10 integers (\\DDD). Back slashes and quotes are escaped. Tabs, carriage returns, and line feeds are converted to \\t, \\r, and respectively.', - example: 'www.google.com.', - }, - { - name: 'question.type', - description: 'The type of records being queried.', - example: 'AAAA', + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'question.class', - description: 'The class of of records being queried.', - example: 'IN', + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'question.etld_plus_one', - description: - 'The effective top-level domain (eTLD) plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org.', - example: 'amazon.co.uk.', + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', }, { - name: 'answers', - type: 'object', + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'An array containing a dictionary about each answer section returned by the server.', + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', }, { - name: 'answers_count', - type: 'long', - description: 'The number of resource records contained in the `dns.answers` field.', + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', }, { - name: 'answers.name', - description: 'The domain name to which this resource record pertains.', - example: 'example.com.', + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', }, + ], + }, + { + name: 'http', + title: 'HTTP', + group: 2, + description: + 'Fields related to HTTP activity. Use the `url` field set to store\nthe url of the request.', + type: 'group', + fields: [ { - name: 'answers.type', - description: 'The type of data contained in this resource record.', - example: 'MX', + name: 'request.body.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Size in bytes of the request body.', + example: 887, }, { - name: 'answers.class', - description: 'The class of DNS data contained in this resource record.', - example: 'IN', + name: 'request.body.content', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The full HTTP request body.', + example: 'Hello world', }, { - name: 'answers.ttl', - description: - 'The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.', + name: 'request.bytes', + level: 'extended', type: 'long', + format: 'bytes', + description: 'Total size in bytes of the request (body and headers).', + example: 1437, }, { - name: 'answers.data', + name: 'request.method', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'The data describing the resource. The meaning of this data depends on the type and class of the resource record.', + 'HTTP request method.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'get, post, put', }, { - name: 'authorities', - type: 'object', - description: - 'An array containing a dictionary for each authority section from the answer.', + name: 'request.referrer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Referrer for this HTTP request.', + example: 'https://blog.example.com/', }, { - name: 'authorities_count', + name: 'response.body.bytes', + level: 'extended', type: 'long', - description: - 'The number of resource records contained in the `dns.authorities` field. The `dns.authorities` field may or may not be included depending on the configuration of Packetbeat.', - }, - { - name: 'authorities.name', - description: 'The domain name to which this resource record pertains.', - example: 'example.com.', + format: 'bytes', + description: 'Size in bytes of the response body.', + example: 887, }, { - name: 'authorities.type', - description: 'The type of data contained in this resource record.', - example: 'NS', + name: 'response.body.content', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The full HTTP response body.', + example: 'Hello world', }, { - name: 'authorities.class', - description: 'The class of DNS data contained in this resource record.', - example: 'IN', + name: 'response.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Total size in bytes of the response (body and headers).', + example: 1437, }, { - name: 'additionals', - type: 'object', - description: - 'An array containing a dictionary for each additional section from the answer.', - }, - { - name: 'additionals_count', + name: 'response.status_code', + level: 'extended', type: 'long', - description: - 'The number of resource records contained in the `dns.additionals` field. The `dns.additionals` field may or may not be included depending on the configuration of Packetbeat.', - }, - { - name: 'additionals.name', - description: 'The domain name to which this resource record pertains.', - example: 'example.com.', - }, - { - name: 'additionals.type', - description: 'The type of data contained in this resource record.', - example: 'NS', - }, - { - name: 'additionals.class', - description: 'The class of DNS data contained in this resource record.', - example: 'IN', + format: 'string', + description: 'HTTP response status code.', + example: 404, }, { - name: 'additionals.ttl', - description: - 'The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.', - type: 'long', + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'HTTP version.', + example: 1.1, }, + ], + }, + { + name: 'interface', + title: 'Interface', + group: 2, + description: + 'The interface fields are used to record ingress and egress interface\ninformation when reported by an observer (e.g. firewall, router, load balancer)\nin the context of the observer handling a network connection. In the case of\na single observer interface (e.g. network sensor on a span port) only the observer.ingress\ninformation should be populated.', + type: 'group', + fields: [ { - name: 'additionals.data', + name: 'alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'The data describing the resource. The meaning of this data depends on the type and class of the resource record.', + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, }, { - name: 'opt.version', - description: 'The EDNS version.', - example: '0', - }, - { - name: 'opt.do', - type: 'boolean', - description: 'If set, the transaction uses DNSSEC.', - }, - { - name: 'opt.ext_rcode', - description: 'Extended response code field.', - example: 'BADVERS', + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, }, { - name: 'opt.udp_size', - type: 'long', - description: "Requestor's UDP payload size (in bytes).", + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, }, ], }, - ], - }, - { - key: 'http', - title: 'HTTP', - description: 'HTTP-specific event fields.', - fields: [ { - name: 'http', + name: 'log', + title: 'Log', + group: 2, + description: + 'Details about the event logging mechanism or logging transport.\n\nThe log.* fields are typically populated with details about the logging mechanism\nused to create and/or transport the event. For example, syslog details belong\nunder `log.syslog.*`.\n\nThe details specific to your event source are typically not logged under `log.*`,\nbut rather in `event.*` or in other ECS fields.', type: 'group', - description: 'Information about the HTTP request and response.', fields: [ { - name: 'request', - description: 'HTTP request', - type: 'group', - fields: [ - { - name: 'headers', - type: 'object', - object_type: 'keyword', - description: - 'A map containing the captured header fields from the request. Which headers to capture is configurable. If headers with the same header name are present in the message, they will be separated by commas.', - }, - { - name: 'params', - type: 'alias', - migration: true, - path: 'url.query', - }, - ], + name: 'level', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Original log level of the log event.\n\nIf the source of the event provides a log level or textual severity, this\nis the one that goes in `log.level`. If your source does not specify one,\nyou may put your event transport severity here (e.g. Syslog severity).\n\nSome examples are `warn`, `err`, `i`, `informational`.', + example: 'error', }, { - name: 'response', - description: 'HTTP response', - type: 'group', - fields: [ - { - name: 'status_phrase', - description: 'The HTTP status phrase.', - example: 'Not Found', - }, - { - name: 'headers', - type: 'object', - object_type: 'keyword', - description: - 'A map containing the captured header fields from the response. Which headers to capture is configurable. If headers with the same header name are present in the message, they will be separated by commas.', - }, - { - name: 'code', - type: 'alias', - migration: true, - path: 'http.response.status_code', - }, - { - name: 'phrase', - type: 'alias', - migration: true, - path: 'http.response.status_phrase', - }, - ], + name: 'logger', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The name of the logger inside an application. This is usually the\nname of the class which initialized the logger, or can be a custom name.', + example: 'org.elasticsearch.bootstrap.Bootstrap', }, - ], - }, - ], - }, - { - key: 'icmp', - title: 'ICMP', - description: 'ICMP specific event fields.', - fields: [ - { - name: 'icmp', - type: 'group', - fields: [ { - name: 'version', - description: 'The version of the ICMP protocol.', - possible_values: [4, 6], + name: 'origin.file.line', + level: 'extended', + type: 'integer', + description: + 'The line number of the file containing the source code which originated\nthe log event.', + example: 42, + }, + { + name: 'origin.file.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The name of the file containing the source code which originated\nthe log event. Note that this is not the name of the log file.', + example: 'Bootstrap.java', }, { - name: 'request.message', + name: 'origin.function', + level: 'extended', type: 'keyword', - description: 'A human readable form of the request.', + ignore_above: 1024, + description: 'The name of the function or method which originated the log event.', + example: 'init', }, { - name: 'request.type', - type: 'long', - description: 'The request type.', + name: 'original', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is the original log message and contains the full log message\nbefore splitting it up in multiple parts.\n\nIn contrast to the `message` field which can contain an extracted part of\nthe log message, this field contains the original, full log message. It can\nhave already some modifications applied like encoding or new lines removed\nto clean up the log message.\n\nThis field is not indexed and doc_values are disabled so it cannot be queried\nbut the value can be retrieved from `_source`.', + example: 'Sep 19 08:26:10 localhost My log', + }, + { + name: 'syslog', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'The Syslog metadata of the event, if the event was transmitted\nvia Syslog. Please see RFCs 5424 or 3164.', }, { - name: 'request.code', + name: 'syslog.facility.code', + level: 'extended', type: 'long', - description: 'The request code.', + format: 'string', + description: + 'The Syslog numeric facility of the log event, if available.\n\nAccording to RFCs 5424 and 3164, this value should be an integer between 0\nand 23.', + example: 23, }, { - name: 'response.message', + name: 'syslog.facility.name', + level: 'extended', type: 'keyword', - description: 'A human readable form of the response.', + ignore_above: 1024, + description: 'The Syslog text-based facility of the log event, if available.', + example: 'local7', }, { - name: 'response.type', + name: 'syslog.priority', + level: 'extended', type: 'long', - description: 'The response type.', + format: 'string', + description: + 'Syslog numeric priority of the event, if available.\n\nAccording to RFCs 5424 and 3164, the priority is 8 * facility + severity.\nThis number is therefore expected to contain a value between 0 and 191.', + example: 135, }, { - name: 'response.code', + name: 'syslog.severity.code', + level: 'extended', type: 'long', - description: 'The response code.', + description: + 'The Syslog numeric severity of the log event, if available.\n\nIf the event source publishing via Syslog provides a different numeric severity\nvalue (e.g. firewall, IDS), your source numeric severity should go to `event.severity`.\nIf the event source does not specify a distinct severity, you can optionally\ncopy the Syslog severity to `event.severity`.', + example: 3, + }, + { + name: 'syslog.severity.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The Syslog numeric severity of the log event, if available.\n\nIf the event source publishing via Syslog provides a different severity value\n(e.g. firewall, IDS), your source text severity should go to `log.level`.\nIf the event source does not specify a distinct severity, you can optionally\ncopy the Syslog severity to `log.level`.', + example: 'Error', }, ], }, - ], - }, - { - key: 'memcache', - title: 'Memcache', - description: 'Memcached-specific event fields', - fields: [ { - name: 'memcache', + name: 'network', + title: 'Network', + group: 2, + description: + 'The network is defined as the communication path over which a host\nor network event happens.\n\nThe network.* fields should be populated with details about the network activity\nassociated with an event.', type: 'group', fields: [ { - name: 'protocol_type', + name: 'application', + level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'The memcache protocol implementation. The value can be "binary" for binary-based, "text" for text-based, or "unknown" for an unknown memcache protocol type.', + 'A name given to an application level protocol. This can be arbitrarily\nassigned for things like microservices, but also apply to things like skype,\nicq, facebook, twitter. This would be used in situations where the vendor\nor service can be decoded such as from the source/dest IP owners, ports, or\nwire format.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'aim', }, { - name: 'request.line', - type: 'keyword', - description: 'The raw command line for unknown commands ONLY.', + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: + 'Total bytes transferred in both directions.\n\nIf `source.bytes` and `destination.bytes` are known, `network.bytes` is their\nsum.', + example: 368, }, { - name: 'request.command', + name: 'community_id', + level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'The memcache command being requested in the memcache text protocol. For example "set" or "get". The binary protocol opcodes are translated into memcache text protocol commands.', + 'A hash of source and destination IPs and ports, as well as the\nprotocol used in a communication. This is a tool-agnostic standard to identify\nflows.\n\nLearn more at https://github.com/corelight/community-id-spec.', + example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=', }, { - name: 'response.command', + name: 'direction', + level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Either the text based protocol response message type or the name of the originating request if binary protocol is used.', + "Direction of the network traffic.\nRecommended values are:\n * inbound\n * outbound\n * internal\n * external\n * unknown\n\nWhen mapping events from a host-based monitoring context, populate this field from the host's point of view.\nWhen mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter.", + example: 'inbound', }, { - name: 'request.type', - type: 'keyword', - description: - 'The memcache command classification. This value can be "UNKNOWN", "Load", "Store", "Delete", "Counter", "Info", "SlabCtrl", "LRUCrawler", "Stats", "Success", "Fail", or "Auth".', + name: 'forwarded_ip', + level: 'core', + type: 'ip', + description: 'Host IP address when the source IP address is the proxy.', + example: '192.1.1.2', }, { - name: 'response.type', + name: 'iana_number', + level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'The memcache command classification. This value can be "UNKNOWN", "Load", "Store", "Delete", "Counter", "Info", "SlabCtrl", "LRUCrawler", "Stats", "Success", "Fail", or "Auth". The text based protocol will employ any of these, whereas the binary based protocol will mirror the request commands only (see `memcache.response.status` for binary protocol).', + 'IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).\nStandardized list of protocols. This aligns well with NetFlow and sFlow related\nlogs which use the IANA Protocol Number.', + example: 6, }, { - name: 'response.error_msg', - type: 'keyword', + name: 'inner', + level: 'extended', + type: 'object', + object_type: 'keyword', description: - 'The optional error message in the memcache response (text based protocol only).', + 'Network.inner fields are added in addition to network.vlan fields\nto describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed\nfields include vlan.id and vlan.name. Inner vlan fields are typically used\nwhen sending traffic with multiple 802.1q encapsulations to a network sensor\n(e.g. Zeek, Wireshark.)', + default_field: false, }, { - name: 'request.opcode', + name: 'inner.vlan.id', + level: 'extended', type: 'keyword', - description: 'The binary protocol message opcode name.', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, }, { - name: 'response.opcode', + name: 'inner.vlan.name', + level: 'extended', type: 'keyword', - description: 'The binary protocol message opcode name.', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, }, { - name: 'request.opcode_value', - type: 'long', - description: 'The binary protocol message opcode value.', - }, - { - name: 'response.opcode_value', - type: 'long', - description: 'The binary protocol message opcode value.', + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name given by operators to sections of their network.', + example: 'Guest Wifi', }, { - name: 'request.opaque', + name: 'packets', + level: 'core', type: 'long', description: - 'The binary protocol opaque header value used for correlating request with response messages.', + 'Total packets transferred in both directions.\n\nIf `source.packets` and `destination.packets` are known, `network.packets`\nis their sum.', + example: 24, }, { - name: 'response.opaque', - type: 'long', + name: 'protocol', + level: 'core', + type: 'keyword', + ignore_above: 1024, description: - 'The binary protocol opaque header value used for correlating request with response messages.', - }, - { - name: 'request.vbucket', - type: 'long', - description: 'The vbucket index sent in the binary message.', + 'L7 Network protocol name. ex. http, lumberjack, transport protocol.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'http', }, { - name: 'response.status', + name: 'transport', + level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'The textual representation of the response error code (binary protocol only).', + 'Same as network.iana_number, but instead using the Keyword name\nof the transport layer (udp, tcp, ipv6-icmp, etc.)\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'tcp', }, { - name: 'response.status_code', - type: 'long', - description: 'The status code value returned in the response (binary protocol only).', + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'In the OSI Model this would be the Network Layer. ipv4, ipv6,\nipsec, pim, etc\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'ipv4', }, { - name: 'request.keys', - type: 'array', - description: 'The list of keys sent in the store or load commands.', + name: 'vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, }, { - name: 'response.keys', - type: 'array', - description: 'The list of keys returned for the load command (if present).', + name: 'vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, }, + ], + }, + { + name: 'observer', + title: 'Observer', + group: 2, + description: + 'An observer is defined as a special network, security, or application\ndevice used to detect, observe, or create network, security, or application-related\nevents and metrics.\n\nThis could be a custom hardware appliance or a server that has been configured\nto run special network, security, or application software. Examples include\nfirewalls, web proxies, intrusion detection/prevention systems, network monitoring\nsensors, web application firewalls, data loss prevention systems, and APM servers.\nThe observer.* fields shall be populated with details of the system, if any,\nthat detects, observes and/or creates a network, security, or application event\nor metric. Message queues and ETL components used in processing events or metrics\nare not considered observers in ECS.', + type: 'group', + fields: [ { - name: 'request.count_values', - type: 'long', + name: 'egress', + level: 'extended', + type: 'object', + object_type: 'keyword', description: - 'The number of values found in the memcache request message. If the command does not send any data, this field is missing.', + 'Observer.egress holds information like interface number and name,\nvlan, and zone information to classify egress traffic. Single armed monitoring\nsuch as a network sensor on a span port should only use observer.ingress\nto categorize traffic.', + default_field: false, }, { - name: 'response.count_values', - type: 'long', + name: 'egress.interface.alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'The number of values found in the memcache response message. If the command does not send any data, this field is missing.', + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, }, { - name: 'request.values', - type: 'array', - description: 'The list of base64 encoded values sent with the request (if present).', + name: 'egress.interface.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, }, { - name: 'response.values', - type: 'array', - description: 'The list of base64 encoded values sent with the response (if present).', + name: 'egress.interface.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, }, { - name: 'request.bytes', - type: 'long', - format: 'bytes', - description: 'The byte count of the values being transferred.', + name: 'egress.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, }, { - name: 'response.bytes', - type: 'long', - format: 'bytes', - description: 'The byte count of the values being transferred.', + name: 'egress.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, }, { - name: 'request.delta', - type: 'long', - description: 'The counter increment/decrement delta value.', + name: 'egress.zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Network zone of outbound traffic as reported by the observer to\ncategorize the destination area of egress traffic, e.g. Internal, External,\nDMZ, HR, Legal, etc.', + example: 'Public_Internet', + default_field: false, }, { - name: 'request.initial', - type: 'long', - description: - 'The counter increment/decrement initial value parameter (binary protocol only).', + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'request.verbosity', - type: 'long', - description: 'The value of the memcache "verbosity" command.', + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'request.raw_args', + name: 'geo.country_iso_code', + level: 'core', type: 'keyword', - description: - 'The text protocol raw arguments for the "stats ..." and "lru crawl ..." commands.', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'request.source_class', - type: 'long', - description: "The source class id in 'slab reassign' command. ", + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'request.dest_class', - type: 'long', - description: "The destination class id in 'slab reassign' command. ", + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'request.automove', + name: 'geo.name', + level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'The automove mode in the \'slab automove\' command expressed as a string. This value can be "standby"(=0), "slow"(=1), "aggressive"(=2), or the raw value if the value is unknown.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'request.flags', - type: 'long', - description: 'The memcache command flags sent in the request (if present).', + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'response.flags', - type: 'long', - description: 'The memcache message flags sent in the response (if present).', + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { - name: 'request.exptime', - type: 'long', + name: 'hostname', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Hostname of the observer.', + }, + { + name: 'ingress', + level: 'extended', + type: 'object', + object_type: 'keyword', description: - 'The data expiry time in seconds sent with the memcache command (if present). If the value is <30 days, the expiry time is relative to "now", or else it is an absolute Unix time in seconds (32-bit).', + 'Observer.ingress holds information like interface number and name,\nvlan, and zone information to classify ingress traffic. Single armed monitoring\nsuch as a network sensor on a span port should only use observer.ingress\nto categorize traffic.', + default_field: false, }, { - name: 'request.sleep_us', - type: 'long', - description: "The sleep setting in microseconds for the 'lru_crawler sleep' command. ", + name: 'ingress.interface.alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, }, { - name: 'response.value', - type: 'long', - description: 'The counter value returned by a counter operation.', + name: 'ingress.interface.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, }, { - name: 'request.noreply', - type: 'boolean', - description: - 'Set to true if noreply was set in the request. The `memcache.response` field will be missing.', + name: 'ingress.interface.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, }, { - name: 'request.quiet', - type: 'boolean', + name: 'ingress.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'ingress.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'ingress.zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'Set to true if the binary protocol message is to be treated as a quiet message.', + 'Network zone of incoming traffic as reported by the observer to\ncategorize the source area of ingress traffic. e.g. internal, External, DMZ,\nHR, Legal, etc.', + example: 'DMZ', + default_field: false, }, { - name: 'request.cas_unique', - type: 'long', - description: 'The CAS (compare-and-swap) identifier if present.', + name: 'ip', + level: 'core', + type: 'ip', + description: 'IP addresses of the observer.', }, { - name: 'response.cas_unique', - type: 'long', + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC addresses of the observer', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'The CAS (compare-and-swap) identifier to be used with CAS-based updates (if present).', + 'Custom name of the observer.\n\nThis is a name that can be given to an observer. This can be helpful for example\nif multiple firewalls of the same model are used in an organization.\n\nIf no custom name is needed, the field can be left empty.', + example: '1_proxySG', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The product name of the observer.', + example: 's200', + }, + { + name: 'serial_number', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Observer serial number.', }, { - name: 'response.stats', - type: 'array', + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, description: - 'The list of statistic values returned. Each entry is a dictionary with the fields "name" and "value".', + 'The type of the observer the data is coming from.\n\nThere is no predefined list of observer types. Some examples are `forwarder`,\n`firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`.', + example: 'firewall', + }, + { + name: 'vendor', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Vendor name of the observer.', + example: 'Symantec', }, { - name: 'response.version', + name: 'version', + level: 'core', type: 'keyword', - description: 'The returned memcache version string.', + ignore_above: 1024, + description: 'Observer version.', }, ], }, - ], - }, - { - key: 'mongodb', - title: 'MongoDb', - description: - 'MongoDB-specific event fields. These fields mirror closely the fields for the MongoDB wire protocol. The higher level fields (for example, `query` and `resource`) apply to MongoDB events as well.', - fields: [ { - name: 'mongodb', + name: 'organization', + title: 'Organization', + group: 2, + description: + 'The organization fields enrich data with information about the company\nor entity the data is associated with.\n\nThese fields help you arrange or filter data stored in an index by one or multiple\norganizations.', type: 'group', fields: [ { - name: 'error', - description: - 'If the MongoDB request has resulted in an error, this field contains the error message returned by the server.', + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the organization.', }, { - name: 'fullCollectionName', - description: - 'The full collection name. The full collection name is the concatenation of the database name with the collection name, using a dot (.) for the concatenation. For example, for the database foo and the collection bar, the full collection name is foo.bar.', + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + }, + ], + }, + { + name: 'os', + title: 'Operating System', + group: 2, + description: 'The OS fields contain information about the operating system.', + type: 'group', + fields: [ + { + name: 'family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', }, { - name: 'numberToSkip', - type: 'long', + name: 'full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + ], + }, + { + name: 'package', + title: 'Package', + group: 2, + description: + 'These fields contain information about an installed software package.\nIt contains general information about a package, such as name, version or size.\nIt also contains installation details, such as time or location.', + type: 'group', + fields: [ + { + name: 'architecture', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package architecture.', + example: 'x86_64', + }, + { + name: 'build_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'Sets the number of documents to omit - starting from the first document in the resulting dataset - when returning the result of the query.', + 'Additional information about the build version of the installed\npackage.\n\nFor example use the commit SHA of a non-released package.', + example: '36f4f7e89dd61b0988b12ee000b98966867710cd', + default_field: false, }, { - name: 'numberToReturn', - type: 'long', - description: 'The requested maximum number of documents to be returned.', + name: 'checksum', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Checksum of the installed package for verification.', + example: '68b329da9893e34099c7d8ad5cb9c940', }, { - name: 'numberReturned', - type: 'long', - description: 'The number of documents in the reply.', + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Description of the package.', + example: + 'Open source programming language to build simple/reliable/efficient\nsoftware.', }, { - name: 'startingFrom', - description: 'Where in the cursor this reply is starting.', + name: 'install_scope', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Indicating how the package was installed, e.g. user-local, global.', + example: 'global', }, { - name: 'query', + name: 'installed', + level: 'extended', + type: 'date', + description: 'Time when package was installed.', + }, + { + name: 'license', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'A JSON document that represents the query. The query will contain one or more elements, all of which must match for a document to be included in the result set. Possible elements include $query, $orderby, $hint, $explain, and $snapshot.', + 'License under which the package was released.\n\nUse a short name, e.g. the license identifier from SPDX License List where\npossible (https://spdx.org/licenses/).', + example: 'Apache License 2.0', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package name', + example: 'go', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Path where the package is installed.', + example: '/usr/local/Cellar/go/1.12.9/', }, { - name: 'returnFieldsSelector', + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'A JSON document that limits the fields in the returned documents. The returnFieldsSelector contains one or more elements, each of which is the name of a field that should be returned, and the integer value 1.', + 'Home page or reference URL of the software in this package, if\navailable.', + example: 'https://golang.org', + default_field: false, + }, + { + name: 'size', + level: 'extended', + type: 'long', + format: 'string', + description: 'Package size in bytes.', + example: 62231, }, { - name: 'selector', + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'A BSON document that specifies the query for selecting the document to update or delete.', + 'Type of package.\n\nThis should contain the package file type, rather than the package manager\nname. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar.', + example: 'rpm', + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package version', + example: '1.12.9', + }, + ], + }, + { + name: 'pe', + title: 'PE Header', + group: 2, + description: 'These fields contain Windows Portable Executable (PE) metadata.', + type: 'group', + fields: [ + { + name: 'company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + ], + }, + { + name: 'process', + title: 'Process', + group: 2, + description: + 'These fields contain information about a process.\n\nThese fields can help you correlate metrics information with a process id/name\nfrom a log message. The `process.pid` often stays in the metric itself and\nis copied to the global field for correlation.', + type: 'group', + fields: [ + { + name: 'args', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of process arguments, starting with the absolute path to\nthe executable.\n\nMay be filtered to protect sensitive information.', + example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'], + }, + { + name: 'args_count', + level: 'extended', + type: 'long', + description: + 'Length of the process.args array.\n\nThis field can be useful for querying or performing bucket analysis on how\nmany arguments were provided to start a process. More arguments may be an\nindication of suspicious activity.', + example: 4, + default_field: false, + }, + { + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'command_line', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Full command line that started the process, including the absolute\npath to the executable, and all arguments.\n\nSome arguments may be filtered to protect sensitive information.', + example: '/usr/bin/ssh -l user 10.0.0.16', + default_field: false, + }, + { + name: 'entity_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier for the process.\n\nThe implementation of this is specified by the data source, but some examples\nof what could be used here are a process-generated UUID, Sysmon Process GUIDs,\nor a hash of some uniquely identifying components of a process.\n\nConstructing a globally unique identifier is a common practice to mitigate\nPID reuse as well as to identify a specific process over time, across multiple\nmonitored hosts.', + example: 'c2c455d9f99375d', + default_field: false, + }, + { + name: 'executable', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Absolute path to the process executable.', + example: '/usr/bin/ssh', + }, + { + name: 'exit_code', + level: 'extended', + type: 'long', + description: + 'The exit code of the process, if this is a termination event.\n\nThe field should be absent if there is no exit code for the event (e.g. process\nstart).', + example: 137, + default_field: false, + }, + { + name: 'hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + }, + { + name: 'hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + }, + { + name: 'hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + }, + { + name: 'hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Process name.\n\nSometimes called program name or similar.', + example: 'ssh', + }, + { + name: 'parent.args', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of process arguments.\n\nMay be filtered to protect sensitive information.', + example: ['ssh', '-l', 'user', '10.0.0.16'], + default_field: false, + }, + { + name: 'parent.args_count', + level: 'extended', + type: 'long', + description: + 'Length of the process.args array.\n\nThis field can be useful for querying or performing bucket analysis on how\nmany arguments were provided to start a process. More arguments may be an\nindication of suspicious activity.', + example: 4, + default_field: false, + }, + { + name: 'parent.code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'parent.code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'parent.code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'parent.code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'parent.code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'parent.command_line', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Full command line that started the process, including the absolute\npath to the executable, and all arguments.\n\nSome arguments may be filtered to protect sensitive information.', + example: '/usr/bin/ssh -l user 10.0.0.16', + default_field: false, + }, + { + name: 'parent.entity_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier for the process.\n\nThe implementation of this is specified by the data source, but some examples\nof what could be used here are a process-generated UUID, Sysmon Process GUIDs,\nor a hash of some uniquely identifying components of a process.\n\nConstructing a globally unique identifier is a common practice to mitigate\nPID reuse as well as to identify a specific process over time, across multiple\nmonitored hosts.', + example: 'c2c455d9f99375d', + default_field: false, + }, + { + name: 'parent.executable', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Absolute path to the process executable.', + example: '/usr/bin/ssh', + default_field: false, + }, + { + name: 'parent.exit_code', + level: 'extended', + type: 'long', + description: + 'The exit code of the process, if this is a termination event.\n\nThe field should be absent if there is no exit code for the event (e.g. process\nstart).', + example: 137, + default_field: false, + }, + { + name: 'parent.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + default_field: false, + }, + { + name: 'parent.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Process name.\n\nSometimes called program name or similar.', + example: 'ssh', + default_field: false, + }, + { + name: 'parent.pgid', + level: 'extended', + type: 'long', + format: 'string', + description: 'Identifier of the group of processes the process belongs to.', + default_field: false, + }, + { + name: 'parent.pid', + level: 'core', + type: 'long', + format: 'string', + description: 'Process id.', + example: 4242, + default_field: false, + }, + { + name: 'parent.ppid', + level: 'extended', + type: 'long', + format: 'string', + description: "Parent process' pid.", + example: 4241, + default_field: false, + }, + { + name: 'parent.start', + level: 'extended', + type: 'date', + description: 'The time the process started.', + example: '2016-05-23T08:05:34.853Z', + default_field: false, + }, + { + name: 'parent.thread.id', + level: 'extended', + type: 'long', + format: 'string', + description: 'Thread ID.', + example: 4242, + default_field: false, + }, + { + name: 'parent.thread.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Thread name.', + example: 'thread-0', + default_field: false, + }, + { + name: 'parent.title', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Process title.\n\nThe proctitle, some times the same as process name. Can also be different:\nfor example a browser setting its title to the web page currently opened.', + default_field: false, + }, + { + name: 'parent.uptime', + level: 'extended', + type: 'long', + description: 'Seconds the process has been up.', + example: 1325, + default_field: false, + }, + { + name: 'parent.working_directory', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'The working directory of the process.', + example: '/home/alice', + default_field: false, + }, + { + name: 'pe.company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'pe.description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'pe.file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + { + name: 'pgid', + level: 'extended', + type: 'long', + format: 'string', + description: 'Identifier of the group of processes the process belongs to.', + }, + { + name: 'pid', + level: 'core', + type: 'long', + format: 'string', + description: 'Process id.', + example: 4242, + }, + { + name: 'ppid', + level: 'extended', + type: 'long', + format: 'string', + description: "Parent process' pid.", + example: 4241, + }, + { + name: 'start', + level: 'extended', + type: 'date', + description: 'The time the process started.', + example: '2016-05-23T08:05:34.853Z', + }, + { + name: 'thread.id', + level: 'extended', + type: 'long', + format: 'string', + description: 'Thread ID.', + example: 4242, + }, + { + name: 'thread.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Thread name.', + example: 'thread-0', + }, + { + name: 'title', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Process title.\n\nThe proctitle, some times the same as process name. Can also be different:\nfor example a browser setting its title to the web page currently opened.', + }, + { + name: 'uptime', + level: 'extended', + type: 'long', + description: 'Seconds the process has been up.', + example: 1325, + }, + { + name: 'working_directory', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The working directory of the process.', + example: '/home/alice', + }, + ], + }, + { + name: 'registry', + title: 'Registry', + group: 2, + description: 'Fields related to Windows Registry operations.', + type: 'group', + fields: [ + { + name: 'data.bytes', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Original bytes written with base64 encoding.\n\nFor Windows registry operations, such as SetValueEx and RegQueryValueEx, this\ncorresponds to the data pointed by `lp_data`. This is optional but provides\nbetter recoverability and should be populated for REG_BINARY encoded values.', + example: 'ZQBuAC0AVQBTAAAAZQBuAAAAAAA=', + default_field: false, + }, + { + name: 'data.strings', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Content when writing string types.\n\nPopulated as an array when writing string data to the registry. For single\nstring registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with\none string. For sequences of string with REG_MULTI_SZ, this array will be\nvariable length. For numeric data, such as REG_DWORD and REG_QWORD, this should\nbe populated with the decimal representation (e.g `"1"`).', + example: '["C:\\rta\\red_ttp\\bin\\myapp.exe"]', + default_field: false, + }, + { + name: 'data.type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Standard registry type for encoding contents', + example: 'REG_SZ', + default_field: false, + }, + { + name: 'hive', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Abbreviated name for the hive.', + example: 'HKLM', + default_field: false, + }, + { + name: 'key', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Hive-relative path of keys.', + example: + 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe', + default_field: false, + }, + { + name: 'path', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Full path, including hive, key and value', + example: + 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution\nOptions\\winword.exe\\Debugger', + default_field: false, + }, + { + name: 'value', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the value written.', + example: 'Debugger', + default_field: false, + }, + ], + }, + { + name: 'related', + title: 'Related', + group: 2, + description: + 'This field set is meant to facilitate pivoting around a piece of\ndata.\n\nSome pieces of information can be seen in many places in an ECS event. To facilitate\nsearching for them, store an array of all seen values to their corresponding\nfield in `related.`.\n\nA concrete example is IP addresses, which can be under host, observer, source,\ndestination, client, server, and network.forwarded_ip. If you append all IPs\nto `related.ip`, you can then search for a given IP trivially, no matter where\nit appeared, by querying `related.ip:192.0.2.15`.', + type: 'group', + fields: [ + { + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + "All the hashes seen on your event. Populating this field, then\nusing it to search for hashes can help in situations where you're unsure what\nthe hash algorithm is (and therefore which key name to search).", + default_field: false, + }, + { + name: 'ip', + level: 'extended', + type: 'ip', + description: 'All of the IPs seen on your event.', + }, + { + name: 'user', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'All the user names seen on your event.', + default_field: false, + }, + ], + }, + { + name: 'rule', + title: 'Rule', + group: 2, + description: + 'Rule fields are used to capture the specifics of any observer or\nagent rules that generate alerts or other notable events.\n\nExamples of data sources that would populate the rule fields include: network\nadmission control platforms, network or host IDS/IPS, network firewalls, web\napplication firewalls, url filters, endpoint detection and response (EDR) systems,\netc.', + type: 'group', + fields: [ + { + name: 'author', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name, organization, or pseudonym of the author or authors who created\nthe rule used to generate this event.', + example: ['Star-Lord'], + default_field: false, + }, + { + name: 'category', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A categorization value keyword used by the entity using the rule\nfor detection of this event.', + example: 'Attempted Information Leak', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The description of the rule generating the event.', + example: 'Block requests to public DNS over HTTPS / TLS protocols', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A rule ID that is unique within the scope of an agent, observer,\nor other entity using the rule for detection of this event.', + example: 101, + default_field: false, + }, + { + name: 'license', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the license under which the rule used to generate this\nevent is made available.', + example: 'Apache 2.0', + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the rule or signature generating the event.', + example: 'BLOCK_DNS_over_TLS', + default_field: false, + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Reference URL to additional information about the rule used to\ngenerate this event.\n\nThe URL can point to the vendor documentation about the rule. If that is\nnot available, it can also be a link to a more general page describing this\ntype of alert.', + example: 'https://en.wikipedia.org/wiki/DNS_over_TLS', + default_field: false, + }, + { + name: 'ruleset', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the ruleset, policy, group, or parent category in which\nthe rule used to generate this event is a member.', + example: 'Standard_Protocol_Filters', + default_field: false, + }, + { + name: 'uuid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A rule ID that is unique within the scope of a set or group of\nagents, observers, or other entities using the rule for detection of this\nevent.', + example: 1100110011, + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The version / revision of the rule being used for analysis.', + example: 1.1, + default_field: false, + }, + ], + }, + { + name: 'server', + title: 'Server', + group: 2, + description: + 'A Server is defined as the responder in a network connection for\nevents regarding sessions, connections, or bidirectional flow records.\n\nFor TCP events, the server is the receiver of the initial SYN packet(s) of the\nTCP connection. For other protocols, the server is generally the responder in\nthe network transaction. Some systems actually use the term "responder" to refer\nthe server in TCP connections. The server fields describe details about the\nsystem acting as the server in the network event. Server fields are usually\npopulated in conjunction with client fields. Server fields are generally not\npopulated for packet-level events.\n\nClient / server representations can add semantic context to an exchange, which\nis helpful to visualize the data in certain situations. If your context falls\nin that category, you should still ensure that source and destination are filled\nappropriately.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event server addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the server to the client.', + example: 184, + }, + { + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Server domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the server.\n\nCan be one or multiple IPv4 or IPv6 addresses.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the server.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the server to the client.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the server.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered server domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'service', + title: 'Service', + group: 2, + description: + 'The service fields describe the service for or from which the data\nwas collected.\n\nThese fields help you find and correlate logs for a specific service and version.', + type: 'group', + fields: [ + { + name: 'ephemeral_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Ephemeral identifier of this service (if one exists).\n\nThis id normally changes across restarts, but `service.id` does not.', + example: '8a4f500f', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the running service. If the service is comprised\nof many nodes, the `service.id` should be the same for all nodes.\n\nThis id should uniquely identify the service. This makes it possible to correlate\nlogs and metrics for one specific service, no matter which particular node\nemitted the event.\n\nNote that if you need to see the events from one specific host of the service,\nyou should filter on that `host.name` or `host.id` instead.', + example: 'd37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the service data is collected from.\n\nThe name of the service is normally user given. This allows for distributed\nservices that run on multiple hosts to correlate the related instances based\non the name.\n\nIn the case of Elasticsearch the `service.name` could contain the cluster\nname. For Beats the `service.name` is by default a copy of the `service.type`\nfield if no name is specified.', + example: 'elasticsearch-metrics', + }, + { + name: 'node.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of a service node.\n\nThis allows for two nodes of the same service running on the same host to\nbe differentiated. Therefore, `service.node.name` should typically be unique\nacross nodes of a given service.\n\nIn the case of Elasticsearch, the `service.node.name` could contain the unique\nnode name within the Elasticsearch cluster. In cases where the service does not\nhave the concept of a node name, the host name or container name can be used\nto distinguish running instances that make up this service. If those do not\nprovide uniqueness (e.g. multiple instances of the service running on the\nsame host) - the node name can be manually set.', + example: 'instance-0000000016', + }, + { + name: 'state', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Current state of the service.', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of the service data is collected from.\n\nThe type can be used to group and correlate logs and metrics from one service\ntype.\n\nExample: If logs or metrics are collected from Elasticsearch, `service.type`\nwould be `elasticsearch`.', + example: 'elasticsearch', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Version of the service the data was collected from.\n\nThis allows to look at a data set only for a specific version of a service.', + example: '3.2.4', + }, + ], + }, + { + name: 'source', + title: 'Source', + group: 2, + description: + 'Source fields describe details about the source of a packet/event.\n\nSource fields are usually populated in conjunction with destination fields.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event source addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the source to the destination.', + example: 184, + }, + { + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Source domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the source.\n\nCan be one or multiple IPv4 or IPv6 addresses.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the source.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of source based NAT sessions (e.g. internal client\nto internet)\n\nTypically connections traversing load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of source based NAT sessions. (e.g. internal client\nto internet)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the source to the destination.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the source.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered source domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'threat', + title: 'Threat', + group: 2, + description: + 'Fields to classify events and alerts according to a threat taxonomy\nsuch as the Mitre ATT&CK framework.\n\nThese fields are for users to classify alerts from all of their sources (e.g.\nIDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to\ncapture the high level category of the threat (e.g. "impact"). The threat.technique.*\nfields are meant to capture which kind of approach is used by this detected\nthreat, to accomplish the goal (e.g. "endpoint denial of service").', + type: 'group', + fields: [ + { + name: 'framework', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the threat framework used to further categorize and classify\nthe tactic and technique of the reported threat. Framework classification\ncan be provided by detecting systems, evaluated at ingest time, or retrospectively\ntagged to events.', + example: 'MITRE ATT&CK', + }, + { + name: 'tactic.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The id of tactic used by this threat. You can use the Mitre ATT&CK\nMatrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'TA0040', + }, + { + name: 'tactic.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the type of tactic used by this threat. You can use the\nMitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'impact', + }, + { + name: 'tactic.reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The reference url of tactic used by this threat. You can use the\nMitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'https://attack.mitre.org/tactics/TA0040/', + }, + { + name: 'technique.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The id of technique used by this tactic. You can use the Mitre\nATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'T1499', + }, + { + name: 'technique.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'The name of technique used by this tactic. You can use the Mitre\nATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'endpoint denial of service', + }, + { + name: 'technique.reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The reference url of technique used by this tactic. You can use\nthe Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'https://attack.mitre.org/techniques/T1499/', + }, + ], + }, + { + name: 'tls', + title: 'TLS', + group: 2, + description: + 'Fields related to a TLS connection. These fields focus on the TLS\nprotocol itself and intentionally avoids in-depth analysis of the related x.509\ncertificate files.', + type: 'group', + fields: [ + { + name: 'cipher', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'String indicating the cipher used during the current connection.', + example: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', + default_field: false, + }, + { + name: 'client.certificate', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'PEM-encoded stand-alone certificate offered by the client. This\nis usually mutually-exclusive of `client.certificate_chain` since this value\nalso exists in that list.', + example: 'MII...', + default_field: false, + }, + { + name: 'client.certificate_chain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of PEM-encoded certificates that make up the certificate\nchain offered by the client. This is usually mutually-exclusive of `client.certificate`\nsince that value should be the first certificate in the chain.', + example: ['MII...', 'MII...'], + default_field: false, + }, + { + name: 'client.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the MD5 digest of DER-encoded version\nof certificate offered by the client. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC', + default_field: false, + }, + { + name: 'client.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA1 digest of DER-encoded version\nof certificate offered by the client. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '9E393D93138888D288266C2D915214D1D1CCEB2A', + default_field: false, + }, + { + name: 'client.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA256 digest of DER-encoded\nversion of certificate offered by the client. For consistency with other hash\nvalues, this value should be formatted as an uppercase hash.', + example: '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0', + default_field: false, + }, + { + name: 'client.issuer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Distinguished name of subject of the issuer of the x.509 certificate\npresented by the client.', + example: 'CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'client.ja3', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash that identifies clients based on how they perform an SSL/TLS\nhandshake.', + example: 'd4e5b18d6b55c71272893221c96ba240', + default_field: false, + }, + { + name: 'client.not_after', + level: 'extended', + type: 'date', + description: + 'Date/Time indicating when client certificate is no longer considered\nvalid.', + example: '2021-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'client.not_before', + level: 'extended', + type: 'date', + description: 'Date/Time indicating when client certificate is first considered\nvalid.', + example: '1970-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'client.server_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Also called an SNI, this tells the server which hostname to which\nthe client is attempting to connect. When this value is available, it should\nget copied to `destination.domain`.', + example: 'www.elastic.co', + default_field: false, + }, + { + name: 'client.subject', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Distinguished name of subject of the x.509 certificate presented\nby the client.', + example: 'CN=myclient, OU=Documentation Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'client.supported_ciphers', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Array of ciphers offered by the client during the client hello.', + example: [ + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', + '...', + ], + default_field: false, + }, + { + name: 'curve', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'String indicating the curve used for the given cipher, when applicable.', + example: 'secp256r1', + default_field: false, + }, + { + name: 'established', + level: 'extended', + type: 'boolean', + description: + 'Boolean flag indicating if the TLS negotiation was successful and\ntransitioned to an encrypted tunnel.', + default_field: false, + }, + { + name: 'next_protocol', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'String indicating the protocol being tunneled. Per the values in\nthe IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids),\nthis string should be lower case.', + example: 'http/1.1', + default_field: false, + }, + { + name: 'resumed', + level: 'extended', + type: 'boolean', + description: + 'Boolean flag indicating if this TLS connection was resumed from\nan existing TLS negotiation.', + default_field: false, + }, + { + name: 'server.certificate', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'PEM-encoded stand-alone certificate offered by the server. This\nis usually mutually-exclusive of `server.certificate_chain` since this value\nalso exists in that list.', + example: 'MII...', + default_field: false, + }, + { + name: 'server.certificate_chain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of PEM-encoded certificates that make up the certificate\nchain offered by the server. This is usually mutually-exclusive of `server.certificate`\nsince that value should be the first certificate in the chain.', + example: ['MII...', 'MII...'], + default_field: false, + }, + { + name: 'server.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the MD5 digest of DER-encoded version\nof certificate offered by the server. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC', + default_field: false, + }, + { + name: 'server.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA1 digest of DER-encoded version\nof certificate offered by the server. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '9E393D93138888D288266C2D915214D1D1CCEB2A', + default_field: false, + }, + { + name: 'server.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA256 digest of DER-encoded\nversion of certificate offered by the server. For consistency with other hash\nvalues, this value should be formatted as an uppercase hash.', + example: '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0', + default_field: false, + }, + { + name: 'server.issuer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Subject of the issuer of the x.509 certificate presented by the\nserver.', + example: 'CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'server.ja3s', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash that identifies servers based on how they perform an SSL/TLS\nhandshake.', + example: '394441ab65754e2207b1e1b457b3641d', + default_field: false, + }, + { + name: 'server.not_after', + level: 'extended', + type: 'date', + description: + 'Timestamp indicating when server certificate is no longer considered\nvalid.', + example: '2021-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'server.not_before', + level: 'extended', + type: 'date', + description: 'Timestamp indicating when server certificate is first considered\nvalid.', + example: '1970-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'server.subject', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Subject of the x.509 certificate presented by the server.', + example: 'CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Numeric part of the version parsed from the original string.', + example: '1.2', + default_field: false, + }, + { + name: 'version_protocol', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Normalized lowercase protocol name parsed from original string.', + example: 'tls', + default_field: false, + }, + ], + }, + { + name: 'tracing', + title: 'Tracing', + group: 2, + description: + 'Distributed tracing makes it possible to analyze performance throughout\na microservice architecture all in one view. This is accomplished by tracing\nall of the requests - from the initial web request in the front-end service\n- to queries made through multiple back-end services.', + type: 'group', + fields: [ + { + name: 'trace.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the trace.\n\nA trace groups multiple events like transactions that belong together. For\nexample, a user request handled by multiple inter-connected services.', + example: '4bf92f3577b34da6a3ce929d0e0e4736', + }, + { + name: 'transaction.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the transaction.\n\nA transaction is the highest level of work measured within a service, such\nas a request to a server.', + example: '00f067aa0ba902b7', + }, + ], + }, + { + name: 'url', + title: 'URL', + group: 2, + description: + 'URL fields provide support for complete or partial URLs, and supports\nthe breaking down into scheme, domain, path, and so on.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Domain of the url, such as "www.elastic.co".\n\nIn some cases a URL may refer to an IP and/or port directly, without a domain\nname. In this case, the IP address would go to the `domain` field.', + example: 'www.elastic.co', + }, + { + name: 'extension', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The field contains the file extension from the original request\nurl.\n\nThe file extension is only set if it exists, as not every url has a file extension.\n\nThe leading period must not be included. For example, the value must be "png",\nnot ".png".', + example: 'png', + }, + { + name: 'fragment', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Portion of the url after the `#`, such as "top".\n\nThe `#` is not part of the fragment.', + }, + { + name: 'full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'If full URLs are important to your use case, they should be stored\nin `url.full`, whether this field is reconstructed or present in the event\nsource.', + example: 'https://www.elastic.co:443/search?q=elasticsearch#top', + }, + { + name: 'original', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Unmodified original url as seen in the event source.\n\nNote that in network monitoring, the observed URL may be a full URL, whereas\nin access logs, the URL is often just represented as a path.\n\nThis field is meant to represent the URL as it was observed, complete or not.', + example: + 'https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch', + }, + { + name: 'password', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Password of the request.', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Path of the request, such as "/search".', + }, + { + name: 'port', + level: 'extended', + type: 'long', + format: 'string', + description: 'Port of the request, such as 443.', + example: 443, + }, + { + name: 'query', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The query field describes the query string of the request, such\nas "q=elasticsearch".\n\nThe `?` is excluded from the query string. If a URL contains no `?`, there\nis no query field. If there is a `?` but no query, the query field exists\nwith an empty string. The `exists` query can be used to differentiate between\nthe two cases.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered url domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'scheme', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Scheme of the request, such as "https".\n\nNote: The `:` is not part of the scheme.', + example: 'https', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'username', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Username of the request.', + }, + ], + }, + { + name: 'user', + title: 'User', + group: 2, + description: + 'The user fields describe information about the user that is relevant\nto the event.\n\nFields can have one entry or multiple entries. If a user has more than one id,\nprovide an array that includes all of them.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'user_agent', + title: 'User agent', + group: 2, + description: + 'The user_agent fields normally come from a browser request.\n\nThey often show up in web service logs coming from the parsed user agent string.', + type: 'group', + fields: [ + { + name: 'device.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the device.', + example: 'iPhone', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the user agent.', + example: 'Safari', + }, + { + name: 'original', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Unparsed user_agent string.', + example: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15\n(KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Version of the user agent.', + example: 12, + }, + ], + }, + { + name: 'vlan', + title: 'VLAN', + group: 2, + description: + 'The VLAN fields are used to identify 802.1q tag(s) of a packet,\nas well as ingress and egress VLAN associations of an observer in relation to\na specific packet or connection.\n\nNetwork.vlan fields are used to record a single VLAN tag, or the outer tag in\nthe case of q-in-q encapsulations, for a packet or connection as observed, typically\nprovided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic.\n\nNetwork.inner VLAN fields are used to report inner q-in-q 802.1q tags (multiple\n802.1q encapsulations) as observed, typically provided by a network sensor (e.g.\nZeek, Wireshark) passively reporting on traffic. Network.inner VLAN fields should\nonly be used in addition to network.vlan fields to indicate q-in-q tagging.\n\nObserver.ingress and observer.egress VLAN values are used to record observer\nspecific information when observer events contain discrete ingress and egress\nVLAN information, typically provided by firewalls, routers, or load balancers.', + type: 'group', + fields: [ + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + ], + }, + { + name: 'vulnerability', + title: 'Vulnerability', + group: 2, + description: + 'The vulnerability fields describe information about a vulnerability\nthat is relevant to an event.', + type: 'group', + fields: [ + { + name: 'category', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of system or architecture that the vulnerability affects.\nThese may be platform-specific (for example, Debian or SUSE) or general (for\nexample, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys\nvulnerability categories])\n\nThis field must be an array.', + example: '["Firewall"]', + default_field: false, + }, + { + name: 'classification', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The classification of the vulnerability scoring system. For example\n(https://www.first.org/cvss/)', + example: 'CVSS', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'The description of the vulnerability that provides additional context\nof the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common\nVulnerabilities and Exposure CVE description])', + example: 'In macOS before 2.12.6, there is a vulnerability in the RPC...', + default_field: false, + }, + { + name: 'enumeration', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of identifier used for this vulnerability. For example\n(https://cve.mitre.org/about/)', + example: 'CVE', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The identification (ID) is the number portion of a vulnerability\nentry. It includes a unique identification number for the vulnerability. For\nexample (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities\nand Exposure CVE ID]', + example: 'CVE-2019-00001', + default_field: false, + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A resource that provides additional information, context, and mitigations\nfor the identified vulnerability.', + example: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111', + default_field: false, + }, + { + name: 'report_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The report or scan identification number.', + example: 20191018.0001, + default_field: false, + }, + { + name: 'scanner.vendor', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the vulnerability scanner vendor.', + example: 'Tenable', + default_field: false, + }, + { + name: 'score.base', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nBase scores cover an assessment for exploitability metrics (attack vector,\ncomplexity, privileges, and user interaction), impact metrics (confidentiality,\nintegrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document)', + example: 5.5, + default_field: false, + }, + { + name: 'score.environmental', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nEnvironmental scores cover an assessment for any modified Base metrics, confidentiality,\nintegrity, and availability requirements. For example (https://www.first.org/cvss/specification-document)', + example: 5.5, + default_field: false, + }, + { + name: 'score.temporal', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nTemporal scores cover an assessment for code maturity, remediation level,\nand confidence. For example (https://www.first.org/cvss/specification-document)', + default_field: false, + }, + { + name: 'score.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The National Vulnerability Database (NVD) provides qualitative\nseverity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score\nranges in addition to the severity ratings for CVSS v3.0 as they are defined\nin the CVSS v3.0 specification.\n\nCVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit\norganization, whose mission is to help computer security incident response\nteams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss)', + example: 2, + default_field: false, + }, + { + name: 'severity', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The severity of the vulnerability can help with metrics and internal\nprioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss)', + example: 'Critical', + default_field: false, + }, + ], + }, + ], + }, + { + key: 'beat', + anchor: 'beat-common', + title: 'Beat', + description: 'Contains common beat fields available in all event types.\n', + fields: [ + { + name: 'agent.hostname', + type: 'keyword', + description: 'Hostname of the agent.', + }, + { + name: 'beat.timezone', + type: 'alias', + path: 'event.timezone', + migration: true, + }, + { + name: 'fields', + type: 'object', + object_type: 'keyword', + description: 'Contains user configurable fields.\n', + }, + { + name: 'beat.name', + type: 'alias', + path: 'host.name', + migration: true, + }, + { + name: 'beat.hostname', + type: 'alias', + path: 'agent.hostname', + migration: true, + }, + { + name: 'timeseries.instance', + type: 'keyword', + description: 'Time series instance id', + }, + ], + }, + { + key: 'cloud', + title: 'Cloud provider metadata', + description: 'Metadata from cloud providers added by the add_cloud_metadata processor.\n', + fields: [ + { + name: 'cloud.project.id', + example: 'project-x', + description: 'Name of the project in Google Cloud.\n', + }, + { + name: 'cloud.image.id', + example: 'ami-abcd1234', + description: 'Image ID for the cloud instance.\n', + }, + { + name: 'meta.cloud.provider', + type: 'alias', + path: 'cloud.provider', + migration: true, + }, + { + name: 'meta.cloud.instance_id', + type: 'alias', + path: 'cloud.instance.id', + migration: true, + }, + { + name: 'meta.cloud.instance_name', + type: 'alias', + path: 'cloud.instance.name', + migration: true, + }, + { + name: 'meta.cloud.machine_type', + type: 'alias', + path: 'cloud.machine.type', + migration: true, + }, + { + name: 'meta.cloud.availability_zone', + type: 'alias', + path: 'cloud.availability_zone', + migration: true, + }, + { + name: 'meta.cloud.project_id', + type: 'alias', + path: 'cloud.project.id', + migration: true, + }, + { + name: 'meta.cloud.region', + type: 'alias', + path: 'cloud.region', + migration: true, + }, + ], + }, + { + key: 'docker', + title: 'Docker', + description: 'Docker stats collected from Docker.\n', + short_config: false, + anchor: 'docker-processor', + fields: [ + { + name: 'docker', + type: 'group', + fields: [ + { + name: 'container.id', + type: 'alias', + path: 'container.id', + migration: true, + }, + { + name: 'container.image', + type: 'alias', + path: 'container.image.name', + migration: true, + }, + { + name: 'container.name', + type: 'alias', + path: 'container.name', + migration: true, + }, + { + name: 'container.labels', + type: 'object', + object_type: 'keyword', + description: 'Image labels.\n', + }, + ], + }, + ], + }, + { + key: 'host', + title: 'Host', + description: 'Info collected for the host machine.\n', + anchor: 'host-processor', + fields: [ + { + name: 'host', + type: 'group', + fields: [ + { + name: 'containerized', + type: 'boolean', + description: 'If the host is a container.\n', + }, + { + name: 'os.build', + type: 'keyword', + example: '18D109', + description: 'OS build information.\n', + }, + { + name: 'os.codename', + type: 'keyword', + example: 'stretch', + description: 'OS codename, if any.\n', + }, + ], + }, + ], + }, + { + key: 'kubernetes', + title: 'Kubernetes', + description: 'Kubernetes metadata added by the kubernetes processor\n', + short_config: false, + anchor: 'kubernetes-processor', + fields: [ + { + name: 'kubernetes', + type: 'group', + fields: [ + { + name: 'pod.name', + type: 'keyword', + description: 'Kubernetes pod name\n', + }, + { + name: 'pod.uid', + type: 'keyword', + description: 'Kubernetes Pod UID\n', + }, + { + name: 'namespace', + type: 'keyword', + description: 'Kubernetes namespace\n', + }, + { + name: 'node.name', + type: 'keyword', + description: 'Kubernetes node name\n', + }, + { + name: 'labels.*', + type: 'object', + object_type: 'keyword', + object_type_mapping_type: '*', + description: 'Kubernetes labels map\n', + }, + { + name: 'annotations.*', + type: 'object', + object_type: 'keyword', + object_type_mapping_type: '*', + description: 'Kubernetes annotations map\n', + }, + { + name: 'replicaset.name', + type: 'keyword', + description: 'Kubernetes replicaset name\n', + }, + { + name: 'deployment.name', + type: 'keyword', + description: 'Kubernetes deployment name\n', + }, + { + name: 'statefulset.name', + type: 'keyword', + description: 'Kubernetes statefulset name\n', + }, + { + name: 'container.name', + type: 'keyword', + description: 'Kubernetes container name\n', + }, + { + name: 'container.image', + type: 'keyword', + description: 'Kubernetes container image\n', + }, + ], + }, + ], + }, + { + key: 'process', + title: 'Process', + description: 'Process metadata fields\n', + fields: [ + { + name: 'process', + type: 'group', + fields: [ + { + name: 'exe', + type: 'alias', + path: 'process.executable', + migration: true, + }, + ], + }, + ], + }, + { + key: 'jolokia-autodiscover', + title: 'Jolokia Discovery autodiscover provider', + description: 'Metadata from Jolokia Discovery added by the jolokia provider.\n', + fields: [ + { + name: 'jolokia.agent.version', + type: 'keyword', + description: 'Version number of jolokia agent.\n', + }, + { + name: 'jolokia.agent.id', + type: 'keyword', + description: + 'Each agent has a unique id which can be either provided during startup of the agent in form of a configuration parameter or being autodetected. If autodected, the id has several parts: The IP, the process id, hashcode of the agent and its type.\n', + }, + { + name: 'jolokia.server.product', + type: 'keyword', + description: 'The container product if detected.\n', + }, + { + name: 'jolokia.server.version', + type: 'keyword', + description: "The container's version (if detected).\n", + }, + { + name: 'jolokia.server.vendor', + type: 'keyword', + description: 'The vendor of the container the agent is running in.\n', + }, + { + name: 'jolokia.url', + type: 'keyword', + description: 'The URL how this agent can be contacted.\n', + }, + { + name: 'jolokia.secured', + type: 'boolean', + description: 'Whether the agent was configured for authentication or not.\n', + }, + ], + }, + { + key: 'common', + title: 'Common', + description: 'Contains common fields available in all event types.\n', + fields: [ + { + name: 'file', + type: 'group', + description: 'File attributes.', + fields: [ + { + name: 'setuid', + type: 'boolean', + example: true, + description: 'Set if the file has the `setuid` bit set. Omitted otherwise.', + }, + { + name: 'setgid', + type: 'boolean', + example: true, + description: 'Set if the file has the `setgid` bit set. Omitted otherwise.', + }, + { + name: 'origin', + type: 'keyword', + description: + 'An array of strings describing a possible external origin for this file. For example, the URL it was downloaded from. Only supported in macOS, via the kMDItemWhereFroms attribute. Omitted if origin information is not available.\n', + multi_fields: [ + { + name: 'raw', + type: 'keyword', + description: + 'This is a non-analyzed field that is useful for aggregations on the origin data.\n', + }, + ], + }, + { + name: 'selinux', + type: 'group', + description: 'The SELinux identity of the file.', + fields: [ + { + name: 'user', + type: 'keyword', + description: 'The owner of the object.', + }, + { + name: 'role', + type: 'keyword', + description: "The object's SELinux role.", + }, + { + name: 'domain', + type: 'keyword', + description: "The object's SELinux domain or type.", + }, + { + name: 'level', + type: 'keyword', + example: 's0', + description: "The object's SELinux level.", + }, + ], + }, + ], + }, + { + name: 'user', + type: 'group', + description: 'User information.', + fields: [ + { + name: 'audit', + type: 'group', + description: 'Audit user information.', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Audit user ID.', + }, + { + name: 'name', + type: 'keyword', + description: 'Audit user name.', + }, + ], + }, + { + name: 'effective', + type: 'group', + description: 'Effective user information.', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Effective user ID.', + }, + { + name: 'name', + type: 'keyword', + description: 'Effective user name.', + }, + { + name: 'group', + type: 'group', + description: 'Effective group information.', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Effective group ID.', + }, + { + name: 'name', + type: 'keyword', + description: 'Effective group name.', + }, + ], + }, + ], + }, + { + name: 'filesystem', + type: 'group', + description: 'Filesystem user information.', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Filesystem user ID.', + }, + { + name: 'name', + type: 'keyword', + description: 'Filesystem user name.', + }, + { + name: 'group', + type: 'group', + description: 'Filesystem group information.', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Filesystem group ID.', + }, + { + name: 'name', + type: 'keyword', + description: 'Filesystem group name.', + }, + ], + }, + ], + }, + { + name: 'saved', + type: 'group', + description: 'Saved user information.', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Saved user ID.', + }, + { + name: 'name', + type: 'keyword', + description: 'Saved user name.', + }, + { + name: 'group', + type: 'group', + description: 'Saved group information.', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Saved group ID.', + }, + { + name: 'name', + type: 'keyword', + description: 'Saved group name.', + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + key: 'auditd', + title: 'Auditd', + description: 'These are the fields generated by the auditd module.', + fields: [ + { + name: 'user', + type: 'group', + fields: [ + { + name: 'auid', + type: 'alias', + path: 'user.audit.id', + migration: true, + }, + { + name: 'uid', + type: 'alias', + path: 'user.id', + migration: true, + }, + { + name: 'euid', + type: 'alias', + path: 'user.effective.id', + migration: true, + }, + { + name: 'fsuid', + type: 'alias', + path: 'user.filesystem.id', + migration: true, + }, + { + name: 'suid', + type: 'alias', + path: 'user.saved.id', + migration: true, + }, + { + name: 'gid', + type: 'alias', + path: 'user.group.id', + migration: true, + }, + { + name: 'egid', + type: 'alias', + path: 'user.effective.group.id', + migration: true, + }, + { + name: 'sgid', + type: 'alias', + path: 'user.saved.group.id', + migration: true, + }, + { + name: 'fsgid', + type: 'alias', + path: 'user.filesystem.group.id', + migration: true, + }, + { + name: 'name_map', + type: 'group', + description: + 'If `resolve_ids` is set to true in the configuration then `name_map` will contain a mapping of uid field names to the resolved name (e.g. auid -> root).\n', + fields: [ + { + name: 'auid', + type: 'alias', + path: 'user.audit.name', + migration: true, + }, + { + name: 'uid', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'euid', + type: 'alias', + path: 'user.effective.name', + migration: true, + }, + { + name: 'fsuid', + type: 'alias', + path: 'user.filesystem.name', + migration: true, + }, + { + name: 'suid', + type: 'alias', + path: 'user.saved.name', + migration: true, + }, + { + name: 'gid', + type: 'alias', + path: 'user.group.name', + migration: true, + }, + { + name: 'egid', + type: 'alias', + path: 'user.effective.group.name', + migration: true, + }, + { + name: 'sgid', + type: 'alias', + path: 'user.saved.group.name', + migration: true, + }, + { + name: 'fsgid', + type: 'alias', + path: 'user.filesystem.group.name', + migration: true, + }, + ], + }, + { + name: 'selinux', + type: 'group', + description: 'The SELinux identity of the actor.', + fields: [ + { + name: 'user', + type: 'keyword', + description: 'account submitted for authentication', + }, + { + name: 'role', + type: 'keyword', + description: "user's SELinux role", + }, + { + name: 'domain', + type: 'keyword', + description: "The actor's SELinux domain or type.", + }, + { + name: 'level', + type: 'keyword', + example: 's0', + description: "The actor's SELinux level.", + }, + { + name: 'category', + type: 'keyword', + description: "The actor's SELinux category or compartments.", + }, + ], + }, + ], + }, + { + name: 'process', + type: 'group', + description: 'Process attributes.', + fields: [ + { + name: 'cwd', + type: 'alias', + path: 'process.working_directory', + migration: true, + description: 'The current working directory.', + }, + ], + }, + { + name: 'source', + type: 'group', + description: 'Source that triggered the event.', + fields: [ + { + name: 'path', + type: 'keyword', + description: 'This is the path associated with a unix socket.', + }, + ], + }, + { + name: 'destination', + type: 'group', + description: 'Destination address that triggered the event.', + fields: [ + { + name: 'path', + type: 'keyword', + description: 'This is the path associated with a unix socket.', + }, + ], + }, + { + name: 'auditd', + type: 'group', + fields: [ + { + name: 'message_type', + type: 'keyword', + example: 'syscall', + description: 'The audit message type (e.g. syscall or apparmor_denied).\n', + }, + { + name: 'sequence', + type: 'long', + description: + 'The sequence number of the event as assigned by the kernel. Sequence numbers are stored as a uint32 in the kernel and can rollover.\n', + }, + { + name: 'session', + type: 'keyword', + description: + 'The session ID assigned to a login. All events related to a login session will have the same value.\n', + }, + { + name: 'result', + type: 'keyword', + example: 'success or fail', + description: 'The result of the audited operation (success/fail).', + }, + { + name: 'summary', + type: 'group', + fields: [ + { + name: 'actor', + type: 'group', + description: 'The actor is the user that triggered the audit event.', + fields: [ + { + name: 'primary', + type: 'keyword', + description: + "The primary identity of the actor. This is the actor's original login ID. It will not change even if the user changes to another account.\n", + }, + { + name: 'secondary', + type: 'keyword', + description: + 'The secondary identity of the actor. This is typically\nthe same as the primary, except for when the user has used `su`.', + }, + ], + }, + { + name: 'object', + type: 'group', + description: 'This is the thing or object being acted upon in the event.\n', + fields: [ + { + name: 'type', + type: 'keyword', + description: + 'A description of the what the "thing" is (e.g. file, socket, user-session).\n', + }, + { + name: 'primary', + type: 'keyword', + description: '', + }, + { + name: 'secondary', + type: 'keyword', + description: '', + }, + ], + }, + { + name: 'how', + type: 'keyword', + description: + 'This describes how the action was performed. Usually this is the exe or command that was being executed that triggered the event.\n', + }, + ], + }, + { + name: 'paths', + type: 'group', + description: 'List of paths associated with the event.', + fields: [ + { + name: 'inode', + type: 'keyword', + description: 'inode number', + }, + { + name: 'dev', + type: 'keyword', + description: 'device name as found in /dev', + }, + { + name: 'obj_user', + type: 'keyword', + description: '', + }, + { + name: 'obj_role', + type: 'keyword', + description: '', + }, + { + name: 'obj_domain', + type: 'keyword', + description: '', + }, + { + name: 'obj_level', + type: 'keyword', + description: '', + }, + { + name: 'objtype', + type: 'keyword', + description: '', + }, + { + name: 'ouid', + type: 'keyword', + description: 'file owner user ID', + }, + { + name: 'rdev', + type: 'keyword', + description: 'the device identifier (special files only)', + }, + { + name: 'nametype', + type: 'keyword', + description: 'kind of file operation being referenced', + }, + { + name: 'ogid', + type: 'keyword', + description: 'file owner group ID', + }, + { + name: 'item', + type: 'keyword', + description: 'which item is being recorded', + }, + { + name: 'mode', + type: 'keyword', + description: 'mode flags on a file', + }, + { + name: 'name', + type: 'keyword', + description: 'file name in avcs', + }, + ], + }, + { + name: 'data', + type: 'group', + description: 'The data from the audit messages.', + fields: [ + { + name: 'action', + type: 'keyword', + description: 'netfilter packet disposition', + }, + { + name: 'minor', + type: 'keyword', + description: 'device minor number', + }, + { + name: 'acct', + type: 'keyword', + description: "a user's account name", + }, + { + name: 'addr', + type: 'keyword', + description: 'the remote address that the user is connecting from', + }, + { + name: 'cipher', + type: 'keyword', + description: 'name of crypto cipher selected', + }, + { + name: 'id', + type: 'keyword', + description: 'during account changes', + }, + { + name: 'entries', + type: 'keyword', + description: 'number of entries in the netfilter table', + }, + { + name: 'kind', + type: 'keyword', + description: 'server or client in crypto operation', + }, + { + name: 'ksize', + type: 'keyword', + description: 'key size for crypto operation', + }, + { + name: 'spid', + type: 'keyword', + description: 'sent process ID', + }, + { + name: 'arch', + type: 'keyword', + description: 'the elf architecture flags', + }, + { + name: 'argc', + type: 'keyword', + description: 'the number of arguments to an execve syscall', + }, + { + name: 'major', + type: 'keyword', + description: 'device major number', + }, + { + name: 'unit', + type: 'keyword', + description: 'systemd unit', + }, + { + name: 'table', + type: 'keyword', + description: 'netfilter table name', + }, + { + name: 'terminal', + type: 'keyword', + description: 'terminal name the user is running programs on', + }, + { + name: 'grantors', + type: 'keyword', + description: 'pam modules approving the action', + }, + { + name: 'direction', + type: 'keyword', + description: 'direction of crypto operation', + }, + { + name: 'op', + type: 'keyword', + description: 'the operation being performed that is audited', + }, + { + name: 'tty', + type: 'keyword', + description: 'tty udevice the user is running programs on', + }, + { + name: 'syscall', + type: 'keyword', + description: 'syscall number in effect when the event occurred', + }, + { + name: 'data', + type: 'keyword', + description: 'TTY text', + }, + { + name: 'family', + type: 'keyword', + description: 'netfilter protocol', + }, + { + name: 'mac', + type: 'keyword', + description: 'crypto MAC algorithm selected', + }, + { + name: 'pfs', + type: 'keyword', + description: 'perfect forward secrecy method', + }, + { + name: 'items', + type: 'keyword', + description: 'the number of path records in the event', + }, + { + name: 'a0', + type: 'keyword', + description: '', + }, + { + name: 'a1', + type: 'keyword', + description: '', + }, + { + name: 'a2', + type: 'keyword', + description: '', + }, + { + name: 'a3', + type: 'keyword', + description: '', + }, + { + name: 'hostname', + type: 'keyword', + description: 'the hostname that the user is connecting from', + }, + { + name: 'lport', + type: 'keyword', + description: 'local network port', + }, + { + name: 'rport', + type: 'keyword', + description: 'remote port number', + }, + { + name: 'exit', + type: 'keyword', + description: 'syscall exit code', + }, + { + name: 'fp', + type: 'keyword', + description: 'crypto key finger print', + }, + { + name: 'laddr', + type: 'keyword', + description: 'local network address', + }, + { + name: 'sport', + type: 'keyword', + description: 'local port number', + }, + { + name: 'capability', + type: 'keyword', + description: 'posix capabilities', + }, + { + name: 'nargs', + type: 'keyword', + description: 'the number of arguments to a socket call', + }, + { + name: 'new-enabled', + type: 'keyword', + description: 'new TTY audit enabled setting', + }, + { + name: 'audit_backlog_limit', + type: 'keyword', + description: "audit system's backlog queue size", + }, + { + name: 'dir', + type: 'keyword', + description: 'directory name', + }, + { + name: 'cap_pe', + type: 'keyword', + description: 'process effective capability map', + }, + { + name: 'model', + type: 'keyword', + description: 'security model being used for virt', + }, + { + name: 'new_pp', + type: 'keyword', + description: 'new process permitted capability map', + }, + { + name: 'old-enabled', + type: 'keyword', + description: 'present TTY audit enabled setting', + }, + { + name: 'oauid', + type: 'keyword', + description: "object's login user ID", + }, + { + name: 'old', + type: 'keyword', + description: 'old value', + }, + { + name: 'banners', + type: 'keyword', + description: 'banners used on printed page', + }, + { + name: 'feature', + type: 'keyword', + description: 'kernel feature being changed', + }, + { + name: 'vm-ctx', + type: 'keyword', + description: "the vm's context string", + }, + { + name: 'opid', + type: 'keyword', + description: "object's process ID", + }, + { + name: 'seperms', + type: 'keyword', + description: 'SELinux permissions being used', + }, + { + name: 'seresult', + type: 'keyword', + description: 'SELinux AVC decision granted/denied', + }, + { + name: 'new-rng', + type: 'keyword', + description: 'device name of rng being added from a vm', + }, + { + name: 'old-net', + type: 'keyword', + description: 'present MAC address assigned to vm', + }, + { + name: 'sigev_signo', + type: 'keyword', + description: 'signal number', + }, + { + name: 'ino', + type: 'keyword', + description: 'inode number', + }, + { + name: 'old_enforcing', + type: 'keyword', + description: 'old MAC enforcement status', + }, + { + name: 'old-vcpu', + type: 'keyword', + description: 'present number of CPU cores', + }, + { + name: 'range', + type: 'keyword', + description: "user's SE Linux range", + }, + { + name: 'res', + type: 'keyword', + description: 'result of the audited operation(success/fail)', + }, + { + name: 'added', + type: 'keyword', + description: 'number of new files detected', + }, + { + name: 'fam', + type: 'keyword', + description: 'socket address family', + }, + { + name: 'nlnk-pid', + type: 'keyword', + description: 'pid of netlink packet sender', + }, + { + name: 'subj', + type: 'keyword', + description: "lspp subject's context string", + }, + { + name: 'a[0-3]', + type: 'keyword', + description: 'the arguments to a syscall', + }, + { + name: 'cgroup', + type: 'keyword', + description: 'path to cgroup in sysfs', + }, + { + name: 'kernel', + type: 'keyword', + description: "kernel's version number", + }, + { + name: 'ocomm', + type: 'keyword', + description: "object's command line name", + }, + { + name: 'new-net', + type: 'keyword', + description: 'MAC address being assigned to vm', + }, + { + name: 'permissive', + type: 'keyword', + description: 'SELinux is in permissive mode', + }, + { + name: 'class', + type: 'keyword', + description: 'resource class assigned to vm', + }, + { + name: 'compat', + type: 'keyword', + description: 'is_compat_task result', + }, + { + name: 'fi', + type: 'keyword', + description: 'file assigned inherited capability map', + }, + { + name: 'changed', + type: 'keyword', + description: 'number of changed files', + }, + { + name: 'msg', + type: 'keyword', + description: 'the payload of the audit record', + }, + { + name: 'dport', + type: 'keyword', + description: 'remote port number', + }, + { + name: 'new-seuser', + type: 'keyword', + description: 'new SELinux user', + }, + { + name: 'invalid_context', + type: 'keyword', + description: 'SELinux context', + }, + { + name: 'dmac', + type: 'keyword', + description: 'remote MAC address', + }, + { + name: 'ipx-net', + type: 'keyword', + description: 'IPX network number', + }, + { + name: 'iuid', + type: 'keyword', + description: "ipc object's user ID", + }, + { + name: 'macproto', + type: 'keyword', + description: 'ethernet packet type ID field', + }, + { + name: 'obj', + type: 'keyword', + description: 'lspp object context string', + }, + { + name: 'ipid', + type: 'keyword', + description: 'IP datagram fragment identifier', + }, + { + name: 'new-fs', + type: 'keyword', + description: 'file system being added to vm', + }, + { + name: 'vm-pid', + type: 'keyword', + description: "vm's process ID", + }, + { + name: 'cap_pi', + type: 'keyword', + description: 'process inherited capability map', + }, + { + name: 'old-auid', + type: 'keyword', + description: 'previous auid value', + }, + { + name: 'oses', + type: 'keyword', + description: "object's session ID", + }, + { + name: 'fd', + type: 'keyword', + description: 'file descriptor number', + }, + { + name: 'igid', + type: 'keyword', + description: "ipc object's group ID", + }, + { + name: 'new-disk', + type: 'keyword', + description: 'disk being added to vm', + }, + { + name: 'parent', + type: 'keyword', + description: 'the inode number of the parent file', + }, + { + name: 'len', + type: 'keyword', + description: 'length', + }, + { + name: 'oflag', + type: 'keyword', + description: 'open syscall flags', + }, + { + name: 'uuid', + type: 'keyword', + description: 'a UUID', + }, + { + name: 'code', + type: 'keyword', + description: 'seccomp action code', + }, + { + name: 'nlnk-grp', + type: 'keyword', + description: 'netlink group number', + }, + { + name: 'cap_fp', + type: 'keyword', + description: 'file permitted capability map', + }, + { + name: 'new-mem', + type: 'keyword', + description: 'new amount of memory in KB', + }, + { + name: 'seperm', + type: 'keyword', + description: 'SELinux permission being decided on', + }, + { + name: 'enforcing', + type: 'keyword', + description: 'new MAC enforcement status', + }, + { + name: 'new-chardev', + type: 'keyword', + description: 'new character device being assigned to vm', + }, + { + name: 'old-rng', + type: 'keyword', + description: 'device name of rng being removed from a vm', + }, + { + name: 'outif', + type: 'keyword', + description: 'out interface number', + }, + { + name: 'cmd', + type: 'keyword', + description: 'command being executed', + }, + { + name: 'hook', + type: 'keyword', + description: 'netfilter hook that packet came from', + }, + { + name: 'new-level', + type: 'keyword', + description: 'new run level', + }, + { + name: 'sauid', + type: 'keyword', + description: 'sent login user ID', + }, + { + name: 'sig', + type: 'keyword', + description: 'signal number', + }, + { + name: 'audit_backlog_wait_time', + type: 'keyword', + description: "audit system's backlog wait time", + }, + { + name: 'printer', + type: 'keyword', + description: 'printer name', + }, + { + name: 'old-mem', + type: 'keyword', + description: 'present amount of memory in KB', + }, + { + name: 'perm', + type: 'keyword', + description: 'the file permission being used', + }, + { + name: 'old_pi', + type: 'keyword', + description: 'old process inherited capability map', + }, + { + name: 'state', + type: 'keyword', + description: 'audit daemon configuration resulting state', + }, + { + name: 'format', + type: 'keyword', + description: "audit log's format", + }, + { + name: 'new_gid', + type: 'keyword', + description: 'new group ID being assigned', + }, + { + name: 'tcontext', + type: 'keyword', + description: "the target's or object's context string", + }, + { + name: 'maj', + type: 'keyword', + description: 'device major number', + }, + { + name: 'watch', + type: 'keyword', + description: 'file name in a watch record', + }, + { + name: 'device', + type: 'keyword', + description: 'device name', + }, + { + name: 'grp', + type: 'keyword', + description: 'group name', + }, + { + name: 'bool', + type: 'keyword', + description: 'name of SELinux boolean', + }, + { + name: 'icmp_type', + type: 'keyword', + description: 'type of icmp message', + }, + { + name: 'new_lock', + type: 'keyword', + description: 'new value of feature lock', + }, + { + name: 'old_prom', + type: 'keyword', + description: 'network promiscuity flag', + }, + { + name: 'acl', + type: 'keyword', + description: 'access mode of resource assigned to vm', + }, + { + name: 'ip', + type: 'keyword', + description: 'network address of a printer', + }, + { + name: 'new_pi', + type: 'keyword', + description: 'new process inherited capability map', + }, + { + name: 'default-context', + type: 'keyword', + description: 'default MAC context', + }, + { + name: 'inode_gid', + type: 'keyword', + description: "group ID of the inode's owner", + }, + { + name: 'new-log_passwd', + type: 'keyword', + description: 'new value for TTY password logging', + }, + { + name: 'new_pe', + type: 'keyword', + description: 'new process effective capability map', + }, + { + name: 'selected-context', + type: 'keyword', + description: 'new MAC context assigned to session', + }, + { + name: 'cap_fver', + type: 'keyword', + description: 'file system capabilities version number', + }, + { + name: 'file', + type: 'keyword', + description: 'file name', + }, + { + name: 'net', + type: 'keyword', + description: 'network MAC address', + }, + { + name: 'virt', + type: 'keyword', + description: 'kind of virtualization being referenced', + }, + { + name: 'cap_pp', + type: 'keyword', + description: 'process permitted capability map', + }, + { + name: 'old-range', + type: 'keyword', + description: 'present SELinux range', + }, + { + name: 'resrc', + type: 'keyword', + description: 'resource being assigned', + }, + { + name: 'new-range', + type: 'keyword', + description: 'new SELinux range', + }, + { + name: 'obj_gid', + type: 'keyword', + description: 'group ID of object', + }, + { + name: 'proto', + type: 'keyword', + description: 'network protocol', + }, + { + name: 'old-disk', + type: 'keyword', + description: 'disk being removed from vm', + }, + { + name: 'audit_failure', + type: 'keyword', + description: "audit system's failure mode", + }, + { + name: 'inif', + type: 'keyword', + description: 'in interface number', + }, + { + name: 'vm', + type: 'keyword', + description: 'virtual machine name', + }, + { + name: 'flags', + type: 'keyword', + description: 'mmap syscall flags', + }, + { + name: 'nlnk-fam', + type: 'keyword', + description: 'netlink protocol number', + }, + { + name: 'old-fs', + type: 'keyword', + description: 'file system being removed from vm', + }, + { + name: 'old-ses', + type: 'keyword', + description: 'previous ses value', + }, + { + name: 'seqno', + type: 'keyword', + description: 'sequence number', + }, + { + name: 'fver', + type: 'keyword', + description: 'file system capabilities version number', + }, + { + name: 'qbytes', + type: 'keyword', + description: 'ipc objects quantity of bytes', + }, + { + name: 'seuser', + type: 'keyword', + description: "user's SE Linux user acct", + }, + { + name: 'cap_fe', + type: 'keyword', + description: 'file assigned effective capability map', + }, + { + name: 'new-vcpu', + type: 'keyword', + description: 'new number of CPU cores', + }, + { + name: 'old-level', + type: 'keyword', + description: 'old run level', + }, + { + name: 'old_pp', + type: 'keyword', + description: 'old process permitted capability map', + }, + { + name: 'daddr', + type: 'keyword', + description: 'remote IP address', + }, + { + name: 'old-role', + type: 'keyword', + description: 'present SELinux role', + }, + { + name: 'ioctlcmd', + type: 'keyword', + description: 'The request argument to the ioctl syscall', + }, + { + name: 'smac', + type: 'keyword', + description: 'local MAC address', + }, + { + name: 'apparmor', + type: 'keyword', + description: 'apparmor event information', + }, + { + name: 'fe', + type: 'keyword', + description: 'file assigned effective capability map', + }, + { + name: 'perm_mask', + type: 'keyword', + description: 'file permission mask that triggered a watch event', + }, + { + name: 'ses', + type: 'keyword', + description: 'login session ID', + }, + { + name: 'cap_fi', + type: 'keyword', + description: 'file inherited capability map', + }, + { + name: 'obj_uid', + type: 'keyword', + description: 'user ID of object', + }, + { + name: 'reason', + type: 'keyword', + description: 'text string denoting a reason for the action', + }, + { + name: 'list', + type: 'keyword', + description: "the audit system's filter list number", + }, + { + name: 'old_lock', + type: 'keyword', + description: 'present value of feature lock', + }, + { + name: 'bus', + type: 'keyword', + description: 'name of subsystem bus a vm resource belongs to', + }, + { + name: 'old_pe', + type: 'keyword', + description: 'old process effective capability map', + }, + { + name: 'new-role', + type: 'keyword', + description: 'new SELinux role', + }, + { + name: 'prom', + type: 'keyword', + description: 'network promiscuity flag', + }, + { + name: 'uri', + type: 'keyword', + description: 'URI pointing to a printer', + }, + { + name: 'audit_enabled', + type: 'keyword', + description: "audit systems's enable/disable status", + }, + { + name: 'old-log_passwd', + type: 'keyword', + description: 'present value for TTY password logging', + }, + { + name: 'old-seuser', + type: 'keyword', + description: 'present SELinux user', + }, + { + name: 'per', + type: 'keyword', + description: 'linux personality', + }, + { + name: 'scontext', + type: 'keyword', + description: "the subject's context string", + }, + { + name: 'tclass', + type: 'keyword', + description: "target's object classification", + }, + { + name: 'ver', + type: 'keyword', + description: "audit daemon's version number", + }, + { + name: 'new', + type: 'keyword', + description: 'value being set in feature', + }, + { + name: 'val', + type: 'keyword', + description: 'generic value associated with the operation', + }, + { + name: 'img-ctx', + type: 'keyword', + description: "the vm's disk image context string", + }, + { + name: 'old-chardev', + type: 'keyword', + description: 'present character device assigned to vm', + }, + { + name: 'old_val', + type: 'keyword', + description: 'current value of SELinux boolean', + }, + { + name: 'success', + type: 'keyword', + description: 'whether the syscall was successful or not', + }, + { + name: 'inode_uid', + type: 'keyword', + description: "user ID of the inode's owner", + }, + { + name: 'removed', + type: 'keyword', + description: 'number of deleted files', + }, + { + name: 'socket', + type: 'group', + fields: [ + { + name: 'port', + type: 'keyword', + description: 'The port number.', + }, + { + name: 'saddr', + type: 'keyword', + description: 'The raw socket address structure.', + }, + { + name: 'addr', + type: 'keyword', + description: 'The remote address.', + }, + { + name: 'family', + type: 'keyword', + example: 'unix', + description: 'The socket family (unix, ipv4, ipv6, netlink).', + }, + { + name: 'path', + type: 'keyword', + description: 'This is the path associated with a unix socket.', + }, + ], + }, + ], }, { - name: 'update', + name: 'messages', + type: 'alias', + migration: true, + path: 'event.original', description: - 'A BSON document that specifies the update to be performed. For information on specifying updates, see the Update Operations documentation from the MongoDB Manual.', + 'An ordered list of the raw messages received from the kernel that were used to construct this document. This field is present if an error occurred processing the data or if `include_raw_message` is set in the config.\n', }, { - name: 'cursorId', + name: 'warnings', + type: 'alias', + migration: true, + path: 'error.message', description: - 'The cursor identifier returned in the OP_REPLY. This must be the value that was returned from the database.', + 'The warnings generated by the Beat during the construction of the event. These are disabled by default and are used for development and debug purposes only.\n', }, ], }, - ], - }, - { - key: 'mysql', - title: 'MySQL', - description: 'MySQL-specific event fields.', - fields: [ { - name: 'mysql', + name: 'geoip', type: 'group', + description: + 'The geoip fields are defined as a convenience in case you decide to enrich the data using a geoip filter in Logstash or Ingest Node.\n', fields: [ { - name: 'affected_rows', - type: 'long', - description: - 'If the MySQL command is successful, this field contains the affected number of rows of the last statement.', - }, - { - name: 'insert_id', - description: - 'If the INSERT query is successful, this field contains the id of the newly inserted row.', - }, - { - name: 'num_fields', - description: - 'If the SELECT query is successful, this field is set to the number of fields returned.', + name: 'continent_name', + type: 'keyword', + description: 'The name of the continent.\n', }, { - name: 'num_rows', - description: - 'If the SELECT query is successful, this field is set to the number of rows returned.', + name: 'city_name', + type: 'keyword', + description: 'The name of the city.\n', }, { - name: 'query', - description: "The row mysql query as read from the transaction's request. ", + name: 'region_name', + type: 'keyword', + description: 'The name of the region.\n', }, { - name: 'error_code', - type: 'long', - description: 'The error code returned by MySQL.', + name: 'country_iso_code', + type: 'keyword', + description: 'Country ISO code.\n', }, { - name: 'error_message', - description: 'The error info message returned by MySQL.', + name: 'location', + type: 'geo_point', + description: 'The longitude and latitude.\n', }, ], }, ], }, { - key: 'nfs', - title: 'NFS', - description: 'NFS v4/3 specific event fields.', + key: 'file_integrity', + title: 'File Integrity', + description: 'These are the fields generated by the file_integrity module.', fields: [ { - name: 'nfs', - type: 'group', - fields: [ - { - name: 'version', - type: 'long', - description: 'NFS protocol version number.', - }, - { - name: 'minor_version', - type: 'long', - description: 'NFS protocol minor version number.', - }, - { - name: 'tag', - description: 'NFS v4 COMPOUND operation tag.', - }, - { - name: 'opcode', - description: 'NFS operation name, or main operation name, in case of COMPOUND calls.', - }, - { - name: 'status', - description: 'NFS operation reply status.', - }, - ], - }, - { - name: 'rpc', + name: 'hash', type: 'group', - description: 'ONC RPC specific event fields.', + description: + 'Hashes of the file. The keys are algorithm names and the values are the hex encoded digest values.\n', fields: [ { - name: 'xid', - description: 'RPC message transaction identifier.', - }, - { - name: 'status', - description: 'RPC message reply status.', - }, - { - name: 'auth_flavor', - description: 'RPC authentication flavor.', - }, - { - name: 'cred.uid', - type: 'long', - description: "RPC caller's user id, in case of auth-unix.", - }, - { - name: 'cred.gid', - type: 'long', - description: "RPC caller's group id, in case of auth-unix.", - }, - { - name: 'cred.gids', - description: "RPC caller's secondary group ids, in case of auth-unix.", + name: 'blake2b_256', + type: 'keyword', + description: 'BLAKE2b-256 hash of the file.', }, { - name: 'cred.stamp', - type: 'long', - description: 'Arbitrary ID which the caller machine may generate.', + name: 'blake2b_384', + type: 'keyword', + description: 'BLAKE2b-384 hash of the file.', }, { - name: 'cred.machinename', - description: "The name of the caller's machine.", + name: 'blake2b_512', + type: 'keyword', + description: 'BLAKE2b-512 hash of the file.', }, { - name: 'call_size', - type: 'alias', - path: 'source.bytes', - migration: true, - description: 'RPC call size with argument.', + name: 'md5', + overwrite: true, + type: 'keyword', + description: 'MD5 hash of the file.', }, { - name: 'reply_size', - type: 'alias', - path: 'destination.bytes', - migration: true, - description: 'RPC reply size with argument.', + name: 'sha1', + overwrite: true, + type: 'keyword', + description: 'SHA1 hash of the file.', }, - ], - }, - ], - }, - { - key: 'pgsql', - title: 'PostgreSQL', - description: 'PostgreSQL-specific event fields.', - fields: [ - { - name: 'pgsql', - type: 'group', - fields: [ { - name: 'error_code', - description: 'The PostgreSQL error code.', - type: 'long', + name: 'sha224', + type: 'keyword', + description: 'SHA224 hash of the file.', }, { - name: 'error_message', - description: 'The PostgreSQL error message.', + name: 'sha256', + overwrite: true, + type: 'keyword', + description: 'SHA256 hash of the file.', }, { - name: 'error_severity', - description: 'The PostgreSQL error severity.', - possible_values: ['ERROR', 'FATAL', 'PANIC'], + name: 'sha384', + type: 'keyword', + description: 'SHA384 hash of the file.', }, { - name: 'num_fields', - description: - 'If the SELECT query if successful, this field is set to the number of fields returned.', + name: 'sha3_224', + type: 'keyword', + description: 'SHA3_224 hash of the file.', }, { - name: 'num_rows', - description: - 'If the SELECT query if successful, this field is set to the number of rows returned.', + name: 'sha3_256', + type: 'keyword', + description: 'SHA3_256 hash of the file.', }, - ], - }, - ], - }, - { - key: 'redis', - title: 'Redis', - description: 'Redis-specific event fields.', - fields: [ - { - name: 'redis', - type: 'group', - fields: [ { - name: 'return_value', - description: 'The return value of the Redis command in a human readable format.', + name: 'sha3_384', + type: 'keyword', + description: 'SHA3_384 hash of the file.', }, { - name: 'error', - description: - 'If the Redis command has resulted in an error, this field contains the error message returned by the Redis server.', + name: 'sha3_512', + type: 'keyword', + description: 'SHA3_512 hash of the file.', }, - ], - }, - ], - }, - { - key: 'thrift', - title: 'Thrift-RPC', - description: 'Thrift-RPC specific event fields.', - fields: [ - { - name: 'thrift', - type: 'group', - fields: [ { - name: 'params', - description: - 'The RPC method call parameters in a human readable format. If the IDL files are available, the parameters use names whenever possible. Otherwise, the IDs from the message are used.', + name: 'sha512', + overwrite: true, + type: 'keyword', + description: 'SHA512 hash of the file.', }, { - name: 'service', - description: 'The name of the Thrift-RPC service as defined in the IDL files.', + name: 'sha512_224', + type: 'keyword', + description: 'SHA512/224 hash of the file.', }, { - name: 'return_value', - description: - 'The value returned by the Thrift-RPC call. This is encoded in a human readable format.', + name: 'sha512_256', + type: 'keyword', + description: 'SHA512/256 hash of the file.', }, { - name: 'exceptions', - description: - 'If the call resulted in exceptions, this field contains the exceptions in a human readable format.', + name: 'xxh64', + type: 'keyword', + description: 'XX64 hash of the file.', }, ], }, ], }, { - key: 'tls', - title: 'TLS', - description: 'TLS-specific event fields.', + key: 'system', + title: 'System', + description: 'These are the fields generated by the system module.\n', + release: 'beta', fields: [ { - name: 'tls', + name: 'event', type: 'group', fields: [ { - name: 'version', + name: 'origin', type: 'keyword', - description: 'The version of the TLS protocol used.', - example: 'TLS 1.3', - }, - { - name: 'handshake_completed', - type: 'boolean', description: - 'Whether the TLS negotiation has been successful and the session has transitioned to encrypted mode.', - }, - { - name: 'resumed', - type: 'boolean', - description: 'If the TLS session has been resumed from a previous session.', + 'Origin of the event. This can be a file path (e.g. `/var/log/log.1`), or the name of the system component that supplied the data (e.g. `netlink`).\n', }, + ], + }, + { + name: 'user', + type: 'group', + fields: [ { - name: 'resumption_method', + name: 'entity_id', type: 'keyword', description: - 'If the session has been resumed, the underlying method used. One of "id" for TLS session ID or "ticket" for TLS ticket extension.', + 'ID uniquely identifying the user on a host. It is computed as a SHA-256 hash of the host ID, user ID, and user name.\n', }, { - name: 'client_certificate_requested', - type: 'boolean', - description: - 'Whether the server has requested the client to authenticate itself using a client certificate.', + name: 'terminal', + type: 'keyword', + description: 'Terminal of the user.\n', }, + ], + }, + { + name: 'process', + type: 'group', + fields: [ { - name: 'client_hello', + name: 'hash', type: 'group', + description: + 'Hashes of the executable. The keys are algorithm names and the values are the hex encoded digest values.\n', fields: [ { - name: 'version', + name: 'blake2b_256', type: 'keyword', - description: - 'The version of the TLS protocol by which the client wishes to communicate during this session.', + description: 'BLAKE2b-256 hash of the executable.', }, { - name: 'supported_ciphers', - type: 'array', - description: - 'List of ciphers the client is willing to use for this session. See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4', + name: 'blake2b_384', + type: 'keyword', + description: 'BLAKE2b-384 hash of the executable.', }, { - name: 'supported_compression_methods', - type: 'array', - description: - 'The list of compression methods the client supports. See https://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xhtml', + name: 'blake2b_512', + type: 'keyword', + description: 'BLAKE2b-512 hash of the executable.', }, { - name: 'extensions', - type: 'group', - description: 'The hello extensions provided by the client.', - fields: [ - { - name: 'server_name_indication', - type: 'keyword', - description: 'List of hostnames', - }, - { - name: 'application_layer_protocol_negotiation', - type: 'keyword', - description: - 'List of application-layer protocols the client is willing to use.', - }, - { - name: 'session_ticket', - type: 'keyword', - description: - 'Length of the session ticket, if provided, or an empty string to advertise support for tickets.', - }, - { - name: 'supported_versions', - type: 'keyword', - description: 'List of TLS versions that the client is willing to use.', - }, - { - name: 'supported_groups', - type: 'keyword', - description: - 'List of Elliptic Curve Cryptography (ECC) curve groups supported by the client.', - }, - { - name: 'signature_algorithms', - type: 'keyword', - description: - 'List of signature algorithms that may be use in digital signatures.', - }, - { - name: 'ec_points_formats', - type: 'keyword', - description: - 'List of Elliptic Curve (EC) point formats. Indicates the set of point formats that the client can parse.', - }, - { - name: '_unparsed_', - type: 'keyword', - description: 'List of extensions that were left unparsed by Packetbeat.', - }, - ], + name: 'sha224', + type: 'keyword', + description: 'SHA224 hash of the executable.', }, - ], - }, - { - name: 'server_hello', - type: 'group', - fields: [ { - name: 'version', + name: 'sha384', type: 'keyword', - description: - 'The version of the TLS protocol that is used for this session. It is the highest version supported by the server not exceeding the version requested in the client hello.', + description: 'SHA384 hash of the executable.', }, { - name: 'selected_cipher', + name: 'sha3_224', type: 'keyword', - description: - 'The cipher suite selected by the server from the list provided by in the client hello.', + description: 'SHA3_224 hash of the executable.', }, { - name: 'selected_compression_method', + name: 'sha3_256', type: 'keyword', - description: - 'The compression method selected by the server from the list provided in the client hello.', + description: 'SHA3_256 hash of the executable.', }, { - name: 'session_id', + name: 'sha3_384', type: 'keyword', - description: - 'Unique number to identify the session for the corresponding connection with the client.', + description: 'SHA3_384 hash of the executable.', }, { - name: 'extensions', - type: 'group', - description: 'The hello extensions provided by the server.', - fields: [ - { - name: 'application_layer_protocol_negotiation', - type: 'array', - description: 'Negotiated application layer protocol', - }, - { - name: 'session_ticket', - type: 'keyword', - description: - 'Used to announce that a session ticket will be provided by the server. Always an empty string.', - }, - { - name: 'supported_versions', - type: 'keyword', - description: 'Negotiated TLS version to be used.', - }, - { - name: 'ec_points_formats', - type: 'keyword', - description: - 'List of Elliptic Curve (EC) point formats. Indicates the set of point formats that the server can parse.', - }, - { - name: '_unparsed_', - type: 'keyword', - description: 'List of extensions that were left unparsed by Packetbeat.', - }, - ], + name: 'sha3_512', + type: 'keyword', + description: 'SHA3_512 hash of the executable.', + }, + { + name: 'sha512_224', + type: 'keyword', + description: 'SHA512/224 hash of the executable.', + }, + { + name: 'sha512_256', + type: 'keyword', + description: 'SHA512/256 hash of the executable.', + }, + { + name: 'xxh64', + type: 'keyword', + description: 'XX64 hash of the executable.', }, ], }, + ], + }, + { + name: 'socket', + type: 'group', + fields: [ + { + name: 'entity_id', + type: 'keyword', + description: + 'ID uniquely identifying the socket. It is computed as a SHA-256 hash of the host ID, socket inode, local IP, local port, remote IP, and remote port.\n', + }, + ], + }, + { + name: 'system.audit', + type: 'group', + description: '\n', + fields: [ { - name: 'client_certificate', + name: 'host', type: 'group', - description: 'Certificate provided by the client for authentication.', + description: '`host` contains general host information.\n', + release: 'beta', fields: [ { - name: 'version', + name: 'uptime', type: 'long', - description: 'X509 format version.', - }, - { - name: 'serial_number', - type: 'keyword', - description: "The certificate's serial number.", + format: 'duration', + input_format: 'nanoseconds', + output_format: 'asDays', + output_precision: 1, + description: 'Uptime in nanoseconds.\n', }, { - name: 'not_before', + name: 'boottime', type: 'date', - description: 'Date before which the certificate is not valid.', + description: 'Boot time.\n', }, { - name: 'not_after', - type: 'date', - description: 'Date after which the certificate expires.', + name: 'containerized', + type: 'boolean', + description: 'Set if host is a container.\n', }, { - name: 'public_key_algorithm', + name: 'timezone.name', type: 'keyword', - description: - "The algorithm used for this certificate's public key. One of RSA, DSA or ECDSA. ", + description: 'Name of the timezone of the host, e.g. BST.\n', }, { - name: 'public_key_size', + name: 'timezone.offset.sec', type: 'long', - description: 'Size of the public key.', + description: 'Timezone offset in seconds.\n', + }, + { + name: 'hostname', + type: 'keyword', + description: 'Hostname.\n', }, { - name: 'signature_algorithm', + name: 'id', type: 'keyword', - description: "The algorithm used for the certificate's signature. ", + description: 'Host ID.\n', }, { - name: 'alternative_names', - type: 'array', - description: 'Subject Alternative Names for this certificate.', + name: 'architecture', + type: 'keyword', + description: 'Host architecture (e.g. x86_64).\n', }, { - name: 'raw', + name: 'mac', type: 'keyword', - description: 'The raw certificate in PEM format.', + description: 'MAC addresses.\n', }, { - name: 'subject', - type: 'group', - description: 'Subject represented by this certificate.', - fields: [ - { - name: 'country', - type: 'keyword', - description: 'Country code.', - }, - { - name: 'organization', - type: 'keyword', - description: 'Organization name.', - }, - { - name: 'organizational_unit', - type: 'keyword', - description: 'Unit within organization.', - }, - { - name: 'province', - type: 'keyword', - description: 'Province or region within country.', - }, - { - name: 'common_name', - type: 'keyword', - description: 'Name or host name identified by the certificate.', - }, - ], + name: 'ip', + type: 'ip', + description: 'IP addresses.\n', }, { - name: 'issuer', + name: 'os', type: 'group', - description: 'Entity that issued and signed this certificate.', + description: '`os` contains information about the operating system.\n', fields: [ { - name: 'country', + name: 'codename', type: 'keyword', - description: 'Country code.', + description: 'OS codename, if any (e.g. stretch).\n', }, { - name: 'organization', + name: 'platform', type: 'keyword', - description: 'Organization name.', + description: 'OS platform (e.g. centos, ubuntu, windows).\n', }, { - name: 'organizational_unit', + name: 'name', type: 'keyword', - description: 'Unit within organization.', + description: 'OS name (e.g. Mac OS X).\n', }, { - name: 'province', - type: 'keyword', - description: 'Province or region within country.', - }, - { - name: 'common_name', - type: 'keyword', - description: 'Name or host name identified by the certificate.', - }, - ], - }, - { - name: 'fingerprint', - type: 'group', - fields: [ - { - name: 'md5', + name: 'family', type: 'keyword', - description: "Certificate's MD5 fingerprint.", + description: 'OS family (e.g. redhat, debian, freebsd, windows).\n', }, { - name: 'sha1', + name: 'version', type: 'keyword', - description: "Certificate's SHA-1 fingerprint.", + description: 'OS version.\n', }, { - name: 'sha256', + name: 'kernel', type: 'keyword', - description: "Certificate's SHA-256 fingerprint.", + description: "The operating system's kernel version.\n", }, ], }, ], }, { - name: 'server_certificate', + name: 'package', type: 'group', - description: 'Certificate provided by the server for authentication.', + description: '`package` contains information about an installed or removed package.\n', + release: 'beta', fields: [ + { + name: 'entity_id', + type: 'keyword', + description: + 'ID uniquely identifying the package. It is computed as a SHA-256 hash of the host ID, package name, and package version.\n', + }, + { + name: 'name', + type: 'keyword', + description: 'Package name.\n', + }, { name: 'version', - type: 'long', - description: 'X509 format version.', + type: 'keyword', + description: 'Package version.\n', }, { - name: 'serial_number', + name: 'release', type: 'keyword', - description: "The certificate's serial number.", + description: 'Package release.\n', }, { - name: 'not_before', - type: 'date', - description: 'Date before which the certificate is not valid.', + name: 'arch', + type: 'keyword', + description: 'Package architecture.\n', }, { - name: 'not_after', + name: 'license', + type: 'keyword', + description: 'Package license.\n', + }, + { + name: 'installtime', type: 'date', - description: 'Date after which the certificate expires.', + description: 'Package install time.\n', + }, + { + name: 'size', + type: 'long', + description: 'Package size.\n', + }, + { + name: 'summary', + description: 'Package summary.\n', }, { - name: 'public_key_algorithm', + name: 'url', type: 'keyword', - description: - "The algorithm used for this certificate's public key. One of RSA, DSA or ECDSA. ", + description: 'Package URL.\n', }, + ], + }, + { + name: 'user', + type: 'group', + description: '`user` contains information about the users on a system.\n', + release: 'beta', + fields: [ { - name: 'public_key_size', - type: 'long', - description: 'Size of the public key.', + name: 'name', + type: 'keyword', + description: 'User name.\n', }, { - name: 'signature_algorithm', + name: 'uid', type: 'keyword', - description: "The algorithm used for the certificate's signature. ", + description: 'User ID.\n', }, { - name: 'alternative_names', - type: 'array', - description: 'Subject Alternative Names for this certificate.', + name: 'gid', + type: 'keyword', + description: 'Group ID.\n', }, { - name: 'raw', + name: 'dir', type: 'keyword', - description: 'The raw certificate in PEM format.', + description: "User's home directory.\n", }, { - name: 'subject', - type: 'group', - description: 'Subject represented by this certificate.', - fields: [ - { - name: 'country', - type: 'keyword', - description: 'Country code.', - }, - { - name: 'organization', - type: 'keyword', - description: 'Organization name.', - }, - { - name: 'organizational_unit', - type: 'keyword', - description: 'Unit within organization.', - }, - { - name: 'province', - type: 'keyword', - description: 'Province or region within country.', - }, - { - name: 'common_name', - type: 'keyword', - description: 'Name or host name identified by the certificate.', - }, - ], + name: 'shell', + type: 'keyword', + description: 'Program to run at login.\n', }, { - name: 'issuer', - type: 'group', - description: 'Entity that issued and signed this certificate.', - fields: [ - { - name: 'country', - type: 'keyword', - description: 'Country code.', - }, - { - name: 'organization', - type: 'keyword', - description: 'Organization name.', - }, - { - name: 'organizational_unit', - type: 'keyword', - description: 'Unit within organization.', - }, - { - name: 'province', - type: 'keyword', - description: 'Province or region within country.', - }, - { - name: 'common_name', - type: 'keyword', - description: 'Name or host name identified by the certificate.', - }, - ], + name: 'user_information', + type: 'keyword', + description: 'General user information. On Linux, this is the gecos field.\n', }, { - name: 'fingerprint', - type: 'group', + name: 'group', + type: 'object', + description: + "`group` contains information about any groups the user is part of (beyond the user's primary group).\n", fields: [ { - name: 'md5', + name: 'name', type: 'keyword', - description: "Certificate's MD5 fingerprint.", + description: 'Group name.\n', }, { - name: 'sha1', - type: 'keyword', - description: "Certificate's SHA-1 fingerprint.", - }, - { - name: 'sha256', - type: 'keyword', - description: "Certificate's SHA-256 fingerprint.", + name: 'gid', + type: 'integer', + description: 'Group ID.\n', }, ], }, - ], - }, - { - name: 'server_certificate_chain', - type: 'array', - description: 'Chain of trust for the server certificate.', - }, - { - name: 'client_certificate_chain', - type: 'array', - description: 'Chain of trust for the client certificate.', - }, - { - name: 'alert_types', - type: 'keyword', - description: 'An array containing the TLS alert type for every alert received.', - }, - { - name: 'fingerprints', - type: 'group', - description: 'Fingerprints for this TLS session.', - fields: [ { - name: 'ja3', + name: 'password', type: 'group', - description: 'JA3 TLS client fingerprint', + description: + "`password` contains information about a user's password (not the password itself).\n", fields: [ { - name: 'hash', + name: 'type', type: 'keyword', - description: 'The JA3 fingerprint hash for the client side.', + description: + "A user's password type. Possible values are `shadow_password` (the password hash is in the shadow file), `password_disabled`, `no_password` (this is dangerous as anyone can log in), and `crypt_password` (when the password field in /etc/passwd seems to contain an encrypted password).\n", }, { - name: 'str', - type: 'keyword', - description: 'The JA3 string used to calculate the hash.', + name: 'last_changed', + type: 'date', + description: "The day the user's password was last changed.\n", }, ], }, diff --git a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/ecs.ts b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/ecs.ts index 34deee7fa8895..a439d105d63df 100644 --- a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/ecs.ts +++ b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/ecs.ts @@ -13,1997 +13,5663 @@ * instances e.g. `@timestamp` to `timestamp` */ -import { EcsSchema } from '../type'; +import { Schema } from '../type'; -export const ecsSchema: EcsSchema = { - agent: { - description: - 'The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken.\n', - fields: { - 'agent.ephemeral_id': { - description: - 'Ephemeral identifier of this agent (if one exists).\nThis id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', - footnote: '', - group: 2, - level: 'extended', - name: 'agent.ephemeral_id', - required: false, - type: 'keyword', - }, - 'agent.id': { - description: - 'Unique identifier of this agent (if one exists).\nExample: For Beats this would be beat.id.', - example: '8a4f500d', - footnote: '', - group: 2, - level: 'core', - name: 'agent.id', - required: false, - type: 'keyword', - }, - 'agent.name': { - description: - 'Name of the agent.\nThis is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from.\nIf no name is given, the name is often left empty.', - example: 'foo', - footnote: '', - group: 2, - level: 'core', - name: 'agent.name', - required: false, - type: 'keyword', - }, - 'agent.type': { - description: - 'Type of the agent.\nThe agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.', - example: 'filebeat', - footnote: '', - group: 2, - level: 'core', - name: 'agent.type', - required: false, - type: 'keyword', - }, - 'agent.version': { - description: 'Version of the agent.', - example: '6.0.0-rc2', - footnote: '', - group: 2, - level: 'core', - name: 'agent.version', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'agent', - title: 'Agent', - type: 'group', - }, - base: { - description: - 'The base set contains all fields which are on the top level. These fields are common across all types of events.\n', - fields: { - '@timestamp': { - description: - 'Date/time when the event originated.\nFor log events this is the date/time when the event was generated, and not when it was read.\nRequired field for all events.', - example: '2016-05-23T08:05:34.853Z', - footnote: '', - group: 1, - level: 'core', +export const ecsSchema: Schema = [ + { + key: 'ecs', + title: 'ECS', + description: 'ECS Fields.', + fields: [ + { name: '@timestamp', + level: 'core', required: true, type: 'date', - }, - labels: { description: - 'Key/value pairs.\nCan be used to add meta information to events. Should not contain nested objects. All values are stored as keyword.\nExample: `docker` and `k8s` labels.', - example: "{'application': 'foo-bar', 'env': 'production'}", - footnote: '', - group: 1, - level: 'core', + 'Date/time when the event originated.\n\nThis is the date/time extracted from the event, typically representing when\nthe event was generated by the source.\n\nIf the event source has no original timestamp, this value is typically populated\nby the first time the event was received by the pipeline.\n\nRequired field for all events.', + example: '2016-05-23T08:05:34.853Z', + }, + { name: 'labels', - required: false, + level: 'core', type: 'object', - }, - message: { + object_type: 'keyword', description: - 'For log events the message field contains the log message.\nIn other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', - footnote: '', - group: 1, - level: 'core', + 'Custom key/value pairs.\n\nCan be used to add meta information to events. Should not contain nested objects.\nAll values are stored as keyword.\n\nExample: `docker` and `k8s` labels.', + example: '{"application": "foo-bar", "env": "production"}', + }, + { name: 'message', - required: false, + level: 'core', type: 'text', + description: + 'For log events the message field contains the log message, optimized\nfor viewing in a log viewer.\n\nFor structured logs without an original message field, other fields can be concatenated\nto form a human-readable summary of the event.\n\nIf multiple messages exist, they can be combined into one message.', + example: 'Hello World', }, - tags: { - description: 'List of keywords used to tag each event.', - example: '["production", "env2"]', - footnote: '', - group: 1, - level: 'core', + { name: 'tags', - required: false, - type: 'keyword', - }, - }, - group: 1, - name: 'base', - title: 'Base', - type: 'group', - }, - client: { - description: - 'A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjuction with server fields. Client fields are generally not populated for packet-level events. \n', - fields: { - 'client.bytes': { - description: 'Bytes sent from the client to the server.', - example: '184', - footnote: '', - group: 2, level: 'core', - name: 'client.bytes', - required: false, - type: 'long', - }, - 'client.domain': { - description: 'Client domain.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'client.domain', - required: false, - type: 'keyword', - }, - 'client.ip': { - description: 'IP address of the client.\nCan be one or multiple IPv4 or IPv6 addresses.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'client.ip', - required: false, - type: 'ip', - }, - 'client.mac': { - description: 'MAC address of the client.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'client.mac', - required: false, type: 'keyword', + ignore_above: 1024, + description: 'List of keywords used to tag each event.', + example: '["production", "env2"]', }, - 'client.packets': { - description: 'Packets sent from the client to the server.', - example: '12', - footnote: '', - group: 2, - level: 'core', - name: 'client.packets', - required: false, - type: 'long', - }, - 'client.port': { - description: 'Port of the client.', - example: '', - footnote: '', + { + name: 'agent', + title: 'Agent', group: 2, - level: 'core', - name: 'client.port', - required: false, - type: 'long', - }, - }, - group: 2, - name: 'client', - title: 'Client', - type: 'group', - }, - cloud: { - description: 'Fields related to the cloud or infrastructure the events are coming from.\n', - fields: { - 'cloud.account.id': { description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', - footnote: '', - group: 2, - level: 'extended', - name: 'cloud.account.id', - required: false, - type: 'keyword', - }, - 'cloud.availability_zone': { - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', - footnote: '', - group: 2, - level: 'extended', - name: 'cloud.availability_zone', - required: false, - type: 'keyword', - }, - 'cloud.instance.id': { - description: 'Instance ID of the host machine.', - example: 'i-1234567890abcdef0', - footnote: '', - group: 2, - level: 'extended', - name: 'cloud.instance.id', - required: false, - type: 'keyword', - }, - 'cloud.instance.name': { - description: 'Instance name of the host machine.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'cloud.instance.name', - required: false, - type: 'keyword', - }, - 'cloud.machine.type': { - description: 'Machine type of the host machine.', - example: 't2.medium', - footnote: '', - group: 2, - level: 'extended', - name: 'cloud.machine.type', - required: false, - type: 'keyword', - }, - 'cloud.provider': { - description: 'Name of the cloud provider. Example values are ec2, gce, or digitalocean.', - example: 'ec2', - footnote: '', - group: 2, - level: 'extended', - name: 'cloud.provider', - required: false, - type: 'keyword', - }, - 'cloud.region': { - description: 'Region in which this host is running.', - example: 'us-east-1', - footnote: '', - group: 2, - level: 'extended', - name: 'cloud.region', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'cloud', - title: 'Cloud', - type: 'group', - }, - container: { - description: - 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.\n', - fields: { - 'container.id': { - description: 'Unique container id.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'container.id', - required: false, - type: 'keyword', - }, - 'container.image.name': { - description: 'Name of the image the container was built on.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'container.image.name', - required: false, - type: 'keyword', - }, - 'container.image.tag': { - description: 'Container image tag.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'container.image.tag', - required: false, - type: 'keyword', - }, - 'container.labels': { - description: 'Image labels.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'container.labels', - required: false, - type: 'object', - }, - 'container.name': { - description: 'Container name.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'container.name', - required: false, - type: 'keyword', - }, - 'container.runtime': { - description: 'Runtime managing this container.', - example: 'docker', - footnote: '', + 'The agent fields contain the data about the software entity, if\nany, that collects, detects, or observes events on a host, or takes measurements\non a host.\n\nExamples include Beats. Agents may also run on observers. ECS agent.* fields\nshall be populated with details of the agent running on the host or observer\nwhere the event happened or the measurement was taken.', + footnote: + 'Examples: In the case of Beats for logs, the agent.name is filebeat.\nFor APM, it is the agent running in the app/service. The agent information does\nnot change if data is sent through queuing systems like Kafka, Redis, or processing\nsystems such as Logstash or APM Server.', + type: 'group', + fields: [ + { + name: 'build.original', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Extended build information for the agent.\n\nThis field is intended to contain any build information that a data source\nmay provide, no specific formatting is required.', + example: + 'metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c\nbuilt 2020-02-05 23:10:10 +0000 UTC]', + default_field: false, + }, + { + name: 'ephemeral_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Ephemeral identifier of this agent (if one exists).\n\nThis id normally changes across restarts, but `agent.id` does not.', + example: '8a4f500f', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of this agent (if one exists).\n\nExample: For Beats this would be beat.id.', + example: '8a4f500d', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Custom name of the agent.\n\nThis is a name that can be given to an agent. This can be helpful if for example\ntwo Filebeat instances are running on the same host but a human readable separation\nis needed on which Filebeat instance data is coming from.\n\nIf no name is given, the name is often left empty.', + example: 'foo', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Type of the agent.\n\nThe agent type stays always the same and should be given by the agent used.\nIn case of Filebeat the agent would always be Filebeat also if two Filebeat\ninstances are run on the same machine.', + example: 'filebeat', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Version of the agent.', + example: '6.0.0-rc2', + }, + ], + }, + { + name: 'as', + title: 'Autonomous System', group: 2, - level: 'extended', - name: 'container.runtime', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'container', - title: 'Container', - type: 'group', - }, - destination: { - description: - 'Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields.\n', - fields: { - 'destination.bytes': { - description: 'Bytes sent from the destination to the source.', - example: '184', - footnote: '', - group: 2, - level: 'core', - name: 'destination.bytes', - required: false, - type: 'long', - }, - 'destination.domain': { - description: 'Destination domain.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'destination.domain', - required: false, - type: 'keyword', - }, - 'destination.ip': { description: - 'IP address of the destination.\nCan be one or multiple IPv4 or IPv6 addresses.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'destination.ip', - required: false, - type: 'ip', - }, - 'destination.mac': { - description: 'MAC address of the destination.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'destination.mac', - required: false, - type: 'keyword', - }, - 'destination.packets': { - description: 'Packets sent from the destination to the source.', - example: '12', - footnote: '', - group: 2, - level: 'core', - name: 'destination.packets', - required: false, - type: 'long', - }, - 'destination.port': { - description: 'Port of the destination.', - example: '', - footnote: '', + 'An autonomous system (AS) is a collection of connected Internet Protocol\n(IP) routing prefixes under the control of one or more network operators on\nbehalf of a single administrative entity or domain that presents a common, clearly\ndefined routing policy to the internet.', + type: 'group', + fields: [ + { + name: 'number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + ], + }, + { + name: 'client', + title: 'Client', group: 2, - level: 'core', - name: 'destination.port', - required: false, - type: 'long', - }, - }, - group: 2, - name: 'destination', - title: 'Destination', - type: 'group', - }, - ecs: { - description: 'Meta-information specific to ECS.\n', - fields: { - 'ecs.version': { description: - 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.\nWhen querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.\nThe current version is 1.0.0-beta1 .', - example: '1.0.0-beta1', - footnote: '', - group: 2, - level: 'core', - name: 'ecs.version', - required: true, - type: 'keyword', - }, - }, - group: 2, - name: 'ecs', - title: 'ECS', - type: 'group', - }, - error: { - description: - 'These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error.\n', - fields: { - 'error.code': { - description: 'Error code describing the error.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'error.code', - required: false, - type: 'keyword', - }, - 'error.id': { - description: 'Unique identifier for the error.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'error.id', - required: false, - type: 'keyword', - }, - 'error.message': { - description: 'Error message.', - example: '', - footnote: '', + 'A client is defined as the initiator of a network connection for\nevents regarding sessions, connections, or bidirectional flow records.\n\nFor TCP events, the client is the initiator of the TCP connection that sends\nthe SYN packet(s). For other protocols, the client is generally the initiator\nor requestor in the network transaction. Some systems use the term "originator"\nto refer the client in TCP connections. The client fields describe details about\nthe system acting as the client in the network event. Client fields are usually\npopulated in conjunction with server fields. Client fields are generally not\npopulated for packet-level events.\n\nClient / server representations can add semantic context to an exchange, which\nis helpful to visualize the data in certain situations. If your context falls\nin that category, you should still ensure that source and destination are filled\nappropriately.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event client addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the client to the server.', + example: 184, + }, + { + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Client domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: 'IP address of the client (IPv4 or IPv6).', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the client.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated IP of source based NAT sessions (e.g. internal client\nto internet).\n\nTypically connections traversing load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of source based NAT sessions (e.g. internal client\nto internet).\n\nTypically connections traversing load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the client to the server.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the client.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered client domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'cloud', + title: 'Cloud', + group: 2, + description: 'Fields related to the cloud or infrastructure the events are coming\nfrom.', + footnote: + 'Examples: If Metricbeat is running on an EC2 host and fetches data\nfrom its host, the cloud info contains the data about this machine. If Metricbeat\nruns on a remote machine outside the cloud and fetches data from a service running\nin the cloud, the field contains cloud data from the machine the service is\nrunning on.', + type: 'group', + fields: [ + { + name: 'account.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The cloud account or organization id used to identify different\nentities in a multi-tenant environment.\n\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier.', + example: 666777888999, + }, + { + name: 'availability_zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Availability zone in which this host is running.', + example: 'us-east-1c', + }, + { + name: 'instance.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Instance ID of the host machine.', + example: 'i-1234567890abcdef0', + }, + { + name: 'instance.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Instance name of the host machine.', + }, + { + name: 'machine.type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Machine type of the host machine.', + example: 't2.medium', + }, + { + name: 'provider', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the cloud provider. Example values are aws, azure, gcp,\nor digitalocean.', + example: 'aws', + }, + { + name: 'region', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Region in which this host is running.', + example: 'us-east-1', + }, + ], + }, + { + name: 'code_signature', + title: 'Code Signature', + group: 2, + description: 'These fields contain information about binary code signatures.', + type: 'group', + fields: [ + { + name: 'exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + ], + }, + { + name: 'container', + title: 'Container', group: 2, - level: 'core', - name: 'error.message', - required: false, - type: 'text', - }, - }, - group: 2, - name: 'error', - title: 'Error', - type: 'group', - }, - event: { - description: - 'The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host.\n', - fields: { - 'event.action': { description: - 'The action captured by the event.\nThis describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', - footnote: '', + 'Container fields are used for meta information about the specific\ncontainer that is the source of information.\n\nThese fields help correlate data based containers from any runtime.', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique container id.', + }, + { + name: 'image.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the image the container was built on.', + }, + { + name: 'image.tag', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Container image tags.', + }, + { + name: 'labels', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: 'Image labels.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Container name.', + }, + { + name: 'runtime', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Runtime managing this container.', + example: 'docker', + }, + ], + }, + { + name: 'destination', + title: 'Destination', group: 2, - level: 'core', - name: 'event.action', - required: false, - type: 'keyword', - }, - 'event.category': { description: - 'Event category.\nThis contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'user-management', - footnote: '', + 'Destination fields describe details about the destination of a packet/event.\n\nDestination fields are usually populated in conjunction with source fields.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event destination addresses are defined ambiguously. The\nevent will sometimes list an IP, a domain or a unix socket. You should always\nstore the raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the destination to the source.', + example: 184, + }, + { + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Destination domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: 'IP address of the destination (IPv4 or IPv6).', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the destination.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Port the source session is translated to by NAT Device.\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the destination to the source.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the destination.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered destination domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'dll', + title: 'DLL', group: 2, - level: 'core', - name: 'event.category', - required: false, - type: 'keyword', - }, - 'event.created': { description: - 'event.created contains the date when the event was created.\nThis timestamp is distinct from @timestamp in that @timestamp contains the processed timestamp. For logs these two timestamps can be different as the timestamp in the log line and when the event is read for example by Filebeat are not identical. `@timestamp` must contain the timestamp extracted from the log line, event.created when the log line is read. The same could apply to package capturing where @timestamp contains the timestamp extracted from the network package and event.created when the event was created.\nIn case the two timestamps are identical, @timestamp should be used.', - example: '', - footnote: '', + 'These fields contain information about code libraries dynamically\nloaded into processes.\n\n\nMany operating systems refer to "shared code libraries" with different names,\nbut this field set refers to all of the following:\n\n* Dynamic-link library (`.dll`) commonly used on Windows\n\n* Shared Object (`.so`) commonly used on Unix-like operating systems\n\n* Dynamic library (`.dylib`) commonly used on macOS', + type: 'group', + fields: [ + { + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + default_field: false, + }, + { + name: 'hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + default_field: false, + }, + { + name: 'hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + default_field: false, + }, + { + name: 'hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + default_field: false, + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the library.\n\nThis generally maps to the name of the file on disk.', + example: 'kernel32.dll', + default_field: false, + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Full file path of the library.', + example: 'C:\\Windows\\System32\\kernel32.dll', + default_field: false, + }, + { + name: 'pe.architecture', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'CPU architecture target for the file.', + example: 'x64', + default_field: false, + }, + { + name: 'pe.company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'pe.description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'pe.file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'pe.imphash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash of the imports in a PE file. An imphash -- or import hash\n-- can be used to fingerprint binaries even after recompilation or other code-level\ntransformations have occurred, which would change more traditional hash values.\n\nLearn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html.', + example: '0c6803c4e922103c4dca5963aad36ddf', + default_field: false, + }, + { + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + ], + }, + { + name: 'dns', + title: 'DNS', group: 2, - level: 'core', - name: 'event.created', - required: false, - type: 'date', - }, - 'event.dataset': { description: - 'Name of the dataset.\nThe concept of a `dataset` (fileset / metricset) is used in Beats as a subset of modules. It contains the information which is currently stored in metricset.name and metricset.module or fileset.name.', - example: 'stats', - footnote: '', + 'Fields describing DNS queries and answers.\n\nDNS events should either represent a single DNS query prior to getting answers\n(`dns.type:query`) or they should represent a full exchange and contain the\nquery details as well as all of the answers that were provided for this query\n(`dns.type:answer`).', + type: 'group', + fields: [ + { + name: 'answers', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'An array containing an object for each answer section returned\nby the server.\n\nThe main keys that should be present in these objects are defined by ECS.\nRecords that have more information may contain more keys than what ECS defines.\n\nNot all DNS data sources give all details about DNS answers. At minimum, answer\nobjects must contain the `data` key. If more information is available, map\nas much of it to ECS as possible, and add any additional fields to the answer\nobjects as custom fields.', + }, + { + name: 'answers.class', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The class of DNS data contained in this resource record.', + example: 'IN', + }, + { + name: 'answers.data', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The data describing the resource.\n\nThe meaning of this data depends on the type and class of the resource record.', + example: '10.10.10.10', + }, + { + name: 'answers.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The domain name to which this resource record pertains.\n\nIf a chain of CNAME is being resolved, each answer `name` should be the\none that corresponds with the answer `data`. It should not simply be the\noriginal `question.name` repeated.', + example: 'www.google.com', + }, + { + name: 'answers.ttl', + level: 'extended', + type: 'long', + description: + 'The time interval in seconds that this resource record may be cached\nbefore it should be discarded. Zero values mean that the data should not be\ncached.', + example: 180, + }, + { + name: 'answers.type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The type of data contained in this resource record.', + example: 'CNAME', + }, + { + name: 'header_flags', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of 2 letter DNS header flags.\n\nExpected values are: AA, TC, RD, RA, AD, CD, DO.', + example: ['RD', 'RA'], + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The DNS packet identifier assigned by the program that generated\nthe query. The identifier is copied to the response.', + example: 62111, + }, + { + name: 'op_code', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The DNS operation code that specifies the kind of query in the\nmessage. This value is set by the originator of a query and copied into the\nresponse.', + example: 'QUERY', + }, + { + name: 'question.class', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The class of records being queried.', + example: 'IN', + }, + { + name: 'question.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The name being queried.\n\nIf the name field contains non-printable characters (below 32 or above 126),\nthose characters should be represented as escaped base 10 integers (\\DDD).\nBack slashes and quotes should be escaped. Tabs, carriage returns, and line\nfeeds should be converted to \\t, \\r, and \\n respectively.', + example: 'www.google.com', + }, + { + name: 'question.registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'question.subdomain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The subdomain is all of the labels under the registered_domain.\n\nIf the domain has multiple levels of subdomain, such as "sub2.sub1.example.com",\nthe subdomain field should contain "sub2.sub1", with no trailing period.', + example: 'www', + }, + { + name: 'question.top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'question.type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The type of record being queried.', + example: 'AAAA', + }, + { + name: 'resolved_ip', + level: 'extended', + type: 'ip', + description: + 'Array containing all IPs seen in `answers.data`.\n\nThe `answers` array can be difficult to use, because of the variety of data\nformats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip`\nmakes it possible to index them as IP addresses, and makes them easier to\nvisualize and query for.', + example: ['10.10.10.10', '10.10.10.11'], + }, + { + name: 'response_code', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The DNS response code.', + example: 'NOERROR', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of DNS event captured, query or answer.\n\nIf your source of DNS events only gives you DNS queries, you should only create\ndns events of type `dns.type:query`.\n\nIf your source of DNS events gives you answers as well, you should create\none event per query (optionally as soon as the query is seen). And a second\nevent containing all query details as well as an array of answers.', + example: 'answer', + }, + ], + }, + { + name: 'ecs', + title: 'ECS', + group: 2, + description: 'Meta-information specific to ECS.', + type: 'group', + fields: [ + { + name: 'version', + level: 'core', + required: true, + type: 'keyword', + ignore_above: 1024, + description: + 'ECS version this event conforms to. `ecs.version` is a required\nfield and must exist in all events.\n\nWhen querying across multiple indices -- which may conform to slightly different\nECS versions -- this field lets integrations adjust to the schema version\nof the events.', + example: '1.0.0', + }, + ], + }, + { + name: 'error', + title: 'Error', group: 2, - level: 'core', - name: 'event.dataset', - required: false, - type: 'keyword', - }, - 'event.duration': { description: - 'Duration of the event in nanoseconds.\nIf event.start and event.end are known this value should be the difference between the end and start time.', - example: '', - footnote: '', + 'These fields can represent errors of any kind.\n\nUse them for errors that happen while fetching events or in cases where the\nevent itself contains an error.', + type: 'group', + fields: [ + { + name: 'code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Error code describing the error.', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the error.', + }, + { + name: 'message', + level: 'core', + type: 'text', + description: 'Error message.', + }, + { + name: 'stack_trace', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The stack trace of this error in plain text.', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The type of the error, for example the class name of the exception.', + example: 'java.lang.NullPointerException', + }, + ], + }, + { + name: 'event', + title: 'Event', group: 2, - level: 'core', - name: 'event.duration', - required: false, - type: 'long', - }, - 'event.end': { description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: '', - footnote: '', + 'The event fields are used for context information about the log\nor metric event itself.\n\nA log is defined as an event containing details of something that happened.\nLog events must include the time at which the thing happened. Examples of log\nevents include a process starting on a host, a network packet being sent from\na source to a destination, or a network connection between a client and a server\nbeing initiated or closed. A metric is defined as an event containing one or\nmore numerical measurements and the time at which the measurement was taken.\nExamples of metric events include memory pressure measured on a host and device\ntemperature. See the `event.kind` definition in this section for additional\ndetails about metric and state events.', + type: 'group', + fields: [ + { + name: 'action', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The action captured by the event.\n\nThis describes the information in the event. It is more specific than `event.category`.\nExamples are `group-add`, `process-started`, `file-created`. The value is\nnormally defined by the implementer.', + example: 'user-password-change', + }, + { + name: 'category', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nsecond level in the ECS category hierarchy.\n\n`event.category` represents the "big buckets" of ECS categories. For example,\nfiltering on `event.category:process` yields all events relating to process\nactivity. This field is closely related to `event.type`, which is used as\na subcategory.\n\nThis field is an array. This will allow proper categorization of some events\nthat fall in multiple categories.', + example: 'authentication', + }, + { + name: 'code', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Identification code for this event, if one exists.\n\nSome event sources use event codes to identify messages unambiguously, regardless\nof message language or wording adjustments over time. An example of this is\nthe Windows Event ID.', + example: 4648, + }, + { + name: 'created', + level: 'core', + type: 'date', + description: + 'event.created contains the date/time when the event was first\nread by an agent, or by your pipeline.\n\nThis field is distinct from @timestamp in that @timestamp typically contain\nthe time extracted from the original event.\n\nIn most situations, these two timestamps will be slightly different. The difference\ncan be used to calculate the delay between your source generating an event,\nand the time when your agent first processed it. This can be used to monitor\nyour agent or pipeline ability to keep up with your event source.\n\nIn case the two timestamps are identical, @timestamp should be used.', + example: '2016-05-23T08:05:34.857Z', + }, + { + name: 'dataset', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the dataset.\n\nIf an event source publishes more than one type of log or events (e.g. access\nlog, error log), the dataset is used to specify which one the event comes\nfrom.\n\nIt is recommended but not required to start the dataset name with the module\nname, followed by a dot, then the dataset name.', + example: 'apache.access', + }, + { + name: 'duration', + level: 'core', + type: 'long', + format: 'duration', + input_format: 'nanoseconds', + output_format: 'asMilliseconds', + output_precision: 1, + description: + 'Duration of the event in nanoseconds.\n\nIf event.start and event.end are known this value should be the difference\nbetween the end and start time.', + }, + { + name: 'end', + level: 'extended', + type: 'date', + description: + 'event.end contains the date when the event ended or when the activity\nwas last observed.', + }, + { + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Hash (perhaps logstash fingerprint) of raw field to be able to\ndemonstrate log integrity.', + example: '123456789012345678901234567890ABCD', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique ID to describe the event.', + example: '8a4f500d', + }, + { + name: 'ingested', + level: 'core', + type: 'date', + description: + 'Timestamp when an event arrived in the central data store.\n\nThis is different from `@timestamp`, which is when the event originally occurred. It is\nalso different from `event.created`, which is meant to capture the first time\nan agent saw the event.\n\nIn normal conditions, assuming no tampering, the timestamps should chronologically\nlook like this: `@timestamp` < `event.created` < `event.ingested`.', + example: '2016-05-23T08:05:35.101Z', + default_field: false, + }, + { + name: 'kind', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nhighest level in the ECS category hierarchy.\n\n`event.kind` gives high-level information about what type of information the\nevent contains, without being specific to the contents of the event. For example,\nvalues of this field distinguish alert events from metric events.\n\nThe value of this field can be used to inform how these kinds of events should\nbe handled. They may warrant different retention, different access control,\nit may also help understand whether the data coming in at a regular interval\nor not.', + example: 'alert', + }, + { + name: 'module', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the module this data is coming from.\n\nIf your monitoring agent supports the concept of modules or plugins to process\nevents of a given source (e.g. Apache logs), `event.module` should contain\nthe name of this module.', + example: 'apache', + }, + { + name: 'original', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Raw text message of entire event. Used to demonstrate log integrity.\n\nThis field is not indexed and doc_values are disabled. It cannot be searched,\nbut it can be retrieved from `_source`.', + example: + 'Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100|\nworm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232', + }, + { + name: 'outcome', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nlowest level in the ECS category hierarchy.\n\n`event.outcome` simply denotes whether the event represents a success or a\nfailure from the perspective of the entity that produced the event.\n\nNote that when a single transaction is described in multiple events, each\nevent may populate different values of `event.outcome`, according to their\nperspective.\n\nAlso note that in the case of a compound event (a single event that contains\nmultiple logical events), this field should be populated with the value that\nbest captures the overall success or failure from the perspective of the event\nproducer.\n\nFurther note that not all events will have an associated outcome. For example,\nthis field is generally not populated for metric events, events with `event.type:info`,\nor any events for which an outcome does not make logical sense.', + example: 'success', + }, + { + name: 'provider', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Source of the event.\n\nEvent transports such as Syslog or the Windows Event Log typically mention\nthe source of an event. It can be the name of the software that generated\nthe event (e.g. Sysmon, httpd), or of a subsystem of the operating system\n(kernel, Microsoft-Windows-Security-Auditing).', + example: 'kernel', + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Reference URL linking to additional information about this event.\n\nThis URL links to a static definition of the this event. Alert events, indicated\nby `event.kind:alert`, are a common use case for this field.', + example: 'https://system.vendor.com/event/#0001234', + default_field: false, + }, + { + name: 'risk_score', + level: 'core', + type: 'float', + description: + "Risk score or priority of the event (e.g. security solutions).\nUse your system's original value here.", + }, + { + name: 'risk_score_norm', + level: 'extended', + type: 'float', + description: + 'Normalized risk score or priority of the event, on a scale of\n0 to 100.\n\nThis is mainly useful if you use more than one system that assigns risk scores,\nand you want to see a normalized value across all systems.', + }, + { + name: 'sequence', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Sequence number of the event.\n\nThe sequence number is a value published by some event sources, to make the\nexact ordering of events unambiguous, regardless of the timestamp precision.', + }, + { + name: 'severity', + level: 'core', + type: 'long', + format: 'string', + description: + 'The numeric severity of the event according to your event source.\n\nWhat the different severity values mean can be different between sources and\nuse cases. It is up to the implementer to make sure severities are consistent\nacross events from the same source.\n\nThe Syslog severity belongs in `log.syslog.severity.code`. `event.severity`\nis meant to represent the severity according to the event source (e.g. firewall,\nIDS). If the event source does not publish its own severity, you may optionally\ncopy the `log.syslog.severity.code` to `event.severity`.', + example: 7, + }, + { + name: 'start', + level: 'extended', + type: 'date', + description: + 'event.start contains the date when the event started or when the\nactivity was first observed.', + }, + { + name: 'timezone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'This field should be populated when the event timestamp does\nnot include timezone information already (e.g. default Syslog timestamps).\nIt is optional otherwise.\n\nAcceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"),\nabbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00").', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nthird level in the ECS category hierarchy.\n\n`event.type` represents a categorization "sub-bucket" that, when used along\nwith the `event.category` field values, enables filtering events down to a\nlevel appropriate for single visualization.\n\nThis field is an array. This will allow proper categorization of some events\nthat fall in multiple event types.', + }, + { + name: 'url', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'URL linking to an external system to continue investigation of\nthis event.\n\nThis URL links to another system where in-depth investigation of the specific\noccurence of this event can take place. Alert events, indicated by `event.kind:alert`,\nare a common use case for this field.', + example: 'https://mysystem.mydomain.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe', + default_field: false, + }, + ], + }, + { + name: 'file', + title: 'File', group: 2, - level: 'extended', - name: 'event.end', - required: false, - type: 'date', - }, - 'event.hash': { description: - 'Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity.', - example: '123456789012345678901234567890ABCD', - footnote: '', - group: 2, - level: 'extended', - name: 'event.hash', - required: false, - type: 'keyword', - }, - 'event.id': { - description: 'Unique ID to describe the event.', - example: '8a4f500d', - footnote: '', + 'A file is defined as a set of information that has been created\non, or has existed on a filesystem.\n\nFile objects can be associated with host events, network events, and/or file\nevents (e.g., those produced by File Integrity Monitoring [FIM] products or\nservices). File fields provide details about the affected file associated with\nthe event or metric.', + type: 'group', + fields: [ + { + name: 'accessed', + level: 'extended', + type: 'date', + description: + 'Last time the file was accessed.\n\nNote that not all filesystems keep track of access time.', + }, + { + name: 'attributes', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of file attributes.\n\nAttributes names will vary by platform. Here is a non-exhaustive list of values\nthat are expected in this field: archive, compressed, directory, encrypted,\nexecute, hidden, read, readonly, system, write.', + example: '["readonly", "system"]', + default_field: false, + }, + { + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'created', + level: 'extended', + type: 'date', + description: + 'File creation time.\n\nNote that not all filesystems store the creation time.', + }, + { + name: 'ctime', + level: 'extended', + type: 'date', + description: + 'Last time the file attributes or metadata changed.\n\nNote that changes to the file content will update `mtime`. This implies `ctime`\nwill be adjusted at the same time, since `mtime` is an attribute of the file.', + }, + { + name: 'device', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Device that is the source of the file.', + example: 'sda', + }, + { + name: 'directory', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Directory where the file is located. It should include the drive\nletter, when appropriate.', + example: '/home/alice', + }, + { + name: 'drive_letter', + level: 'extended', + type: 'keyword', + ignore_above: 1, + description: + 'Drive letter where the file is located. This field is only relevant\non Windows.\n\nThe value should be uppercase, and not include the colon.', + example: 'C', + default_field: false, + }, + { + name: 'extension', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'File extension.', + example: 'png', + }, + { + name: 'gid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Primary group ID (GID) of the file.', + example: '1001', + }, + { + name: 'group', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Primary group name of the file.', + example: 'alice', + }, + { + name: 'hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + }, + { + name: 'hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + }, + { + name: 'hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + }, + { + name: 'hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + }, + { + name: 'inode', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Inode representing the file in the filesystem.', + example: '256383', + }, + { + name: 'mime_type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'MIME type should identify the format of the file or stream of bytes\nusing https://www.iana.org/assignments/media-types/media-types.xhtml[IANA\nofficial types], where possible. When more than one type is applicable, the\nmost specific type should be used.', + default_field: false, + }, + { + name: 'mode', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Mode of the file in octal representation.', + example: '0640', + }, + { + name: 'mtime', + level: 'extended', + type: 'date', + description: 'Last time the file content was modified.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the file including the extension, without the directory.', + example: 'example.png', + }, + { + name: 'owner', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: "File owner's username.", + example: 'alice', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Full path to the file, including the file name. It should include\nthe drive letter, when appropriate.', + example: '/home/alice/example.png', + }, + { + name: 'pe.architecture', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'CPU architecture target for the file.', + example: 'x64', + default_field: false, + }, + { + name: 'pe.company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'pe.description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'pe.file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'pe.imphash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash of the imports in a PE file. An imphash -- or import hash\n-- can be used to fingerprint binaries even after recompilation or other code-level\ntransformations have occurred, which would change more traditional hash values.\n\nLearn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html.', + example: '0c6803c4e922103c4dca5963aad36ddf', + default_field: false, + }, + { + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + { + name: 'size', + level: 'extended', + type: 'long', + description: 'File size in bytes.\n\nOnly relevant when `file.type` is "file".', + example: 16384, + }, + { + name: 'target_path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Target path for symlinks.', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'File type (file, dir, or symlink).', + example: 'file', + }, + { + name: 'uid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The user ID (UID) or security identifier (SID) of the file owner.', + example: '1001', + }, + ], + }, + { + name: 'geo', + title: 'Geo', group: 2, - level: 'core', - name: 'event.id', - required: false, - type: 'keyword', - }, - 'event.kind': { description: - 'The kind of the event.\nThis gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'state', - footnote: '', + 'Geo fields can carry data about a specific location related to an\nevent.\n\nThis geolocation information can be derived from techniques such as Geo IP,\nor be user-supplied.', + type: 'group', + fields: [ + { + name: 'city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + ], + }, + { + name: 'group', + title: 'Group', group: 2, - level: 'extended', - name: 'event.kind', - required: false, - type: 'keyword', - }, - 'event.module': { description: - 'Name of the module this data is coming from.\nThis information is coming from the modules used in Beats or Logstash.', - example: 'mysql', - footnote: '', + 'The group fields are meant to represent groups that are relevant\nto the event.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + ], + }, + { + name: 'hash', + title: 'Hash', group: 2, - level: 'core', - name: 'event.module', - required: false, - type: 'keyword', - }, - 'event.original': { description: - 'Raw text message of entire event. Used to demonstrate log integrity.\nThis field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`.', - example: - 'Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232', - footnote: '', + 'The hash fields represent different hash algorithms and their values.\n\nField names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for\nother hashes by lowercasing the hash algorithm name and using underscore separators\nas appropriate (snake case, e.g. sha3_512).', + type: 'group', + fields: [ + { + name: 'md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + }, + { + name: 'sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + }, + { + name: 'sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + }, + { + name: 'sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + }, + ], + }, + { + name: 'host', + title: 'Host', group: 2, - level: 'core', - name: 'event.original', - required: false, - type: '(not indexed)', - }, - 'event.outcome': { description: - 'The outcome of the event.\nIf the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'success', - footnote: '', + 'A host is defined as a general computing instance.\n\nECS host.* fields should be populated with details about the host on which the\nevent happened, or from which the measurement was taken. Host types include\nhardware, virtual machines, Docker containers, and Kubernetes nodes.', + type: 'group', + fields: [ + { + name: 'architecture', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system architecture.', + example: 'x86_64', + }, + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the domain of which the host is a member.\n\nFor example, on Windows this could be the host Active Directory domain\nor NetBIOS domain name. For Linux this could be the domain of the host\nLDAP provider.', + example: 'CONTOSO', + default_field: false, + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'hostname', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Hostname of the host.\n\nIt normally contains what the `hostname` command returns on the host machine.', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique host id.\n\nAs hostname is not always unique, use values that are meaningful in your environment.\n\nExample: The current usage of `beat.name`.', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: 'Host ip addresses.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Host mac addresses.', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the host.\n\nIt can contain what `hostname` returns on Unix systems, the fully qualified\ndomain name, or a name specified by the user. The sender decides which value\nto use.', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Type of host.\n\nFor Cloud providers this can be the machine type like `t2.medium`. If vm,\nthis could be the container, for example, or other information meaningful\nin your environment.', + }, + { + name: 'uptime', + level: 'extended', + type: 'long', + description: 'Seconds the host has been up.', + example: 1325, + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'http', + title: 'HTTP', group: 2, - level: 'extended', - name: 'event.outcome', - required: false, - type: 'keyword', - }, - 'event.risk_score': { description: - "Risk score or priority of the event (e.g. security solutions). Use your system's original value here.", - example: '', - footnote: '', + 'Fields related to HTTP activity. Use the `url` field set to store\nthe url of the request.', + type: 'group', + fields: [ + { + name: 'request.body.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Size in bytes of the request body.', + example: 887, + }, + { + name: 'request.body.content', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The full HTTP request body.', + example: 'Hello world', + }, + { + name: 'request.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Total size in bytes of the request (body and headers).', + example: 1437, + }, + { + name: 'request.method', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'HTTP request method.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'get, post, put', + }, + { + name: 'request.referrer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Referrer for this HTTP request.', + example: 'https://blog.example.com/', + }, + { + name: 'response.body.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Size in bytes of the response body.', + example: 887, + }, + { + name: 'response.body.content', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The full HTTP response body.', + example: 'Hello world', + }, + { + name: 'response.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Total size in bytes of the response (body and headers).', + example: 1437, + }, + { + name: 'response.status_code', + level: 'extended', + type: 'long', + format: 'string', + description: 'HTTP response status code.', + example: 404, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'HTTP version.', + example: 1.1, + }, + ], + }, + { + name: 'interface', + title: 'Interface', group: 2, - level: 'core', - name: 'event.risk_score', - required: false, - type: 'float', - }, - 'event.risk_score_norm': { description: - 'Normalized risk score or priority of the event, on a scale of 0 to 100.\nThis is mainly useful if you use more than one system that assigns risk scores, and you want to see a normalized value across all systems.', - example: '', - footnote: '', + 'The interface fields are used to record ingress and egress interface\ninformation when reported by an observer (e.g. firewall, router, load balancer)\nin the context of the observer handling a network connection. In the case of\na single observer interface (e.g. network sensor on a span port) only the observer.ingress\ninformation should be populated.', + type: 'group', + fields: [ + { + name: 'alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, + }, + ], + }, + { + name: 'log', + title: 'Log', group: 2, - level: 'extended', - name: 'event.risk_score_norm', - required: false, - type: 'float', - }, - 'event.severity': { description: - "Severity describes the severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events.", - example: '7', - footnote: '', + 'Details about the event logging mechanism or logging transport.\n\nThe log.* fields are typically populated with details about the logging mechanism\nused to create and/or transport the event. For example, syslog details belong\nunder `log.syslog.*`.\n\nThe details specific to your event source are typically not logged under `log.*`,\nbut rather in `event.*` or in other ECS fields.', + type: 'group', + fields: [ + { + name: 'file.path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + "Full path to the log file this event came from, including the\nfile name. It should include the drive letter, when appropriate.\n\nIf the event wasn't read from a log file, do not populate this field.", + example: '/var/log/fun-times.log', + default_field: false, + }, + { + name: 'level', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Original log level of the log event.\n\nIf the source of the event provides a log level or textual severity, this\nis the one that goes in `log.level`. If your source does not specify one,\nyou may put your event transport severity here (e.g. Syslog severity).\n\nSome examples are `warn`, `err`, `i`, `informational`.', + example: 'error', + }, + { + name: 'logger', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The name of the logger inside an application. This is usually the\nname of the class which initialized the logger, or can be a custom name.', + example: 'org.elasticsearch.bootstrap.Bootstrap', + }, + { + name: 'origin.file.line', + level: 'extended', + type: 'integer', + description: + 'The line number of the file containing the source code which originated\nthe log event.', + example: 42, + }, + { + name: 'origin.file.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The name of the file containing the source code which originated\nthe log event.\n\nNote that this field is not meant to capture the log file. The correct field\nto capture the log file is `log.file.path`.', + example: 'Bootstrap.java', + }, + { + name: 'origin.function', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the function or method which originated the log event.', + example: 'init', + }, + { + name: 'original', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is the original log message and contains the full log message\nbefore splitting it up in multiple parts.\n\nIn contrast to the `message` field which can contain an extracted part of\nthe log message, this field contains the original, full log message. It can\nhave already some modifications applied like encoding or new lines removed\nto clean up the log message.\n\nThis field is not indexed and doc_values are disabled so it cannot be queried\nbut the value can be retrieved from `_source`.', + example: 'Sep 19 08:26:10 localhost My log', + }, + { + name: 'syslog', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'The Syslog metadata of the event, if the event was transmitted\nvia Syslog. Please see RFCs 5424 or 3164.', + }, + { + name: 'syslog.facility.code', + level: 'extended', + type: 'long', + format: 'string', + description: + 'The Syslog numeric facility of the log event, if available.\n\nAccording to RFCs 5424 and 3164, this value should be an integer between 0\nand 23.', + example: 23, + }, + { + name: 'syslog.facility.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The Syslog text-based facility of the log event, if available.', + example: 'local7', + }, + { + name: 'syslog.priority', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Syslog numeric priority of the event, if available.\n\nAccording to RFCs 5424 and 3164, the priority is 8 * facility + severity.\nThis number is therefore expected to contain a value between 0 and 191.', + example: 135, + }, + { + name: 'syslog.severity.code', + level: 'extended', + type: 'long', + description: + 'The Syslog numeric severity of the log event, if available.\n\nIf the event source publishing via Syslog provides a different numeric severity\nvalue (e.g. firewall, IDS), your source numeric severity should go to `event.severity`.\nIf the event source does not specify a distinct severity, you can optionally\ncopy the Syslog severity to `event.severity`.', + example: 3, + }, + { + name: 'syslog.severity.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The Syslog numeric severity of the log event, if available.\n\nIf the event source publishing via Syslog provides a different severity value\n(e.g. firewall, IDS), your source text severity should go to `log.level`.\nIf the event source does not specify a distinct severity, you can optionally\ncopy the Syslog severity to `log.level`.', + example: 'Error', + }, + ], + }, + { + name: 'network', + title: 'Network', group: 2, - level: 'core', - name: 'event.severity', - required: false, - type: 'long', - }, - 'event.start': { description: - 'event.start contains the date when the event started or when the activity was first observed.', - example: '', - footnote: '', + 'The network is defined as the communication path over which a host\nor network event happens.\n\nThe network.* fields should be populated with details about the network activity\nassociated with an event.', + type: 'group', + fields: [ + { + name: 'application', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A name given to an application level protocol. This can be arbitrarily\nassigned for things like microservices, but also apply to things like skype,\nicq, facebook, twitter. This would be used in situations where the vendor\nor service can be decoded such as from the source/dest IP owners, ports, or\nwire format.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'aim', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: + 'Total bytes transferred in both directions.\n\nIf `source.bytes` and `destination.bytes` are known, `network.bytes` is their\nsum.', + example: 368, + }, + { + name: 'community_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash of source and destination IPs and ports, as well as the\nprotocol used in a communication. This is a tool-agnostic standard to identify\nflows.\n\nLearn more at https://github.com/corelight/community-id-spec.', + example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=', + }, + { + name: 'direction', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + "Direction of the network traffic.\nRecommended values are:\n * inbound\n * outbound\n * internal\n * external\n * unknown\n\nWhen mapping events from a host-based monitoring context, populate this field from the host's point of view.\nWhen mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter.", + example: 'inbound', + }, + { + name: 'forwarded_ip', + level: 'core', + type: 'ip', + description: 'Host IP address when the source IP address is the proxy.', + example: '192.1.1.2', + }, + { + name: 'iana_number', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).\nStandardized list of protocols. This aligns well with NetFlow and sFlow related\nlogs which use the IANA Protocol Number.', + example: 6, + }, + { + name: 'inner', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'Network.inner fields are added in addition to network.vlan fields\nto describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed\nfields include vlan.id and vlan.name. Inner vlan fields are typically used\nwhen sending traffic with multiple 802.1q encapsulations to a network sensor\n(e.g. Zeek, Wireshark.)', + default_field: false, + }, + { + name: 'inner.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'inner.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name given by operators to sections of their network.', + example: 'Guest Wifi', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: + 'Total packets transferred in both directions.\n\nIf `source.packets` and `destination.packets` are known, `network.packets`\nis their sum.', + example: 24, + }, + { + name: 'protocol', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'L7 Network protocol name. ex. http, lumberjack, transport protocol.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'http', + }, + { + name: 'transport', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Same as network.iana_number, but instead using the Keyword name\nof the transport layer (udp, tcp, ipv6-icmp, etc.)\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'tcp', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'In the OSI Model this would be the Network Layer. ipv4, ipv6,\nipsec, pim, etc\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'ipv4', + }, + { + name: 'vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + ], + }, + { + name: 'observer', + title: 'Observer', group: 2, - level: 'extended', - name: 'event.start', - required: false, - type: 'date', - }, - 'event.timezone': { description: - 'This field should be populated when the event\'s timestamp does not include timezone information already (e.g. default Syslog timestamps). It\'s optional otherwise.\nAcceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00").', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'event.timezone', - required: false, - type: 'keyword', - }, - 'event.type': { - description: 'Reserved for future usage.\nPlease avoid using this field for user data.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'event.type', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'event', - title: 'Event', - type: 'group', - }, - file: { - description: - 'A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.\n', - fields: { - 'file.ctime': { - description: 'Last time file metadata changed.', - example: '', - footnote: '', + 'An observer is defined as a special network, security, or application\ndevice used to detect, observe, or create network, security, or application-related\nevents and metrics.\n\nThis could be a custom hardware appliance or a server that has been configured\nto run special network, security, or application software. Examples include\nfirewalls, web proxies, intrusion detection/prevention systems, network monitoring\nsensors, web application firewalls, data loss prevention systems, and APM servers.\nThe observer.* fields shall be populated with details of the system, if any,\nthat detects, observes and/or creates a network, security, or application event\nor metric. Message queues and ETL components used in processing events or metrics\nare not considered observers in ECS.', + type: 'group', + fields: [ + { + name: 'egress', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'Observer.egress holds information like interface number and name,\nvlan, and zone information to classify egress traffic. Single armed monitoring\nsuch as a network sensor on a span port should only use observer.ingress\nto categorize traffic.', + default_field: false, + }, + { + name: 'egress.interface.alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'egress.interface.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'egress.interface.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, + }, + { + name: 'egress.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'egress.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'egress.zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Network zone of outbound traffic as reported by the observer to\ncategorize the destination area of egress traffic, e.g. Internal, External,\nDMZ, HR, Legal, etc.', + example: 'Public_Internet', + default_field: false, + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'hostname', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Hostname of the observer.', + }, + { + name: 'ingress', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'Observer.ingress holds information like interface number and name,\nvlan, and zone information to classify ingress traffic. Single armed monitoring\nsuch as a network sensor on a span port should only use observer.ingress\nto categorize traffic.', + default_field: false, + }, + { + name: 'ingress.interface.alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'ingress.interface.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'ingress.interface.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, + }, + { + name: 'ingress.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'ingress.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'ingress.zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Network zone of incoming traffic as reported by the observer to\ncategorize the source area of ingress traffic. e.g. internal, External, DMZ,\nHR, Legal, etc.', + example: 'DMZ', + default_field: false, + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: 'IP addresses of the observer.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC addresses of the observer', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Custom name of the observer.\n\nThis is a name that can be given to an observer. This can be helpful for example\nif multiple firewalls of the same model are used in an organization.\n\nIf no custom name is needed, the field can be left empty.', + example: '1_proxySG', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The product name of the observer.', + example: 's200', + }, + { + name: 'serial_number', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Observer serial number.', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of the observer the data is coming from.\n\nThere is no predefined list of observer types. Some examples are `forwarder`,\n`firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`.', + example: 'firewall', + }, + { + name: 'vendor', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Vendor name of the observer.', + example: 'Symantec', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Observer version.', + }, + ], + }, + { + name: 'organization', + title: 'Organization', group: 2, - level: 'extended', - name: 'file.ctime', - required: false, - type: 'date', - }, - 'file.device': { - description: 'Device that is the source of the file.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'file.device', - required: false, - type: 'keyword', - }, - 'file.extension': { - description: 'File extension.\nThis should allow easy filtering by file extensions.', - example: 'png', - footnote: '', - group: 2, - level: 'extended', - name: 'file.extension', - required: false, - type: 'keyword', - }, - 'file.gid': { - description: 'Primary group ID (GID) of the file.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'file.gid', - required: false, - type: 'keyword', - }, - 'file.group': { - description: 'Primary group name of the file.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'file.group', - required: false, - type: 'keyword', - }, - 'file.inode': { - description: 'Inode representing the file in the filesystem.', - example: '', - footnote: '', + description: + 'The organization fields enrich data with information about the company\nor entity the data is associated with.\n\nThese fields help you arrange or filter data stored in an index by one or multiple\norganizations.', + type: 'group', + fields: [ + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the organization.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + }, + ], + }, + { + name: 'os', + title: 'Operating System', + group: 2, + description: 'The OS fields contain information about the operating system.', + type: 'group', + fields: [ + { + name: 'family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + ], + }, + { + name: 'package', + title: 'Package', group: 2, - level: 'extended', - name: 'file.inode', - required: false, - type: 'keyword', - }, - 'file.mode': { - description: 'Mode of the file in octal representation.', - example: '416', - footnote: '', + description: + 'These fields contain information about an installed software package.\nIt contains general information about a package, such as name, version or size.\nIt also contains installation details, such as time or location.', + type: 'group', + fields: [ + { + name: 'architecture', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package architecture.', + example: 'x86_64', + }, + { + name: 'build_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the build version of the installed\npackage.\n\nFor example use the commit SHA of a non-released package.', + example: '36f4f7e89dd61b0988b12ee000b98966867710cd', + default_field: false, + }, + { + name: 'checksum', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Checksum of the installed package for verification.', + example: '68b329da9893e34099c7d8ad5cb9c940', + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Description of the package.', + example: + 'Open source programming language to build simple/reliable/efficient\nsoftware.', + }, + { + name: 'install_scope', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Indicating how the package was installed, e.g. user-local, global.', + example: 'global', + }, + { + name: 'installed', + level: 'extended', + type: 'date', + description: 'Time when package was installed.', + }, + { + name: 'license', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'License under which the package was released.\n\nUse a short name, e.g. the license identifier from SPDX License List where\npossible (https://spdx.org/licenses/).', + example: 'Apache License 2.0', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package name', + example: 'go', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Path where the package is installed.', + example: '/usr/local/Cellar/go/1.12.9/', + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Home page or reference URL of the software in this package, if\navailable.', + example: 'https://golang.org', + default_field: false, + }, + { + name: 'size', + level: 'extended', + type: 'long', + format: 'string', + description: 'Package size in bytes.', + example: 62231, + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Type of package.\n\nThis should contain the package file type, rather than the package manager\nname. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar.', + example: 'rpm', + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package version', + example: '1.12.9', + }, + ], + }, + { + name: 'pe', + title: 'PE Header', + group: 2, + description: 'These fields contain Windows Portable Executable (PE) metadata.', + type: 'group', + fields: [ + { + name: 'architecture', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'CPU architecture target for the file.', + example: 'x64', + default_field: false, + }, + { + name: 'company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'imphash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash of the imports in a PE file. An imphash -- or import hash\n-- can be used to fingerprint binaries even after recompilation or other code-level\ntransformations have occurred, which would change more traditional hash values.\n\nLearn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html.', + example: '0c6803c4e922103c4dca5963aad36ddf', + default_field: false, + }, + { + name: 'original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + ], + }, + { + name: 'process', + title: 'Process', group: 2, - level: 'extended', - name: 'file.mode', - required: false, - type: 'keyword', - }, - 'file.mtime': { - description: 'Last time file content was modified.', - example: '', - footnote: '', + description: + 'These fields contain information about a process.\n\nThese fields can help you correlate metrics information with a process id/name\nfrom a log message. The `process.pid` often stays in the metric itself and\nis copied to the global field for correlation.', + type: 'group', + fields: [ + { + name: 'args', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of process arguments, starting with the absolute path to\nthe executable.\n\nMay be filtered to protect sensitive information.', + example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'], + }, + { + name: 'args_count', + level: 'extended', + type: 'long', + description: + 'Length of the process.args array.\n\nThis field can be useful for querying or performing bucket analysis on how\nmany arguments were provided to start a process. More arguments may be an\nindication of suspicious activity.', + example: 4, + default_field: false, + }, + { + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'command_line', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Full command line that started the process, including the absolute\npath to the executable, and all arguments.\n\nSome arguments may be filtered to protect sensitive information.', + example: '/usr/bin/ssh -l user 10.0.0.16', + default_field: false, + }, + { + name: 'entity_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier for the process.\n\nThe implementation of this is specified by the data source, but some examples\nof what could be used here are a process-generated UUID, Sysmon Process GUIDs,\nor a hash of some uniquely identifying components of a process.\n\nConstructing a globally unique identifier is a common practice to mitigate\nPID reuse as well as to identify a specific process over time, across multiple\nmonitored hosts.', + example: 'c2c455d9f99375d', + default_field: false, + }, + { + name: 'executable', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Absolute path to the process executable.', + example: '/usr/bin/ssh', + }, + { + name: 'exit_code', + level: 'extended', + type: 'long', + description: + 'The exit code of the process, if this is a termination event.\n\nThe field should be absent if there is no exit code for the event (e.g. process\nstart).', + example: 137, + default_field: false, + }, + { + name: 'hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + }, + { + name: 'hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + }, + { + name: 'hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + }, + { + name: 'hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Process name.\n\nSometimes called program name or similar.', + example: 'ssh', + }, + { + name: 'parent.args', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of process arguments.\n\nMay be filtered to protect sensitive information.', + example: ['ssh', '-l', 'user', '10.0.0.16'], + default_field: false, + }, + { + name: 'parent.args_count', + level: 'extended', + type: 'long', + description: + 'Length of the process.args array.\n\nThis field can be useful for querying or performing bucket analysis on how\nmany arguments were provided to start a process. More arguments may be an\nindication of suspicious activity.', + example: 4, + default_field: false, + }, + { + name: 'parent.code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'parent.code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'parent.code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'parent.code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'parent.code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'parent.command_line', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Full command line that started the process, including the absolute\npath to the executable, and all arguments.\n\nSome arguments may be filtered to protect sensitive information.', + example: '/usr/bin/ssh -l user 10.0.0.16', + default_field: false, + }, + { + name: 'parent.entity_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier for the process.\n\nThe implementation of this is specified by the data source, but some examples\nof what could be used here are a process-generated UUID, Sysmon Process GUIDs,\nor a hash of some uniquely identifying components of a process.\n\nConstructing a globally unique identifier is a common practice to mitigate\nPID reuse as well as to identify a specific process over time, across multiple\nmonitored hosts.', + example: 'c2c455d9f99375d', + default_field: false, + }, + { + name: 'parent.executable', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Absolute path to the process executable.', + example: '/usr/bin/ssh', + default_field: false, + }, + { + name: 'parent.exit_code', + level: 'extended', + type: 'long', + description: + 'The exit code of the process, if this is a termination event.\n\nThe field should be absent if there is no exit code for the event (e.g. process\nstart).', + example: 137, + default_field: false, + }, + { + name: 'parent.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + default_field: false, + }, + { + name: 'parent.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Process name.\n\nSometimes called program name or similar.', + example: 'ssh', + default_field: false, + }, + { + name: 'parent.pgid', + level: 'extended', + type: 'long', + format: 'string', + description: 'Identifier of the group of processes the process belongs to.', + default_field: false, + }, + { + name: 'parent.pid', + level: 'core', + type: 'long', + format: 'string', + description: 'Process id.', + example: 4242, + default_field: false, + }, + { + name: 'parent.ppid', + level: 'extended', + type: 'long', + format: 'string', + description: "Parent process' pid.", + example: 4241, + default_field: false, + }, + { + name: 'parent.start', + level: 'extended', + type: 'date', + description: 'The time the process started.', + example: '2016-05-23T08:05:34.853Z', + default_field: false, + }, + { + name: 'parent.thread.id', + level: 'extended', + type: 'long', + format: 'string', + description: 'Thread ID.', + example: 4242, + default_field: false, + }, + { + name: 'parent.thread.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Thread name.', + example: 'thread-0', + default_field: false, + }, + { + name: 'parent.title', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Process title.\n\nThe proctitle, some times the same as process name. Can also be different:\nfor example a browser setting its title to the web page currently opened.', + default_field: false, + }, + { + name: 'parent.uptime', + level: 'extended', + type: 'long', + description: 'Seconds the process has been up.', + example: 1325, + default_field: false, + }, + { + name: 'parent.working_directory', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'The working directory of the process.', + example: '/home/alice', + default_field: false, + }, + { + name: 'pe.architecture', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'CPU architecture target for the file.', + example: 'x64', + default_field: false, + }, + { + name: 'pe.company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'pe.description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'pe.file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'pe.imphash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash of the imports in a PE file. An imphash -- or import hash\n-- can be used to fingerprint binaries even after recompilation or other code-level\ntransformations have occurred, which would change more traditional hash values.\n\nLearn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html.', + example: '0c6803c4e922103c4dca5963aad36ddf', + default_field: false, + }, + { + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + { + name: 'pgid', + level: 'extended', + type: 'long', + format: 'string', + description: 'Identifier of the group of processes the process belongs to.', + }, + { + name: 'pid', + level: 'core', + type: 'long', + format: 'string', + description: 'Process id.', + example: 4242, + }, + { + name: 'ppid', + level: 'extended', + type: 'long', + format: 'string', + description: "Parent process' pid.", + example: 4241, + }, + { + name: 'start', + level: 'extended', + type: 'date', + description: 'The time the process started.', + example: '2016-05-23T08:05:34.853Z', + }, + { + name: 'thread.id', + level: 'extended', + type: 'long', + format: 'string', + description: 'Thread ID.', + example: 4242, + }, + { + name: 'thread.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Thread name.', + example: 'thread-0', + }, + { + name: 'title', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Process title.\n\nThe proctitle, some times the same as process name. Can also be different:\nfor example a browser setting its title to the web page currently opened.', + }, + { + name: 'uptime', + level: 'extended', + type: 'long', + description: 'Seconds the process has been up.', + example: 1325, + }, + { + name: 'working_directory', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The working directory of the process.', + example: '/home/alice', + }, + ], + }, + { + name: 'registry', + title: 'Registry', + group: 2, + description: 'Fields related to Windows Registry operations.', + type: 'group', + fields: [ + { + name: 'data.bytes', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Original bytes written with base64 encoding.\n\nFor Windows registry operations, such as SetValueEx and RegQueryValueEx, this\ncorresponds to the data pointed by `lp_data`. This is optional but provides\nbetter recoverability and should be populated for REG_BINARY encoded values.', + example: 'ZQBuAC0AVQBTAAAAZQBuAAAAAAA=', + default_field: false, + }, + { + name: 'data.strings', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Content when writing string types.\n\nPopulated as an array when writing string data to the registry. For single\nstring registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with\none string. For sequences of string with REG_MULTI_SZ, this array will be\nvariable length. For numeric data, such as REG_DWORD and REG_QWORD, this should\nbe populated with the decimal representation (e.g `"1"`).', + example: '["C:\\rta\\red_ttp\\bin\\myapp.exe"]', + default_field: false, + }, + { + name: 'data.type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Standard registry type for encoding contents', + example: 'REG_SZ', + default_field: false, + }, + { + name: 'hive', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Abbreviated name for the hive.', + example: 'HKLM', + default_field: false, + }, + { + name: 'key', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Hive-relative path of keys.', + example: + 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe', + default_field: false, + }, + { + name: 'path', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Full path, including hive, key and value', + example: + 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution\nOptions\\winword.exe\\Debugger', + default_field: false, + }, + { + name: 'value', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the value written.', + example: 'Debugger', + default_field: false, + }, + ], + }, + { + name: 'related', + title: 'Related', group: 2, - level: 'extended', - name: 'file.mtime', - required: false, - type: 'date', - }, - 'file.owner': { - description: "File owner's username.", - example: '', - footnote: '', + description: + 'This field set is meant to facilitate pivoting around a piece of\ndata.\n\nSome pieces of information can be seen in many places in an ECS event. To facilitate\nsearching for them, store an array of all seen values to their corresponding\nfield in `related.`.\n\nA concrete example is IP addresses, which can be under host, observer, source,\ndestination, client, server, and network.forwarded_ip. If you append all IPs\nto `related.ip`, you can then search for a given IP trivially, no matter where\nit appeared, by querying `related.ip:192.0.2.15`.', + type: 'group', + fields: [ + { + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + "All the hashes seen on your event. Populating this field, then\nusing it to search for hashes can help in situations where you're unsure what\nthe hash algorithm is (and therefore which key name to search).", + default_field: false, + }, + { + name: 'ip', + level: 'extended', + type: 'ip', + description: 'All of the IPs seen on your event.', + }, + { + name: 'user', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'All the user names seen on your event.', + default_field: false, + }, + ], + }, + { + name: 'rule', + title: 'Rule', group: 2, - level: 'extended', - name: 'file.owner', - required: false, - type: 'keyword', - }, - 'file.path': { - description: 'Path to the file.', - example: '', - footnote: '', + description: + 'Rule fields are used to capture the specifics of any observer or\nagent rules that generate alerts or other notable events.\n\nExamples of data sources that would populate the rule fields include: network\nadmission control platforms, network or host IDS/IPS, network firewalls, web\napplication firewalls, url filters, endpoint detection and response (EDR) systems,\netc.', + type: 'group', + fields: [ + { + name: 'author', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name, organization, or pseudonym of the author or authors who created\nthe rule used to generate this event.', + example: ['Star-Lord'], + default_field: false, + }, + { + name: 'category', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A categorization value keyword used by the entity using the rule\nfor detection of this event.', + example: 'Attempted Information Leak', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The description of the rule generating the event.', + example: 'Block requests to public DNS over HTTPS / TLS protocols', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A rule ID that is unique within the scope of an agent, observer,\nor other entity using the rule for detection of this event.', + example: 101, + default_field: false, + }, + { + name: 'license', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the license under which the rule used to generate this\nevent is made available.', + example: 'Apache 2.0', + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the rule or signature generating the event.', + example: 'BLOCK_DNS_over_TLS', + default_field: false, + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Reference URL to additional information about the rule used to\ngenerate this event.\n\nThe URL can point to the vendor documentation about the rule. If that is\nnot available, it can also be a link to a more general page describing this\ntype of alert.', + example: 'https://en.wikipedia.org/wiki/DNS_over_TLS', + default_field: false, + }, + { + name: 'ruleset', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the ruleset, policy, group, or parent category in which\nthe rule used to generate this event is a member.', + example: 'Standard_Protocol_Filters', + default_field: false, + }, + { + name: 'uuid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A rule ID that is unique within the scope of a set or group of\nagents, observers, or other entities using the rule for detection of this\nevent.', + example: 1100110011, + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The version / revision of the rule being used for analysis.', + example: 1.1, + default_field: false, + }, + ], + }, + { + name: 'search', + title: 'Search', group: 2, - level: 'extended', - name: 'file.path', - required: false, - type: 'keyword', - }, - 'file.size': { - description: 'File size in bytes (field is only added when `type` is `file`).', - example: '', - footnote: '', + description: + 'The Search fields describe information about a search request event:\nquery or pagination. The fields that should be used with this field set include:\n`event.action` to describe the search action (e.g. `search.query`, `search.page`,\netc.), `event.duration` to describe the duration of a search request, `@timestamp`\nto record the event original timestamp and optionally the `source` fields\nto record context information such as `user.id` or `geo`.', + type: 'group', + fields: [ + { + name: 'query.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'An opaque query identifier. This identifier needs to be unique\nto a user query, and all subsequent events (pagination, clicks) need to have\nthe same query identifier.', + example: '2dc15175-de0d-44db-86d8-8a99f41b7a11', + default_field: false, + }, + { + name: 'query.page', + level: 'extended', + type: 'long', + description: + 'For search results that support pagination, this represents the\ncurrent page being requested. Initial search requests are `1` while subsequent\npage requests are incremental.', + example: 1, + default_field: false, + }, + { + name: 'query.value', + level: 'extended', + type: 'keyword', + ignore_above: 4096, + description: + 'The query string being searched on. This field is not analyzed\nand should not be pre-processed in any way in the event (e.g. normalization\nlist lowercasing). This is useful for search use-cases that use a one- box\nstyle search interface. Other interfaces will have to rely on additional custom\nfields or labels to represent things like filters applied, extra parameters,\nuser context, etc.', + example: 'where does the rain in Spain mainly fall', + default_field: false, + }, + { + name: 'results.ids', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + "A list of opaque document IDs representing the results that were\nshown to the user. This is effectively the impression list and it's size should\nbe equal to `results.size`. This field can be empty when there are no results\nto return.", + example: ['user:82375akja9f', 'issue:2782630'], + default_field: false, + }, + { + name: 'results.size', + level: 'extended', + type: 'long', + description: + 'The size of the result set displayed to the user. This should be\nequivalent to the length of the results in `results.ids`. This is also known\nas the page size or limit.', + example: 10, + default_field: false, + }, + { + name: 'results.total', + level: 'extended', + type: 'long', + description: + 'The total number of matches for this query. This number is always\ngreater than or equal to `results.size`. This is the `hits.total` field in\nthe query response.', + example: 134509, + default_field: false, + }, + ], + }, + { + name: 'server', + title: 'Server', group: 2, - level: 'extended', - name: 'file.size', - required: false, - type: 'long', - }, - 'file.target_path': { - description: 'Target path for symlinks.', - example: '', - footnote: '', + description: + 'A Server is defined as the responder in a network connection for\nevents regarding sessions, connections, or bidirectional flow records.\n\nFor TCP events, the server is the receiver of the initial SYN packet(s) of the\nTCP connection. For other protocols, the server is generally the responder in\nthe network transaction. Some systems actually use the term "responder" to refer\nthe server in TCP connections. The server fields describe details about the\nsystem acting as the server in the network event. Server fields are usually\npopulated in conjunction with client fields. Server fields are generally not\npopulated for packet-level events.\n\nClient / server representations can add semantic context to an exchange, which\nis helpful to visualize the data in certain situations. If your context falls\nin that category, you should still ensure that source and destination are filled\nappropriately.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event server addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the server to the client.', + example: 184, + }, + { + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Server domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: 'IP address of the server (IPv4 or IPv6).', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the server.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the server to the client.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the server.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered server domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'service', + title: 'Service', group: 2, - level: 'extended', - name: 'file.target_path', - required: false, - type: 'keyword', - }, - 'file.type': { - description: 'File type (file, dir, or symlink).', - example: '', - footnote: '', + description: + 'The service fields describe the service for or from which the data\nwas collected.\n\nThese fields help you find and correlate logs for a specific service and version.', + type: 'group', + fields: [ + { + name: 'ephemeral_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Ephemeral identifier of this service (if one exists).\n\nThis id normally changes across restarts, but `service.id` does not.', + example: '8a4f500f', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the running service. If the service is comprised\nof many nodes, the `service.id` should be the same for all nodes.\n\nThis id should uniquely identify the service. This makes it possible to correlate\nlogs and metrics for one specific service, no matter which particular node\nemitted the event.\n\nNote that if you need to see the events from one specific host of the service,\nyou should filter on that `host.name` or `host.id` instead.', + example: 'd37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the service data is collected from.\n\nThe name of the service is normally user given. This allows for distributed\nservices that run on multiple hosts to correlate the related instances based\non the name.\n\nIn the case of Elasticsearch the `service.name` could contain the cluster\nname. For Beats the `service.name` is by default a copy of the `service.type`\nfield if no name is specified.', + example: 'elasticsearch-metrics', + }, + { + name: 'node.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of a service node.\n\nThis allows for two nodes of the same service running on the same host to\nbe differentiated. Therefore, `service.node.name` should typically be unique\nacross nodes of a given service.\n\nIn the case of Elasticsearch, the `service.node.name` could contain the unique\nnode name within the Elasticsearch cluster. In cases where the service does not\nhave the concept of a node name, the host name or container name can be used\nto distinguish running instances that make up this service. If those do not\nprovide uniqueness (e.g. multiple instances of the service running on the\nsame host) - the node name can be manually set.', + example: 'instance-0000000016', + }, + { + name: 'state', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Current state of the service.', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of the service data is collected from.\n\nThe type can be used to group and correlate logs and metrics from one service\ntype.\n\nExample: If logs or metrics are collected from Elasticsearch, `service.type`\nwould be `elasticsearch`.', + example: 'elasticsearch', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Version of the service the data was collected from.\n\nThis allows to look at a data set only for a specific version of a service.', + example: '3.2.4', + }, + ], + }, + { + name: 'source', + title: 'Source', group: 2, - level: 'extended', - name: 'file.type', - required: false, - type: 'keyword', - }, - 'file.uid': { - description: 'The user ID (UID) or security identifier (SID) of the file owner.', - example: '', - footnote: '', + description: + 'Source fields describe details about the source of a packet/event.\n\nSource fields are usually populated in conjunction with destination fields.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event source addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the source to the destination.', + example: 184, + }, + { + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Source domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: 'IP address of the source (IPv4 or IPv6).', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the source.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of source based NAT sessions (e.g. internal client\nto internet)\n\nTypically connections traversing load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of source based NAT sessions. (e.g. internal client\nto internet)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the source to the destination.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the source.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered source domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'threat', + title: 'Threat', group: 2, - level: 'extended', - name: 'file.uid', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'file', - title: 'File', - type: 'group', - }, - geo: { - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.\n', - fields: { - 'geo.city_name': { - description: 'City name.', - example: 'Montreal', - footnote: '', + description: + 'Fields to classify events and alerts according to a threat taxonomy\nsuch as the Mitre ATT&CK framework.\n\nThese fields are for users to classify alerts from all of their sources (e.g.\nIDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to\ncapture the high level category of the threat (e.g. "impact"). The threat.technique.*\nfields are meant to capture which kind of approach is used by this detected\nthreat, to accomplish the goal (e.g. "endpoint denial of service").', + type: 'group', + fields: [ + { + name: 'framework', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the threat framework used to further categorize and classify\nthe tactic and technique of the reported threat. Framework classification\ncan be provided by detecting systems, evaluated at ingest time, or retrospectively\ntagged to events.', + example: 'MITRE ATT&CK', + }, + { + name: 'tactic.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The id of tactic used by this threat. You can use the Mitre ATT&CK\nMatrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'TA0040', + }, + { + name: 'tactic.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the type of tactic used by this threat. You can use the\nMitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'impact', + }, + { + name: 'tactic.reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The reference url of tactic used by this threat. You can use the\nMitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'https://attack.mitre.org/tactics/TA0040/', + }, + { + name: 'technique.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The id of technique used by this tactic. You can use the Mitre\nATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'T1499', + }, + { + name: 'technique.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'The name of technique used by this tactic. You can use the Mitre\nATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'endpoint denial of service', + }, + { + name: 'technique.reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The reference url of technique used by this tactic. You can use\nthe Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'https://attack.mitre.org/techniques/T1499/', + }, + ], + }, + { + name: 'tls', + title: 'TLS', group: 2, - level: 'core', - name: 'geo.city_name', - required: false, - type: 'keyword', - }, - 'geo.continent_name': { - description: 'Name of the continent.', - example: 'North America', - footnote: '', + description: + 'Fields related to a TLS connection. These fields focus on the TLS\nprotocol itself and intentionally avoids in-depth analysis of the related x.509\ncertificate files.', + type: 'group', + fields: [ + { + name: 'cipher', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'String indicating the cipher used during the current connection.', + example: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', + default_field: false, + }, + { + name: 'client.certificate', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'PEM-encoded stand-alone certificate offered by the client. This\nis usually mutually-exclusive of `client.certificate_chain` since this value\nalso exists in that list.', + example: 'MII...', + default_field: false, + }, + { + name: 'client.certificate_chain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of PEM-encoded certificates that make up the certificate\nchain offered by the client. This is usually mutually-exclusive of `client.certificate`\nsince that value should be the first certificate in the chain.', + example: ['MII...', 'MII...'], + default_field: false, + }, + { + name: 'client.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the MD5 digest of DER-encoded version\nof certificate offered by the client. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC', + default_field: false, + }, + { + name: 'client.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA1 digest of DER-encoded version\nof certificate offered by the client. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '9E393D93138888D288266C2D915214D1D1CCEB2A', + default_field: false, + }, + { + name: 'client.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA256 digest of DER-encoded\nversion of certificate offered by the client. For consistency with other hash\nvalues, this value should be formatted as an uppercase hash.', + example: '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0', + default_field: false, + }, + { + name: 'client.issuer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Distinguished name of subject of the issuer of the x.509 certificate\npresented by the client.', + example: 'CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'client.ja3', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash that identifies clients based on how they perform an SSL/TLS\nhandshake.', + example: 'd4e5b18d6b55c71272893221c96ba240', + default_field: false, + }, + { + name: 'client.not_after', + level: 'extended', + type: 'date', + description: + 'Date/Time indicating when client certificate is no longer considered\nvalid.', + example: '2021-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'client.not_before', + level: 'extended', + type: 'date', + description: 'Date/Time indicating when client certificate is first considered\nvalid.', + example: '1970-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'client.server_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Also called an SNI, this tells the server which hostname to which\nthe client is attempting to connect. When this value is available, it should\nget copied to `destination.domain`.', + example: 'www.elastic.co', + default_field: false, + }, + { + name: 'client.subject', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Distinguished name of subject of the x.509 certificate presented\nby the client.', + example: 'CN=myclient, OU=Documentation Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'client.supported_ciphers', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Array of ciphers offered by the client during the client hello.', + example: [ + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', + '...', + ], + default_field: false, + }, + { + name: 'curve', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'String indicating the curve used for the given cipher, when applicable.', + example: 'secp256r1', + default_field: false, + }, + { + name: 'established', + level: 'extended', + type: 'boolean', + description: + 'Boolean flag indicating if the TLS negotiation was successful and\ntransitioned to an encrypted tunnel.', + default_field: false, + }, + { + name: 'next_protocol', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'String indicating the protocol being tunneled. Per the values in\nthe IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids),\nthis string should be lower case.', + example: 'http/1.1', + default_field: false, + }, + { + name: 'resumed', + level: 'extended', + type: 'boolean', + description: + 'Boolean flag indicating if this TLS connection was resumed from\nan existing TLS negotiation.', + default_field: false, + }, + { + name: 'server.certificate', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'PEM-encoded stand-alone certificate offered by the server. This\nis usually mutually-exclusive of `server.certificate_chain` since this value\nalso exists in that list.', + example: 'MII...', + default_field: false, + }, + { + name: 'server.certificate_chain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of PEM-encoded certificates that make up the certificate\nchain offered by the server. This is usually mutually-exclusive of `server.certificate`\nsince that value should be the first certificate in the chain.', + example: ['MII...', 'MII...'], + default_field: false, + }, + { + name: 'server.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the MD5 digest of DER-encoded version\nof certificate offered by the server. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC', + default_field: false, + }, + { + name: 'server.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA1 digest of DER-encoded version\nof certificate offered by the server. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '9E393D93138888D288266C2D915214D1D1CCEB2A', + default_field: false, + }, + { + name: 'server.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA256 digest of DER-encoded\nversion of certificate offered by the server. For consistency with other hash\nvalues, this value should be formatted as an uppercase hash.', + example: '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0', + default_field: false, + }, + { + name: 'server.issuer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Subject of the issuer of the x.509 certificate presented by the\nserver.', + example: 'CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'server.ja3s', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash that identifies servers based on how they perform an SSL/TLS\nhandshake.', + example: '394441ab65754e2207b1e1b457b3641d', + default_field: false, + }, + { + name: 'server.not_after', + level: 'extended', + type: 'date', + description: + 'Timestamp indicating when server certificate is no longer considered\nvalid.', + example: '2021-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'server.not_before', + level: 'extended', + type: 'date', + description: 'Timestamp indicating when server certificate is first considered\nvalid.', + example: '1970-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'server.subject', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Subject of the x.509 certificate presented by the server.', + example: 'CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Numeric part of the version parsed from the original string.', + example: '1.2', + default_field: false, + }, + { + name: 'version_protocol', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Normalized lowercase protocol name parsed from original string.', + example: 'tls', + default_field: false, + }, + ], + }, + { + name: 'tracing', + title: 'Tracing', group: 2, - level: 'core', - name: 'geo.continent_name', - required: false, - type: 'keyword', - }, - 'geo.country_iso_code': { - description: 'Country ISO code.', - example: 'CA', - footnote: '', + description: + 'Distributed tracing makes it possible to analyze performance throughout\na microservice architecture all in one view. This is accomplished by tracing\nall of the requests - from the initial web request in the front-end service\n- to queries made through multiple back-end services.', + type: 'group', + fields: [ + { + name: 'trace.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the trace.\n\nA trace groups multiple events like transactions that belong together. For\nexample, a user request handled by multiple inter-connected services.', + example: '4bf92f3577b34da6a3ce929d0e0e4736', + }, + { + name: 'transaction.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the transaction.\n\nA transaction is the highest level of work measured within a service, such\nas a request to a server.', + example: '00f067aa0ba902b7', + }, + ], + }, + { + name: 'url', + title: 'URL', group: 2, - level: 'core', - name: 'geo.country_iso_code', - required: false, - type: 'keyword', - }, - 'geo.country_name': { - description: 'Country name.', - example: 'Canada', - footnote: '', + description: + 'URL fields provide support for complete or partial URLs, and supports\nthe breaking down into scheme, domain, path, and so on.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Domain of the url, such as "www.elastic.co".\n\nIn some cases a URL may refer to an IP and/or port directly, without a domain\nname. In this case, the IP address would go to the `domain` field.', + example: 'www.elastic.co', + }, + { + name: 'extension', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The field contains the file extension from the original request\nurl.\n\nThe file extension is only set if it exists, as not every url has a file extension.\n\nThe leading period must not be included. For example, the value must be "png",\nnot ".png".', + example: 'png', + }, + { + name: 'fragment', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Portion of the url after the `#`, such as "top".\n\nThe `#` is not part of the fragment.', + }, + { + name: 'full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'If full URLs are important to your use case, they should be stored\nin `url.full`, whether this field is reconstructed or present in the event\nsource.', + example: 'https://www.elastic.co:443/search?q=elasticsearch#top', + }, + { + name: 'original', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Unmodified original url as seen in the event source.\n\nNote that in network monitoring, the observed URL may be a full URL, whereas\nin access logs, the URL is often just represented as a path.\n\nThis field is meant to represent the URL as it was observed, complete or not.', + example: + 'https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch', + }, + { + name: 'password', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Password of the request.', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Path of the request, such as "/search".', + }, + { + name: 'port', + level: 'extended', + type: 'long', + format: 'string', + description: 'Port of the request, such as 443.', + example: 443, + }, + { + name: 'query', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The query field describes the query string of the request, such\nas "q=elasticsearch".\n\nThe `?` is excluded from the query string. If a URL contains no `?`, there\nis no query field. If there is a `?` but no query, the query field exists\nwith an empty string. The `exists` query can be used to differentiate between\nthe two cases.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered url domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'scheme', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Scheme of the request, such as "https".\n\nNote: The `:` is not part of the scheme.', + example: 'https', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'username', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Username of the request.', + }, + ], + }, + { + name: 'user', + title: 'User', group: 2, - level: 'core', - name: 'geo.country_name', - required: false, - type: 'keyword', - }, - 'geo.location': { - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - footnote: '', + description: + 'The user fields describe information about the user that is relevant\nto the event.\n\nFields can have one entry or multiple entries. If a user has more than one id,\nprovide an array that includes all of them.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier of the user.', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'user_agent', + title: 'User agent', group: 2, - level: 'core', - name: 'geo.location', - required: false, - type: 'geo_point', - }, - 'geo.name': { description: - 'User-defined description of a location, at the level of granularity they care about.\nCould be the name of their data centers, the floor number, if this describes a local physical entity, city names.\nNot typically used in automated geolocation.', - example: 'boston-dc', - footnote: '', + 'The user_agent fields normally come from a browser request.\n\nThey often show up in web service logs coming from the parsed user agent string.', + type: 'group', + fields: [ + { + name: 'device.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the device.', + example: 'iPhone', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the user agent.', + example: 'Safari', + }, + { + name: 'original', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Unparsed user_agent string.', + example: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15\n(KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Version of the user agent.', + example: 12, + }, + ], + }, + { + name: 'vlan', + title: 'VLAN', group: 2, - level: 'extended', - name: 'geo.name', - required: false, - type: 'keyword', - }, - 'geo.region_iso_code': { - description: 'Region ISO code.', - example: 'CA-QC', - footnote: '', + description: + 'The VLAN fields are used to identify 802.1q tag(s) of a packet,\nas well as ingress and egress VLAN associations of an observer in relation to\na specific packet or connection.\n\nNetwork.vlan fields are used to record a single VLAN tag, or the outer tag in\nthe case of q-in-q encapsulations, for a packet or connection as observed, typically\nprovided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic.\n\nNetwork.inner VLAN fields are used to report inner q-in-q 802.1q tags (multiple\n802.1q encapsulations) as observed, typically provided by a network sensor (e.g.\nZeek, Wireshark) passively reporting on traffic. Network.inner VLAN fields should\nonly be used in addition to network.vlan fields to indicate q-in-q tagging.\n\nObserver.ingress and observer.egress VLAN values are used to record observer\nspecific information when observer events contain discrete ingress and egress\nVLAN information, typically provided by firewalls, routers, or load balancers.', + type: 'group', + fields: [ + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + ], + }, + { + name: 'vulnerability', + title: 'Vulnerability', group: 2, - level: 'core', - name: 'geo.region_iso_code', - required: false, - type: 'keyword', - }, - 'geo.region_name': { - description: 'Region name.', - example: 'Quebec', - footnote: '', - group: 2, - level: 'core', - name: 'geo.region_name', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'geo', - title: 'Geo', - type: 'group', - }, - group: { - description: 'The group fields are meant to represent groups that are relevant to the event.\n', - fields: { - 'group.id': { - description: 'Unique identifier for the group on the system/platform.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'group.id', - required: false, - type: 'keyword', - }, - 'group.name': { - description: 'Name of the group.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'group.name', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'group', - title: 'Group', - type: 'group', - }, - host: { - description: - 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.\n', - fields: { - 'host.architecture': { - description: 'Operating system architecture.', - example: 'x86_64', - footnote: '', - group: 2, - level: 'core', - name: 'host.architecture', - required: false, - type: 'keyword', - }, - 'host.hostname': { - description: - 'Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'host.hostname', - required: false, - type: 'keyword', - }, - 'host.id': { - description: - 'Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'host.id', - required: false, - type: 'keyword', - }, - 'host.ip': { - description: 'Host ip address.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'host.ip', - required: false, - type: 'ip', - }, - 'host.mac': { - description: 'Host mac address.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'host.mac', - required: false, - type: 'keyword', - }, - 'host.name': { - description: - 'Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'host.name', - required: false, - type: 'keyword', - }, - 'host.type': { - description: - 'Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'host.type', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'host', - title: 'Host', - type: 'group', - }, - http: { - description: 'Fields related to HTTP activity.\n', - fields: { - 'http.request.method': { - description: 'Http request method.', - example: 'GET, POST, PUT', - footnote: '', - group: 2, - level: 'extended', - name: 'http.request.method', - required: false, - type: 'keyword', - }, - 'http.request.referrer': { - description: 'Referrer for this HTTP request.', - example: 'https://blog.example.com/', - footnote: '', - group: 2, - level: 'extended', - name: 'http.request.referrer', - required: false, - type: 'keyword', - }, - 'http.response.body': { - description: 'The full http response body.', - example: 'Hello world', - footnote: '', - group: 2, - level: 'extended', - name: 'http.response.body', - required: false, - type: 'keyword', - }, - 'http.response.status_code': { - description: 'Http response status code.', - example: '404', - footnote: '', - group: 2, - level: 'extended', - name: 'http.response.status_code', - required: false, - type: 'long', - }, - 'http.version': { - description: 'Http version.', - example: '1.1', - footnote: '', - group: 2, - level: 'extended', - name: 'http.version', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'http', - title: 'HTTP', - type: 'group', - }, - log: { - description: 'Fields which are specific to log events.\n', - fields: { - 'log.level': { - description: 'Log level of the log event.\nSome examples are `WARN`, `ERR`, `INFO`.', - example: 'ERR', - footnote: '', - group: 2, - level: 'core', - name: 'log.level', - required: false, - type: 'keyword', - }, - 'log.original': { - description: - "This is the original log message and contains the full log message before splitting it up in multiple parts.\nIn contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.\nThis field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`.", - example: 'Sep 19 08:26:10 localhost My log', - footnote: '', - group: 2, - level: 'core', - name: 'log.original', - required: false, - type: '(not indexed)', - }, - }, - group: 2, - name: 'log', - title: 'Log', - type: 'group', - }, - network: { - description: - 'The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event.\n', - fields: { - 'network.application': { - description: - 'A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format.', - example: 'AIM', - footnote: '', - group: 2, - level: 'extended', - name: 'network.application', - required: false, - type: 'keyword', - }, - 'network.bytes': { - description: - 'Total bytes transferred in both directions.\nIf `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum.', - example: '368', - footnote: '', - group: 2, - level: 'core', - name: 'network.bytes', - required: false, - type: 'long', - }, - 'network.community_id': { - description: - 'A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows.\nLearn more at https://github.com/corelight/community-id-spec.', - example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=', - footnote: '', - group: 2, - level: 'extended', - name: 'network.community_id', - required: false, - type: 'keyword', - }, - 'network.direction': { - description: - "Direction of the network traffic.\nRecommended values are:\n * inbound\n * outbound\n * internal\n * external\n * unknown\n\nWhen mapping events from a host-based monitoring context, populate this field from the host's point of view.\nWhen mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter.", - example: 'inbound', - footnote: '', - group: 2, - level: 'core', - name: 'network.direction', - required: false, - type: 'keyword', - }, - 'network.forwarded_ip': { - description: 'Host IP address when the source IP address is the proxy.', - example: '192.1.1.2', - footnote: '', - group: 2, - level: 'core', - name: 'network.forwarded_ip', - required: false, - type: 'ip', - }, - 'network.iana_number': { - description: - 'IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number.', - example: '6', - footnote: '', - group: 2, - level: 'extended', - name: 'network.iana_number', - required: false, - type: 'keyword', - }, - 'network.name': { - description: 'Name given by operators to sections of their network.', - example: 'Guest Wifi', - footnote: '', - group: 2, - level: 'extended', - name: 'network.name', - required: false, - type: 'keyword', - }, - 'network.packets': { - description: - 'Total packets transferred in both directions.\nIf `source.packets` and `destination.packets` are known, `network.packets` is their sum.', - example: '24', - footnote: '', - group: 2, - level: 'core', - name: 'network.packets', - required: false, - type: 'long', - }, - 'network.protocol': { - description: 'L7 Network protocol name. ex. http, lumberjack, transport protocol', - example: 'http', - footnote: '', - group: 2, - level: 'core', - name: 'network.protocol', - required: false, - type: 'keyword', - }, - 'network.transport': { - description: - 'Same as network.iana_number, but instead using the Keyword name of the transport layer (UDP, TCP, IPv6-ICMP, etc.)', - example: 'TCP', - footnote: '', - group: 2, - level: 'core', - name: 'network.transport', - required: false, - type: 'keyword', - }, - 'network.type': { - description: - 'In the OSI Model this would be the Network Layer. IPv4, IPv6, IPSec, PIM, etc', - example: 'IPv4', - footnote: '', - group: 2, - level: 'core', - name: 'network.type', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'network', - title: 'Network', - type: 'group', - }, - observer: { - description: - 'An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. \n', - fields: { - 'observer.hostname': { - description: 'Hostname of the observer.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'observer.hostname', - required: false, - type: 'keyword', - }, - 'observer.ip': { - description: 'IP address of the observer.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'observer.ip', - required: false, - type: 'ip', - }, - 'observer.mac': { - description: 'MAC address of the observer', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'observer.mac', - required: false, - type: 'keyword', - }, - 'observer.serial_number': { - description: 'Observer serial number.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'observer.serial_number', - required: false, - type: 'keyword', - }, - 'observer.type': { - description: - 'The type of the observer the data is coming from.\nThere is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`.', - example: 'firewall', - footnote: '', - group: 2, - level: 'core', - name: 'observer.type', - required: false, - type: 'keyword', - }, - 'observer.vendor': { - description: 'observer vendor information.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'observer.vendor', - required: false, - type: 'keyword', - }, - 'observer.version': { - description: 'Observer version.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'observer.version', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'observer', - title: 'Observer', - type: 'group', - }, - organization: { - description: - 'The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations.\n', - fields: { - 'organization.id': { - description: 'Unique identifier for the organization.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'organization.id', - required: false, - type: 'keyword', - }, - 'organization.name': { - description: 'Organization name.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'organization.name', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'organization', - title: 'Organization', - type: 'group', - }, - os: { - description: 'The OS fields contain information about the operating system.\n', - fields: { - 'os.family': { - description: 'OS family (such as redhat, debian, freebsd, windows).', - example: 'debian', - footnote: '', - group: 2, - level: 'extended', - name: 'os.family', - required: false, - type: 'keyword', - }, - 'os.kernel': { - description: 'Operating system kernel version as a raw string.', - example: '4.4.0-112-generic', - footnote: '', - group: 2, - level: 'extended', - name: 'os.kernel', - required: false, - type: 'keyword', - }, - 'os.name': { - description: 'Operating system name.', - example: 'Mac OS X', - footnote: '', - group: 2, - level: 'extended', - name: 'os.name', - required: false, - type: 'keyword', - }, - 'os.platform': { - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - footnote: '', - group: 2, - level: 'extended', - name: 'os.platform', - required: false, - type: 'keyword', - }, - 'os.version': { - description: 'Operating system version as a raw string.', - example: '10.12.6-rc2', - footnote: '', - group: 2, - level: 'extended', - name: 'os.version', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'os', - title: 'Operating System', - type: 'group', - }, - process: { - description: - 'These fields contain information about a process. These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation.\n', - fields: { - 'process.args': { - description: 'Process arguments.\nMay be filtered to protect sensitive information.', - example: "['ssh', '-l', 'user', '10.0.0.16']", - footnote: '', - group: 2, - level: 'extended', - name: 'process.args', - required: false, - type: 'keyword', - }, - 'process.executable': { - description: 'Absolute path to the process executable.', - example: '/usr/bin/ssh', - footnote: '', - group: 2, - level: 'extended', - name: 'process.executable', - required: false, - type: 'keyword', - }, - 'process.name': { - description: 'Process name.\nSometimes called program name or similar.', - example: 'ssh', - footnote: '', - group: 2, - level: 'extended', - name: 'process.name', - required: false, - type: 'keyword', - }, - 'process.pid': { - description: 'Process id.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'process.pid', - required: false, - type: 'long', - }, - 'process.ppid': { - description: 'Process parent id.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'process.ppid', - required: false, - type: 'long', - }, - 'process.start': { - description: 'The time the process started.', - example: '2016-05-23T08:05:34.853Z', - footnote: '', - group: 2, - level: 'extended', - name: 'process.start', - required: false, - type: 'date', - }, - 'process.thread.id': { - description: 'Thread ID.', - example: '4242', - footnote: '', - group: 2, - level: 'extended', - name: 'process.thread.id', - required: false, - type: 'long', - }, - 'process.title': { description: - 'Process title.\nThe proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'process.title', - required: false, - type: 'keyword', - }, - 'process.working_directory': { - description: 'The working directory of the process.', - example: '/home/alice', - footnote: '', - group: 2, - level: 'extended', - name: 'process.working_directory', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'process', - title: 'Process', - type: 'group', - }, - related: { - description: - 'This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`.\n', - fields: { - 'related.ip': { - description: 'All of the IPs seen on your event.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'related.ip', - required: false, - type: 'ip', - }, - }, - group: 2, - name: 'related', - title: 'Related', - type: 'group', - }, - server: { - description: - 'A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events.\n', - fields: { - 'server.bytes': { - description: 'Bytes sent from the server to the client.', - example: '184', - footnote: '', - group: 2, - level: 'core', - name: 'server.bytes', - required: false, - type: 'long', - }, - 'server.domain': { - description: 'Server domain.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'server.domain', - required: false, - type: 'keyword', - }, - 'server.ip': { - description: 'IP address of the server.\nCan be one or multiple IPv4 or IPv6 addresses.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'server.ip', - required: false, - type: 'ip', - }, - 'server.mac': { - description: 'MAC address of the server.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'server.mac', - required: false, - type: 'keyword', - }, - 'server.packets': { - description: 'Packets sent from the server to the client.', - example: '12', - footnote: '', - group: 2, - level: 'core', - name: 'server.packets', - required: false, - type: 'long', - }, - 'server.port': { - description: 'Port of the server.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'server.port', - required: false, - type: 'long', - }, - }, - group: 2, - name: 'server', - title: 'Server', - type: 'group', - }, - service: { - description: - 'The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version.\n', - fields: { - 'service.ephemeral_id': { - description: - 'Ephemeral identifier of this service (if one exists).\nThis id normally changes across restarts, but `service.id` does not.', - example: '8a4f500f', - footnote: '', - group: 2, - level: 'extended', - name: 'service.ephemeral_id', - required: false, - type: 'keyword', - }, - 'service.id': { - description: - 'Unique identifier of the running service.\nThis id should uniquely identify this service. This makes it possible to correlate logs and metrics for one specific service.\nExample: If you are experiencing issues with one redis instance, you can filter on that id to see metrics and logs for that single instance.', - example: 'd37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6', - footnote: '', - group: 2, - level: 'core', - name: 'service.id', - required: false, - type: 'keyword', - }, - 'service.name': { - description: - 'Name of the service data is collected from.\nThe name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`.\nAlso it allows for distributed services that run on multiple hosts to correlate the related instances based on the name.\nIn the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified.', - example: 'elasticsearch-metrics', - footnote: '', - group: 2, - level: 'core', - name: 'service.name', - required: false, - type: 'keyword', - }, - 'service.state': { - description: 'Current state of the service.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'service.state', - required: false, - type: 'keyword', - }, - 'service.type': { - description: - 'The type of the service data is collected from.\nThe type can be used to group and correlate logs and metrics from one service type.\nExample: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`.', - example: 'elasticsearch', - footnote: '', - group: 2, - level: 'core', - name: 'service.type', - required: false, - type: 'keyword', - }, - 'service.version': { - description: - 'Version of the service the data was collected from.\nThis allows to look at a data set only for a specific version of a service.', - example: '3.2.4', - footnote: '', - group: 2, - level: 'core', - name: 'service.version', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'service', - title: 'Service', - type: 'group', - }, - source: { - description: - 'Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields.\n', - fields: { - 'source.bytes': { - description: 'Bytes sent from the source to the destination.', - example: '184', - footnote: '', - group: 2, - level: 'core', - name: 'source.bytes', - required: false, - type: 'long', - }, - 'source.domain': { - description: 'Source domain.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'source.domain', - required: false, - type: 'keyword', - }, - 'source.ip': { - description: 'IP address of the source.\nCan be one or multiple IPv4 or IPv6 addresses.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'source.ip', - required: false, - type: 'ip', - }, - 'source.mac': { - description: 'MAC address of the source.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'source.mac', - required: false, - type: 'keyword', - }, - 'source.packets': { - description: 'Packets sent from the source to the destination.', - example: '12', - footnote: '', - group: 2, - level: 'core', - name: 'source.packets', - required: false, - type: 'long', - }, - 'source.port': { - description: 'Port of the source.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'source.port', - required: false, - type: 'long', - }, - }, - group: 2, - name: 'source', - title: 'Source', - type: 'group', - }, - url: { - description: 'URL fields provide a complete URL, with scheme, host, and path.\n', - fields: { - 'url.domain': { - description: - 'Domain of the request, such as "www.elastic.co".\nIn some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.', - example: 'www.elastic.co', - footnote: '', - group: 2, - level: 'extended', - name: 'url.domain', - required: false, - type: 'keyword', - }, - 'url.fragment': { - description: - 'Portion of the url after the `#`, such as "top".\nThe `#` is not part of the fragment.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'url.fragment', - required: false, - type: 'keyword', - }, - 'url.full': { - description: - 'If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source.', - example: 'https://www.elastic.co:443/search?q=elasticsearch#top', - footnote: '', - group: 2, - level: 'extended', - name: 'url.full', - required: false, - type: 'keyword', - }, - 'url.original': { - description: - 'Unmodified original url as seen in the event source.\nNote that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.\nThis field is meant to represent the URL as it was observed, complete or not.', - example: 'https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch', - footnote: '', - group: 2, - level: 'extended', - name: 'url.original', - required: false, - type: 'keyword', - }, - 'url.password': { - description: 'Password of the request.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'url.password', - required: false, - type: 'keyword', - }, - 'url.path': { - description: 'Path of the request, such as "/search".', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'url.path', - required: false, - type: 'keyword', - }, - 'url.port': { - description: 'Port of the request, such as 443.', - example: '443', - footnote: '', - group: 2, - level: 'extended', - name: 'url.port', - required: false, - type: 'integer', - }, - 'url.query': { - description: - 'The query field describes the query string of the request, such as "q=elasticsearch".\nThe `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'url.query', - required: false, - type: 'keyword', - }, - 'url.scheme': { - description: - 'Scheme of the request, such as "https".\nNote: The `:` is not part of the scheme.', - example: 'https', - footnote: '', - group: 2, - level: 'extended', - name: 'url.scheme', - required: false, - type: 'keyword', - }, - 'url.username': { - description: 'Username of the request.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'url.username', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'url', - title: 'URL', - type: 'group', - }, - user: { - description: - 'The user fields describe information about the user that is relevant to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them.\n', - fields: { - 'user.email': { - description: 'User email address.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'user.email', - required: false, - type: 'keyword', - }, - 'user.full_name': { - description: "User's full name, if available.", - example: 'Albert Einstein', - footnote: '', - group: 2, - level: 'extended', - name: 'user.full_name', - required: false, - type: 'keyword', - }, - 'user.group': { - description: - 'Group the user is a part of. This field can contain a list of groups, if necessary.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'user.group', - required: false, - type: 'keyword', - }, - 'user.hash': { - description: - 'Unique user hash to correlate information for a user in anonymized form.\nUseful if `user.id` or `user.name` contain confidential information and cannot be used.', - example: '', - footnote: '', - group: 2, - level: 'extended', - name: 'user.hash', - required: false, - type: 'keyword', - }, - 'user.id': { - description: 'One or multiple unique identifiers of the user.', - example: '', - footnote: '', - group: 2, - level: 'core', - name: 'user.id', - required: false, - type: 'keyword', - }, - 'user.name': { - description: 'Short name or login of the user.', - example: 'albert', - footnote: '', - group: 2, - level: 'core', - name: 'user.name', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'user', - title: 'User', - type: 'group', - }, - user_agent: { - description: - 'The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string.\n', - fields: { - 'user_agent.device.name': { - description: 'Name of the device.', - example: 'iPhone', - footnote: '', - group: 2, - level: 'extended', - name: 'user_agent.device.name', - required: false, - type: 'keyword', - }, - 'user_agent.name': { - description: 'Name of the user agent.', - example: 'Safari', - footnote: '', - group: 2, - level: 'extended', - name: 'user_agent.name', - required: false, - type: 'keyword', - }, - 'user_agent.original': { - description: 'Unparsed version of the user_agent.', - example: - 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1', - footnote: '', - group: 2, - level: 'extended', - name: 'user_agent.original', - required: false, - type: '(not indexed)', - }, - 'user_agent.version': { - description: 'Version of the user agent.', - example: '12.0', - footnote: '', - group: 2, - level: 'extended', - name: 'user_agent.version', - required: false, - type: 'keyword', - }, - }, - group: 2, - name: 'user_agent', - title: 'User agent', - type: 'group', + 'The vulnerability fields describe information about a vulnerability\nthat is relevant to an event.', + type: 'group', + fields: [ + { + name: 'category', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of system or architecture that the vulnerability affects.\nThese may be platform-specific (for example, Debian or SUSE) or general (for\nexample, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys\nvulnerability categories])\n\nThis field must be an array.', + example: '["Firewall"]', + default_field: false, + }, + { + name: 'classification', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The classification of the vulnerability scoring system. For example\n(https://www.first.org/cvss/)', + example: 'CVSS', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'The description of the vulnerability that provides additional context\nof the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common\nVulnerabilities and Exposure CVE description])', + example: 'In macOS before 2.12.6, there is a vulnerability in the RPC...', + default_field: false, + }, + { + name: 'enumeration', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of identifier used for this vulnerability. For example\n(https://cve.mitre.org/about/)', + example: 'CVE', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The identification (ID) is the number portion of a vulnerability\nentry. It includes a unique identification number for the vulnerability. For\nexample (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities\nand Exposure CVE ID]', + example: 'CVE-2019-00001', + default_field: false, + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A resource that provides additional information, context, and mitigations\nfor the identified vulnerability.', + example: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111', + default_field: false, + }, + { + name: 'report_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The report or scan identification number.', + example: 20191018.0001, + default_field: false, + }, + { + name: 'scanner.vendor', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the vulnerability scanner vendor.', + example: 'Tenable', + default_field: false, + }, + { + name: 'score.base', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nBase scores cover an assessment for exploitability metrics (attack vector,\ncomplexity, privileges, and user interaction), impact metrics (confidentiality,\nintegrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document)', + example: 5.5, + default_field: false, + }, + { + name: 'score.environmental', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nEnvironmental scores cover an assessment for any modified Base metrics, confidentiality,\nintegrity, and availability requirements. For example (https://www.first.org/cvss/specification-document)', + example: 5.5, + default_field: false, + }, + { + name: 'score.temporal', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nTemporal scores cover an assessment for code maturity, remediation level,\nand confidence. For example (https://www.first.org/cvss/specification-document)', + default_field: false, + }, + { + name: 'score.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The National Vulnerability Database (NVD) provides qualitative\nseverity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score\nranges in addition to the severity ratings for CVSS v3.0 as they are defined\nin the CVSS v3.0 specification.\n\nCVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit\norganization, whose mission is to help computer security incident response\nteams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss)', + example: 2, + default_field: false, + }, + { + name: 'severity', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The severity of the vulnerability can help with metrics and internal\nprioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss)', + example: 'Critical', + default_field: false, + }, + ], + }, + ], }, -}; +]; diff --git a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/filebeat.ts b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/filebeat.ts index a5877f6c34b8f..3b8c92ebba269 100644 --- a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/filebeat.ts +++ b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/filebeat.ts @@ -15,91 +15,129 @@ export const filebeatSchema: Schema = [ { key: 'ecs', title: 'ECS', - description: 'ECS fields.', + description: 'ECS Fields.', fields: [ { name: '@timestamp', - type: 'date', level: 'core', required: true, - example: '2016-05-23T08:05:34.853Z', + type: 'date', description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - }, - { - name: 'tags', - level: 'core', - type: 'keyword', - example: '["production", "env2"]', - description: 'List of keywords used to tag each event.', + 'Date/time when the event originated.\n\nThis is the date/time extracted from the event, typically representing when\nthe event was generated by the source.\n\nIf the event source has no original timestamp, this value is typically populated\nby the first time the event was received by the pipeline.\n\nRequired field for all events.', + example: '2016-05-23T08:05:34.853Z', }, { name: 'labels', level: 'core', type: 'object', - example: { - env: 'production', - application: 'foo-bar', - }, + object_type: 'keyword', description: - 'Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: `docker` and `k8s` labels.', + 'Custom key/value pairs.\n\nCan be used to add meta information to events. Should not contain nested objects.\nAll values are stored as keyword.\n\nExample: `docker` and `k8s` labels.', + example: '{"application": "foo-bar", "env": "production"}', }, { name: 'message', level: 'core', type: 'text', - example: 'Hello World', description: - 'For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message.', + 'For log events the message field contains the log message, optimized\nfor viewing in a log viewer.\n\nFor structured logs without an original message field, other fields can be concatenated\nto form a human-readable summary of the event.\n\nIf multiple messages exist, they can be combined into one message.', + example: 'Hello World', + }, + { + name: 'tags', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'List of keywords used to tag each event.', + example: '["production", "env2"]', }, { name: 'agent', title: 'Agent', group: 2, description: - 'The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken.', + 'The agent fields contain the data about the software entity, if\nany, that collects, detects, or observes events on a host, or takes measurements\non a host.\n\nExamples include Beats. Agents may also run on observers. ECS agent.* fields\nshall be populated with details of the agent running on the host or observer\nwhere the event happened or the measurement was taken.', footnote: - 'Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server.', + 'Examples: In the case of Beats for logs, the agent.name is filebeat.\nFor APM, it is the agent running in the app/service. The agent information does\nnot change if data is sent through queuing systems like Kafka, Redis, or processing\nsystems such as Logstash or APM Server.', type: 'group', fields: [ { - name: 'version', + name: 'ephemeral_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Ephemeral identifier of this agent (if one exists).\n\nThis id normally changes across restarts, but `agent.id` does not.', + example: '8a4f500f', + }, + { + name: 'id', level: 'core', type: 'keyword', - description: 'Version of the agent.', - example: '6.0.0-rc2', + ignore_above: 1024, + description: + 'Unique identifier of this agent (if one exists).\n\nExample: For Beats this would be beat.id.', + example: '8a4f500d', }, { name: 'name', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', + 'Custom name of the agent.\n\nThis is a name that can be given to an agent. This can be helpful if for example\ntwo Filebeat instances are running on the same host but a human readable separation\nis needed on which Filebeat instance data is coming from.\n\nIf no name is given, the name is often left empty.', example: 'foo', }, { name: 'type', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.', + 'Type of the agent.\n\nThe agent type stays always the same and should be given by the agent used.\nIn case of Filebeat the agent would always be Filebeat also if two Filebeat\ninstances are run on the same machine.', example: 'filebeat', }, { - name: 'id', + name: 'version', level: 'core', type: 'keyword', + ignore_above: 1024, + description: 'Version of the agent.', + example: '6.0.0-rc2', + }, + ], + }, + { + name: 'as', + title: 'Autonomous System', + group: 2, + description: + 'An autonomous system (AS) is a collection of connected Internet Protocol\n(IP) routing prefixes under the control of one or more network operators on\nbehalf of a single administrative entity or domain that presents a common, clearly\ndefined routing policy to the internet.', + type: 'group', + fields: [ + { + name: 'number', + level: 'extended', + type: 'long', description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'ephemeral_id', + name: 'organization.name', level: 'extended', type: 'keyword', - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', }, ], }, @@ -108,7183 +146,18212 @@ export const filebeatSchema: Schema = [ title: 'Client', group: 2, description: - 'A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', + 'A client is defined as the initiator of a network connection for\nevents regarding sessions, connections, or bidirectional flow records.\n\nFor TCP events, the client is the initiator of the TCP connection that sends\nthe SYN packet(s). For other protocols, the client is generally the initiator\nor requestor in the network transaction. Some systems use the term "originator"\nto refer the client in TCP connections. The client fields describe details about\nthe system acting as the client in the network event. Client fields are usually\npopulated in conjunction with server fields. Client fields are generally not\npopulated for packet-level events.\n\nClient / server representations can add semantic context to an exchange, which\nis helpful to visualize the data in certain situations. If your context falls\nin that category, you should still ensure that source and destination are filled\nappropriately.', type: 'group', fields: [ { name: 'address', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Some event client addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', }, { - name: 'ip', - level: 'core', - type: 'ip', - description: 'IP address of the client. Can be one or multiple IPv4 or IPv6 addresses.', + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'port', + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', level: 'core', type: 'long', - description: 'Port of the client.', + format: 'bytes', + description: 'Bytes sent from the client to the server.', + example: 184, }, { - name: 'mac', + name: 'domain', level: 'core', type: 'keyword', - description: 'MAC address of the client.', + ignore_above: 1024, + description: 'Client domain.', }, { - name: 'domain', + name: 'geo.city_name', level: 'core', type: 'keyword', - description: 'Client domain.', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'bytes', + name: 'geo.continent_name', level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the client to the server.', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'packets', + name: 'geo.country_iso_code', level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the client to the server.', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, - ], - }, - { - name: 'cloud', - title: 'Cloud', - group: 2, - description: 'Fields related to the cloud or infrastructure the events are coming from.', - footnote: - 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.', - type: 'group', - fields: [ { - name: 'provider', + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', level: 'extended', - example: 'ec2', type: 'keyword', + ignore_above: 1024, description: - 'Name of the cloud provider. Example values are ec2, gce, or digitalocean.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'availability_zone', - level: 'extended', - example: 'us-east-1c', + name: 'geo.region_iso_code', + level: 'core', type: 'keyword', - description: 'Availability zone in which this host is running.', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'region', - level: 'extended', + name: 'geo.region_name', + level: 'core', type: 'keyword', - example: 'us-east-1', - description: 'Region in which this host is running.', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { - name: 'instance.id', - level: 'extended', + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the client.\n\nCan be one or multiple IPv4 or IPv6 addresses.', + }, + { + name: 'mac', + level: 'core', type: 'keyword', - example: 'i-1234567890abcdef0', - description: 'Instance ID of the host machine.', + ignore_above: 1024, + description: 'MAC address of the client.', }, { - name: 'instance.name', + name: 'nat.ip', level: 'extended', - type: 'keyword', - description: 'Instance name of the host machine.', + type: 'ip', + description: + 'Translated IP of source based NAT sessions (e.g. internal client\nto internet).\n\nTypically connections traversing load balancers, firewalls, or routers.', }, { - name: 'machine.type', + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of source based NAT sessions (e.g. internal client\nto internet).\n\nTypically connections traversing load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the client to the server.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the client.', + }, + { + name: 'registered_domain', level: 'extended', type: 'keyword', - example: 't2.medium', - description: 'Machine type of the host machine.', + ignore_above: 1024, + description: + 'The highest registered client domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', }, { - name: 'account.id', + name: 'top_level_domain', level: 'extended', type: 'keyword', - example: 666777888999, + ignore_above: 1024, description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', }, - ], - }, - { - name: 'container', - title: 'Container', - group: 2, - description: - 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.', - type: 'group', - fields: [ { - name: 'runtime', + name: 'user.domain', level: 'extended', type: 'keyword', - description: 'Runtime managing this container.', - example: 'docker', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'id', - level: 'core', + name: 'user.email', + level: 'extended', type: 'keyword', - description: 'Unique container id.', + ignore_above: 1024, + description: 'User email address.', }, { - name: 'image.name', + name: 'user.full_name', level: 'extended', type: 'keyword', - description: 'Name of the image the container was built on.', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', }, { - name: 'image.tag', + name: 'user.group.domain', level: 'extended', type: 'keyword', - description: 'Container image tag.', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'name', + name: 'user.group.id', level: 'extended', type: 'keyword', - description: 'Container name.', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'labels', + name: 'user.group.name', level: 'extended', - type: 'object', - object_type: 'keyword', - description: 'Image labels.', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', }, - ], - }, - { - name: 'destination', - title: 'Destination', - group: 2, - description: - 'Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields.', - type: 'group', - fields: [ { - name: 'address', + name: 'user.hash', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', }, { - name: 'ip', + name: 'user.id', level: 'core', - type: 'ip', - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', }, { - name: 'port', + name: 'user.name', level: 'core', - type: 'long', - description: 'Port of the destination.', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', }, + ], + }, + { + name: 'cloud', + title: 'Cloud', + group: 2, + description: 'Fields related to the cloud or infrastructure the events are coming\nfrom.', + footnote: + 'Examples: If Metricbeat is running on an EC2 host and fetches data\nfrom its host, the cloud info contains the data about this machine. If Metricbeat\nruns on a remote machine outside the cloud and fetches data from a service running\nin the cloud, the field contains cloud data from the machine the service is\nrunning on.', + type: 'group', + fields: [ { - name: 'mac', - level: 'core', + name: 'account.id', + level: 'extended', type: 'keyword', - description: 'MAC address of the destination.', + ignore_above: 1024, + description: + 'The cloud account or organization id used to identify different\nentities in a multi-tenant environment.\n\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier.', + example: 666777888999, }, { - name: 'domain', - level: 'core', + name: 'availability_zone', + level: 'extended', type: 'keyword', - description: 'Destination domain.', + ignore_above: 1024, + description: 'Availability zone in which this host is running.', + example: 'us-east-1c', }, { - name: 'bytes', - level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the destination to the source.', + name: 'instance.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Instance ID of the host machine.', + example: 'i-1234567890abcdef0', }, { - name: 'packets', - level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the destination to the source.', + name: 'instance.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Instance name of the host machine.', + }, + { + name: 'machine.type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Machine type of the host machine.', + example: 't2.medium', }, { - name: 'geo', - title: 'Geo', - group: 2, + name: 'provider', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + 'Name of the cloud provider. Example values are aws, azure, gcp,\nor digitalocean.', + example: 'aws', + }, + { + name: 'region', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Region in which this host is running.', + example: 'us-east-1', }, ], }, { - name: 'ecs', - title: 'ECS', + name: 'code_signature', + title: 'Code Signature', group: 2, - description: 'Meta-information specific to ECS.', + description: 'These fields contain information about binary code signatures.', type: 'group', fields: [ { - name: 'version', + name: 'exists', level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'status', + level: 'extended', type: 'keyword', - required: true, + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'valid', + level: 'extended', + type: 'boolean', description: - 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. The current version is 1.0.0-beta2 .', - example: '1.0.0-beta2', + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, ], }, { - name: 'error', - title: 'Error', + name: 'container', + title: 'Container', group: 2, description: - 'These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error.', + 'Container fields are used for meta information about the specific\ncontainer that is the source of information.\n\nThese fields help correlate data based containers from any runtime.', type: 'group', fields: [ { name: 'id', level: 'core', type: 'keyword', - description: 'Unique identifier for the error.', + ignore_above: 1024, + description: 'Unique container id.', }, { - name: 'message', - level: 'core', - type: 'text', - description: 'Error message.', + name: 'image.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the image the container was built on.', }, { - name: 'code', - level: 'core', + name: 'image.tag', + level: 'extended', type: 'keyword', - description: 'Error code describing the error.', + ignore_above: 1024, + description: 'Container image tags.', + }, + { + name: 'labels', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: 'Image labels.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Container name.', + }, + { + name: 'runtime', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Runtime managing this container.', + example: 'docker', }, ], }, { - name: 'event', - title: 'Event', + name: 'destination', + title: 'Destination', group: 2, description: - 'The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host.', + 'Destination fields describe details about the destination of a packet/event.\n\nDestination fields are usually populated in conjunction with source fields.', type: 'group', fields: [ { - name: 'id', - level: 'core', + name: 'address', + level: 'extended', type: 'keyword', - description: 'Unique ID to describe the event.', - example: '8a4f500d', + ignore_above: 1024, + description: + 'Some event destination addresses are defined ambiguously. The\nevent will sometimes list an IP, a domain or a unix socket. You should always\nstore the raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', }, { - name: 'kind', + name: 'as.number', level: 'extended', - type: 'keyword', + type: 'long', description: - 'The kind of the event. This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'state', + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'category', - level: 'core', + name: 'as.organization.name', + level: 'extended', type: 'keyword', - description: - 'Event category. This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'user-management', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', }, { - name: 'action', + name: 'bytes', level: 'core', - type: 'keyword', - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the destination to the source.', + example: 184, }, { - name: 'outcome', - level: 'extended', + name: 'domain', + level: 'core', type: 'keyword', - description: - 'The outcome of the event. If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'success', + ignore_above: 1024, + description: 'Destination domain.', }, { - name: 'type', + name: 'geo.city_name', level: 'core', type: 'keyword', - description: 'Reserved for future usage. Please avoid using this field for user data.', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'module', + name: 'geo.continent_name', level: 'core', type: 'keyword', - description: - 'Name of the module this data is coming from. This information is coming from the modules used in Beats or Logstash.', - example: 'mysql', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'dataset', + name: 'geo.country_iso_code', level: 'core', type: 'keyword', - description: - 'Name of the dataset. The concept of a `dataset` (fileset / metricset) is used in Beats as a subset of modules. It contains the information which is currently stored in metricset.name and metricset.module or fileset.name.', - example: 'stats', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'severity', + name: 'geo.country_name', level: 'core', - type: 'long', - example: '7', - description: - "Severity describes the severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events. ", + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'original', + name: 'geo.location', level: 'core', - type: 'keyword', - example: - 'Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232', - description: - 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`.', - index: false, - doc_values: false, + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'hash', + name: 'geo.name', level: 'extended', type: 'keyword', - example: '123456789012345678901234567890ABCD', + ignore_above: 1024, description: - 'Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'duration', + name: 'geo.region_iso_code', level: 'core', - type: 'long', - format: 'duration', - input_format: 'nanoseconds', - description: - 'Duration of the event in nanoseconds. If event.start and event.end are known this value should be the difference between the end and start time.', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'timezone', - level: 'extended', + name: 'geo.region_name', + level: 'core', type: 'keyword', - description: - 'This field should be populated when the event\'s timestamp does not include timezone information already (e.g. default Syslog timestamps). It\'s optional otherwise. Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00").', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { - name: 'created', + name: 'ip', level: 'core', - type: 'date', + type: 'ip', description: - 'event.created contains the date when the event was created. This timestamp is distinct from @timestamp in that @timestamp contains the processed timestamp. For logs these two timestamps can be different as the timestamp in the log line and when the event is read for example by Filebeat are not identical. `@timestamp` must contain the timestamp extracted from the log line, event.created when the log line is read. The same could apply to package capturing where @timestamp contains the timestamp extracted from the network package and event.created when the event was created. In case the two timestamps are identical, @timestamp should be used.', + 'IP address of the destination.\n\nCan be one or multiple IPv4 or IPv6 addresses.', }, { - name: 'start', + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the destination.', + }, + { + name: 'nat.ip', level: 'extended', - type: 'date', + type: 'ip', description: - 'event.start contains the date when the event started or when the activity was first observed.', + 'Translated ip of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', }, { - name: 'end', + name: 'nat.port', level: 'extended', - type: 'date', + type: 'long', + format: 'string', description: - 'event.end contains the date when the event ended or when the activity was last observed.', + 'Port the source session is translated to by NAT Device.\n\nTypically used with load balancers, firewalls, or routers.', }, { - name: 'risk_score', + name: 'packets', level: 'core', - type: 'float', - description: - "Risk score or priority of the event (e.g. security solutions). Use your system's original value here. ", + type: 'long', + description: 'Packets sent from the destination to the source.', + example: 12, }, { - name: 'risk_score_norm', + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the destination.', + }, + { + name: 'registered_domain', level: 'extended', - type: 'float', + type: 'keyword', + ignore_above: 1024, description: - 'Normalized risk score or priority of the event, on a scale of 0 to 100. This is mainly useful if you use more than one system that assigns risk scores, and you want to see a normalized value across all systems.', + 'The highest registered destination domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', }, - ], - }, - { - name: 'file', - group: 2, - title: 'File', - description: - 'A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.', - type: 'group', - fields: [ { - name: 'path', + name: 'top_level_domain', level: 'extended', type: 'keyword', - description: 'Path to the file.', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', }, { - name: 'target_path', + name: 'user.domain', level: 'extended', type: 'keyword', - description: 'Target path for symlinks.', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'extension', + name: 'user.email', level: 'extended', type: 'keyword', - description: 'File extension. This should allow easy filtering by file extensions.', - example: 'png', + ignore_above: 1024, + description: 'User email address.', }, { - name: 'type', + name: 'user.full_name', level: 'extended', type: 'keyword', - description: 'File type (file, dir, or symlink).', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', }, { - name: 'device', + name: 'user.group.domain', level: 'extended', type: 'keyword', - description: 'Device that is the source of the file.', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'inode', + name: 'user.group.id', level: 'extended', type: 'keyword', - description: 'Inode representing the file in the filesystem.', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'uid', + name: 'user.group.name', level: 'extended', type: 'keyword', - description: 'The user ID (UID) or security identifier (SID) of the file owner.', + ignore_above: 1024, + description: 'Name of the group.', }, { - name: 'owner', + name: 'user.hash', level: 'extended', type: 'keyword', - description: "File owner's username.", + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', }, { - name: 'gid', - level: 'extended', + name: 'user.id', + level: 'core', type: 'keyword', - description: 'Primary group ID (GID) of the file.', + ignore_above: 1024, + description: 'Unique identifiers of the user.', }, { - name: 'group', - level: 'extended', + name: 'user.name', + level: 'core', type: 'keyword', - description: 'Primary group name of the file.', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'dll', + title: 'DLL', + group: 2, + description: + 'These fields contain information about code libraries dynamically\nloaded into processes.\n\n\nMany operating systems refer to "shared code libraries" with different names,\nbut this field set refers to all of the following:\n\n* Dynamic-link library (`.dll`) commonly used on Windows\n\n* Shared Object (`.so`) commonly used on Unix-like operating systems\n\n* Dynamic library (`.dylib`) commonly used on macOS', + type: 'group', + fields: [ + { + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, }, { - name: 'mode', + name: 'code_signature.status', level: 'extended', type: 'keyword', - example: 416, - description: 'Mode of the file in octal representation.', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'size', - level: 'extended', - type: 'long', - format: 'bytes', - description: 'File size in bytes (field is only added when `type` is `file`).', + name: 'code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'mtime', + name: 'code_signature.trusted', level: 'extended', - type: 'date', - description: 'Last time file content was modified.', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, }, { - name: 'ctime', + name: 'code_signature.valid', level: 'extended', - type: 'date', - description: 'Last time file metadata changed.', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, - ], - }, - { - name: 'group', - title: 'Group', - group: 2, - description: - 'The group fields are meant to represent groups that are relevant to the event.', - type: 'group', - fields: [ { - name: 'id', + name: 'hash.md5', level: 'extended', type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', + ignore_above: 1024, + description: 'MD5 hash.', + default_field: false, }, { - name: 'name', + name: 'hash.sha1', level: 'extended', type: 'keyword', - description: 'Name of the group.', + ignore_above: 1024, + description: 'SHA1 hash.', + default_field: false, }, - ], - }, - { - name: 'host', - title: 'Host', - group: 2, - description: - 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.', - type: 'group', - fields: [ { - name: 'hostname', - level: 'core', + name: 'hash.sha256', + level: 'extended', type: 'keyword', - description: - 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.', + ignore_above: 1024, + description: 'SHA256 hash.', + default_field: false, }, { - name: 'name', - level: 'core', + name: 'hash.sha512', + level: 'extended', type: 'keyword', - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', + ignore_above: 1024, + description: 'SHA512 hash.', + default_field: false, }, { - name: 'id', + name: 'name', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.', + 'Name of the library.\n\nThis generally maps to the name of the file on disk.', + example: 'kernel32.dll', + default_field: false, }, { - name: 'ip', - level: 'core', - type: 'ip', - description: 'Host ip address.', + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Full file path of the library.', + example: 'C:\\Windows\\System32\\kernel32.dll', + default_field: false, }, { - name: 'mac', - level: 'core', + name: 'pe.company', + level: 'extended', type: 'keyword', - description: 'Host mac address.', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'type', - level: 'core', + name: 'pe.description', + level: 'extended', type: 'keyword', - description: - 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, }, { - name: 'architecture', - level: 'core', + name: 'pe.file_version', + level: 'extended', type: 'keyword', - example: 'x86_64', - description: 'Operating system architecture.', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, }, { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, - { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', - }, - ], + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, }, ], }, { - name: 'http', - title: 'HTTP', + name: 'dns', + title: 'DNS', group: 2, - description: 'Fields related to HTTP activity.', + description: + 'Fields describing DNS queries and answers.\n\nDNS events should either represent a single DNS query prior to getting answers\n(`dns.type:query`) or they should represent a full exchange and contain the\nquery details as well as all of the answers that were provided for this query\n(`dns.type:answer`).', type: 'group', fields: [ { - name: 'request.method', + name: 'answers', level: 'extended', - type: 'keyword', + type: 'object', + object_type: 'keyword', description: - 'Http request method. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'get, post, put', + 'An array containing an object for each answer section returned\nby the server.\n\nThe main keys that should be present in these objects are defined by ECS.\nRecords that have more information may contain more keys than what ECS defines.\n\nNot all DNS data sources give all details about DNS answers. At minimum, answer\nobjects must contain the `data` key. If more information is available, map\nas much of it to ECS as possible, and add any additional fields to the answer\nobjects as custom fields.', }, { - name: 'request.body.content', + name: 'answers.class', level: 'extended', type: 'keyword', - description: 'The full http request body.', - example: 'Hello world', + ignore_above: 1024, + description: 'The class of DNS data contained in this resource record.', + example: 'IN', }, { - name: 'request.referrer', + name: 'answers.data', level: 'extended', type: 'keyword', - description: 'Referrer for this HTTP request.', - example: 'https://blog.example.com/', + ignore_above: 1024, + description: + 'The data describing the resource.\n\nThe meaning of this data depends on the type and class of the resource record.', + example: '10.10.10.10', }, { - name: 'response.status_code', + name: 'answers.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The domain name to which this resource record pertains.\n\nIf a chain of CNAME is being resolved, each answer `name` should be the\none that corresponds with the answer `data`. It should not simply be the\noriginal `question.name` repeated.', + example: 'www.google.com', + }, + { + name: 'answers.ttl', level: 'extended', type: 'long', - description: 'Http response status code.', - example: 404, + description: + 'The time interval in seconds that this resource record may be cached\nbefore it should be discarded. Zero values mean that the data should not be\ncached.', + example: 180, }, { - name: 'response.body.content', + name: 'answers.type', level: 'extended', type: 'keyword', - description: 'The full http response body.', - example: 'Hello world', + ignore_above: 1024, + description: 'The type of data contained in this resource record.', + example: 'CNAME', }, { - name: 'version', + name: 'header_flags', level: 'extended', type: 'keyword', - description: 'Http version.', - example: 1.1, + ignore_above: 1024, + description: + 'Array of 2 letter DNS header flags.\n\nExpected values are: AA, TC, RD, RA, AD, CD, DO.', + example: ['RD', 'RA'], }, { - name: 'request.bytes', + name: 'id', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Total size in bytes of the request (body and headers).', - example: 1437, + type: 'keyword', + ignore_above: 1024, + description: + 'The DNS packet identifier assigned by the program that generated\nthe query. The identifier is copied to the response.', + example: 62111, }, { - name: 'request.body.bytes', + name: 'op_code', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Size in bytes of the request body.', - example: 887, + type: 'keyword', + ignore_above: 1024, + description: + 'The DNS operation code that specifies the kind of query in the\nmessage. This value is set by the originator of a query and copied into the\nresponse.', + example: 'QUERY', }, { - name: 'response.bytes', + name: 'question.class', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Total size in bytes of the response (body and headers).', - example: 1437, + type: 'keyword', + ignore_above: 1024, + description: 'The class of records being queried.', + example: 'IN', }, { - name: 'response.body.bytes', + name: 'question.name', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Size in bytes of the response body.', - example: 887, + type: 'keyword', + ignore_above: 1024, + description: + 'The name being queried.\n\nIf the name field contains non-printable characters (below 32 or above 126),\nthose characters should be represented as escaped base 10 integers (\\DDD).\nBack slashes and quotes should be escaped. Tabs, carriage returns, and line\nfeeds should be converted to \\t, \\r, and \\n respectively.', + example: 'www.google.com', + }, + { + name: 'question.registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'question.subdomain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The subdomain is all of the labels under the registered_domain.\n\nIf the domain has multiple levels of subdomain, such as "sub2.sub1.example.com",\nthe subdomain field should contain "sub2.sub1", with no trailing period.', + example: 'www', + }, + { + name: 'question.top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'question.type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The type of record being queried.', + example: 'AAAA', + }, + { + name: 'resolved_ip', + level: 'extended', + type: 'ip', + description: + 'Array containing all IPs seen in `answers.data`.\n\nThe `answers` array can be difficult to use, because of the variety of data\nformats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip`\nmakes it possible to index them as IP addresses, and makes them easier to\nvisualize and query for.', + example: ['10.10.10.10', '10.10.10.11'], + }, + { + name: 'response_code', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The DNS response code.', + example: 'NOERROR', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of DNS event captured, query or answer.\n\nIf your source of DNS events only gives you DNS queries, you should only create\ndns events of type `dns.type:query`.\n\nIf your source of DNS events gives you answers as well, you should create\none event per query (optionally as soon as the query is seen). And a second\nevent containing all query details as well as an array of answers.', + example: 'answer', }, ], }, { - name: 'log', - title: 'Log', - description: 'Fields which are specific to log events.', + name: 'ecs', + title: 'ECS', + group: 2, + description: 'Meta-information specific to ECS.', type: 'group', fields: [ { - name: 'level', + name: 'version', + level: 'core', + required: true, + type: 'keyword', + ignore_above: 1024, + description: + 'ECS version this event conforms to. `ecs.version` is a required\nfield and must exist in all events.\n\nWhen querying across multiple indices -- which may conform to slightly different\nECS versions -- this field lets integrations adjust to the schema version\nof the events.', + example: '1.0.0', + }, + ], + }, + { + name: 'error', + title: 'Error', + group: 2, + description: + 'These fields can represent errors of any kind.\n\nUse them for errors that happen while fetching events or in cases where the\nevent itself contains an error.', + type: 'group', + fields: [ + { + name: 'code', level: 'core', type: 'keyword', - description: 'Log level of the log event. Some examples are `WARN`, `ERR`, `INFO`.', - example: 'ERR', + ignore_above: 1024, + description: 'Error code describing the error.', }, { - name: 'original', + name: 'id', level: 'core', type: 'keyword', - example: 'Sep 19 08:26:10 localhost My log', - index: false, - doc_values: false, - description: - " This is the original log message and contains the full log message before splitting it up in multiple parts. In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. ", + ignore_above: 1024, + description: 'Unique identifier for the error.', + }, + { + name: 'message', + level: 'core', + type: 'text', + description: 'Error message.', + }, + { + name: 'stack_trace', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The stack trace of this error in plain text.', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The type of the error, for example the class name of the exception.', + example: 'java.lang.NullPointerException', }, ], }, { - name: 'network', - title: 'Network', + name: 'event', + title: 'Event', group: 2, description: - 'The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event.', + 'The event fields are used for context information about the log\nor metric event itself.\n\nA log is defined as an event containing details of something that happened.\nLog events must include the time at which the thing happened. Examples of log\nevents include a process starting on a host, a network packet being sent from\na source to a destination, or a network connection between a client and a server\nbeing initiated or closed. A metric is defined as an event containing one or\nmore numerical measurements and the time at which the measurement was taken.\nExamples of metric events include memory pressure measured on a host and device\ntemperature. See the `event.kind` definition in this section for additional\ndetails about metric and state events.', type: 'group', fields: [ { - name: 'name', - level: 'extended', + name: 'action', + level: 'core', type: 'keyword', - description: 'Name given by operators to sections of their network.', - example: 'Guest Wifi', + ignore_above: 1024, + description: + 'The action captured by the event.\n\nThis describes the information in the event. It is more specific than `event.category`.\nExamples are `group-add`, `process-started`, `file-created`. The value is\nnormally defined by the implementer.', + example: 'user-password-change', }, { - name: 'type', + name: 'category', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'ipv4', + 'This is one of four ECS Categorization Fields, and indicates the\nsecond level in the ECS category hierarchy.\n\n`event.category` represents the "big buckets" of ECS categories. For example,\nfiltering on `event.category:process` yields all events relating to process\nactivity. This field is closely related to `event.type`, which is used as\na subcategory.\n\nThis field is an array. This will allow proper categorization of some events\nthat fall in multiple categories.', + example: 'authentication', }, { - name: 'iana_number', + name: 'code', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number.', - example: 6, + 'Identification code for this event, if one exists.\n\nSome event sources use event codes to identify messages unambiguously, regardless\nof message language or wording adjustments over time. An example of this is\nthe Windows Event ID.', + example: 4648, }, { - name: 'transport', + name: 'created', + level: 'core', + type: 'date', + description: + 'event.created contains the date/time when the event was first\nread by an agent, or by your pipeline.\n\nThis field is distinct from @timestamp in that @timestamp typically contain\nthe time extracted from the original event.\n\nIn most situations, these two timestamps will be slightly different. The difference\ncan be used to calculate the delay between your source generating an event,\nand the time when your agent first processed it. This can be used to monitor\nyour agent or pipeline ability to keep up with your event source.\n\nIn case the two timestamps are identical, @timestamp should be used.', + example: '2016-05-23T08:05:34.857Z', + }, + { + name: 'dataset', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'tcp', + 'Name of the dataset.\n\nIf an event source publishes more than one type of log or events (e.g. access\nlog, error log), the dataset is used to specify which one the event comes\nfrom.\n\nIt is recommended but not required to start the dataset name with the module\nname, followed by a dot, then the dataset name.', + example: 'apache.access', }, { - name: 'application', + name: 'duration', + level: 'core', + type: 'long', + format: 'duration', + input_format: 'nanoseconds', + output_format: 'asMilliseconds', + output_precision: 1, + description: + 'Duration of the event in nanoseconds.\n\nIf event.start and event.end are known this value should be the difference\nbetween the end and start time.', + }, + { + name: 'end', + level: 'extended', + type: 'date', + description: + 'event.end contains the date when the event ended or when the activity\nwas last observed.', + }, + { + name: 'hash', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'aim', + 'Hash (perhaps logstash fingerprint) of raw field to be able to\ndemonstrate log integrity.', + example: '123456789012345678901234567890ABCD', }, { - name: 'protocol', + name: 'id', level: 'core', type: 'keyword', + ignore_above: 1024, + description: 'Unique ID to describe the event.', + example: '8a4f500d', + }, + { + name: 'ingested', + level: 'core', + type: 'date', description: - 'L7 Network protocol name. ex. http, lumberjack, transport protocol. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'http', + 'Timestamp when an event arrived in the central data store.\n\nThis is different from `@timestamp`, which is when the event originally occurred. It is\nalso different from `event.created`, which is meant to capture the first time\nan agent saw the event.\n\nIn normal conditions, assuming no tampering, the timestamps should chronologically\nlook like this: `@timestamp` < `event.created` < `event.ingested`.', + example: '2016-05-23T08:05:35.101Z', + default_field: false, }, { - name: 'direction', + name: 'kind', level: 'core', type: 'keyword', + ignore_above: 1024, description: - "Direction of the network traffic. Recommended values are: * inbound * outbound * internal * external * unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view. When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. ", - example: 'inbound', + 'This is one of four ECS Categorization Fields, and indicates the\nhighest level in the ECS category hierarchy.\n\n`event.kind` gives high-level information about what type of information the\nevent contains, without being specific to the contents of the event. For example,\nvalues of this field distinguish alert events from metric events.\n\nThe value of this field can be used to inform how these kinds of events should\nbe handled. They may warrant different retention, different access control,\nit may also help understand whether the data coming in at a regular interval\nor not.', + example: 'alert', }, { - name: 'forwarded_ip', + name: 'module', level: 'core', - type: 'ip', - description: 'Host IP address when the source IP address is the proxy.', - example: '192.1.1.2', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the module this data is coming from.\n\nIf your monitoring agent supports the concept of modules or plugins to process\nevents of a given source (e.g. Apache logs), `event.module` should contain\nthe name of this module.', + example: 'apache', }, { - name: 'community_id', + name: 'original', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Raw text message of entire event. Used to demonstrate log integrity.\n\nThis field is not indexed and doc_values are disabled. It cannot be searched,\nbut it can be retrieved from `_source`.', + example: + 'Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100|\nworm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232', + }, + { + name: 'outcome', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nlowest level in the ECS category hierarchy.\n\n`event.outcome` simply denotes whether the event represents a success or a\nfailure from the perspective of the entity that produced the event.\n\nNote that when a single transaction is described in multiple events, each\nevent may populate different values of `event.outcome`, according to their\nperspective.\n\nAlso note that in the case of a compound event (a single event that contains\nmultiple logical events), this field should be populated with the value that\nbest captures the overall success or failure from the perspective of the event\nproducer.\n\nFurther note that not all events will have an associated outcome. For example,\nthis field is generally not populated for metric events, events with `event.type:info`,\nor any events for which an outcome does not make logical sense.', + example: 'success', + }, + { + name: 'provider', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec.', - example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=', + 'Source of the event.\n\nEvent transports such as Syslog or the Windows Event Log typically mention\nthe source of an event. It can be the name of the software that generated\nthe event (e.g. Sysmon, httpd), or of a subsystem of the operating system\n(kernel, Microsoft-Windows-Security-Auditing).', + example: 'kernel', }, { - name: 'bytes', + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Reference URL linking to additional information about this event.\n\nThis URL links to a static definition of the this event. Alert events, indicated\nby `event.kind:alert`, are a common use case for this field.', + example: 'https://system.vendor.com/event/#0001234', + default_field: false, + }, + { + name: 'risk_score', level: 'core', + type: 'float', + description: + "Risk score or priority of the event (e.g. security solutions).\nUse your system's original value here.", + }, + { + name: 'risk_score_norm', + level: 'extended', + type: 'float', + description: + 'Normalized risk score or priority of the event, on a scale of\n0 to 100.\n\nThis is mainly useful if you use more than one system that assigns risk scores,\nand you want to see a normalized value across all systems.', + }, + { + name: 'sequence', + level: 'extended', type: 'long', - format: 'bytes', + format: 'string', description: - 'Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum.', - example: 368, + 'Sequence number of the event.\n\nThe sequence number is a value published by some event sources, to make the\nexact ordering of events unambiguous, regardless of the timestamp precision.', }, { - name: 'packets', + name: 'severity', level: 'core', type: 'long', + format: 'string', description: - 'Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum.', - example: 24, + 'The numeric severity of the event according to your event source.\n\nWhat the different severity values mean can be different between sources and\nuse cases. It is up to the implementer to make sure severities are consistent\nacross events from the same source.\n\nThe Syslog severity belongs in `log.syslog.severity.code`. `event.severity`\nis meant to represent the severity according to the event source (e.g. firewall,\nIDS). If the event source does not publish its own severity, you may optionally\ncopy the `log.syslog.severity.code` to `event.severity`.', + example: 7, + }, + { + name: 'start', + level: 'extended', + type: 'date', + description: + 'event.start contains the date when the event started or when the\nactivity was first observed.', + }, + { + name: 'timezone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'This field should be populated when the event timestamp does\nnot include timezone information already (e.g. default Syslog timestamps).\nIt is optional otherwise.\n\nAcceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"),\nabbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00").', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nthird level in the ECS category hierarchy.\n\n`event.type` represents a categorization "sub-bucket" that, when used along\nwith the `event.category` field values, enables filtering events down to a\nlevel appropriate for single visualization.\n\nThis field is an array. This will allow proper categorization of some events\nthat fall in multiple event types.', + }, + { + name: 'url', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'URL linking to an external system to continue investigation of\nthis event.\n\nThis URL links to another system where in-depth investigation of the specific\noccurence of this event can take place. Alert events, indicated by `event.kind:alert`,\nare a common use case for this field.', + example: 'https://mysystem.mydomain.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe', + default_field: false, }, ], }, { - name: 'observer', - title: 'Observer', + name: 'file', + title: 'File', group: 2, description: - 'An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS.', + 'A file is defined as a set of information that has been created\non, or has existed on a filesystem.\n\nFile objects can be associated with host events, network events, and/or file\nevents (e.g., those produced by File Integrity Monitoring [FIM] products or\nservices). File fields provide details about the affected file associated with\nthe event or metric.', type: 'group', fields: [ { - name: 'mac', - level: 'core', - type: 'keyword', - description: 'MAC address of the observer', + name: 'accessed', + level: 'extended', + type: 'date', + description: + 'Last time the file was accessed.\n\nNote that not all filesystems keep track of access time.', }, { - name: 'ip', - level: 'core', - type: 'ip', - description: 'IP address of the observer.', + name: 'attributes', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of file attributes.\n\nAttributes names will vary by platform. Here is a non-exhaustive list of values\nthat are expected in this field: archive, compressed, directory, encrypted,\nexecute, hidden, read, readonly, system, write.', + example: '["readonly", "system"]', + default_field: false, }, { - name: 'hostname', + name: 'code_signature.exists', level: 'core', - type: 'keyword', - description: 'Hostname of the observer.', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, }, { - name: 'vendor', - level: 'core', + name: 'code_signature.status', + level: 'extended', type: 'keyword', - description: 'observer vendor information.', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'version', + name: 'code_signature.subject_name', level: 'core', type: 'keyword', - description: 'Observer version.', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'serial_number', + name: 'code_signature.trusted', level: 'extended', - type: 'keyword', - description: 'Observer serial number.', - }, - { - name: 'type', - level: 'core', - type: 'keyword', + type: 'boolean', description: - 'The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`.', - example: 'firewall', + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, }, { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, - { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', - }, - ], + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, { - name: 'geo', - title: 'Geo', - group: 2, + name: 'created', + level: 'extended', + type: 'date', description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + 'File creation time.\n\nNote that not all filesystems store the creation time.', }, - ], - }, - { - name: 'organization', - title: 'Organization', - group: 2, - description: - 'The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations.', - type: 'group', - fields: [ { - name: 'name', + name: 'ctime', + level: 'extended', + type: 'date', + description: + 'Last time the file attributes or metadata changed.\n\nNote that changes to the file content will update `mtime`. This implies `ctime`\nwill be adjusted at the same time, since `mtime` is an attribute of the file.', + }, + { + name: 'device', level: 'extended', type: 'keyword', - description: 'Organization name.', + ignore_above: 1024, + description: 'Device that is the source of the file.', + example: 'sda', }, { - name: 'id', + name: 'directory', level: 'extended', type: 'keyword', - description: 'Unique identifier for the organization.', + ignore_above: 1024, + description: + 'Directory where the file is located. It should include the drive\nletter, when appropriate.', + example: '/home/alice', }, - ], - }, - { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ { - name: 'platform', + name: 'drive_letter', level: 'extended', type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', + ignore_above: 1, + description: + 'Drive letter where the file is located. This field is only relevant\non Windows.\n\nThe value should be uppercase, and not include the colon.', + example: 'C', + default_field: false, }, { - name: 'name', + name: 'extension', level: 'extended', type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', + ignore_above: 1024, + description: 'File extension.', + example: 'png', }, { - name: 'full', + name: 'gid', level: 'extended', type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', + ignore_above: 1024, + description: 'Primary group ID (GID) of the file.', + example: '1001', }, { - name: 'family', + name: 'group', level: 'extended', type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', + ignore_above: 1024, + description: 'Primary group name of the file.', + example: 'alice', }, { - name: 'version', + name: 'hash.md5', level: 'extended', type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', + ignore_above: 1024, + description: 'MD5 hash.', }, { - name: 'kernel', + name: 'hash.sha1', level: 'extended', type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', + ignore_above: 1024, + description: 'SHA1 hash.', }, - ], - }, - { - name: 'process', - title: 'Process', - group: 2, - description: - 'These fields contain information about a process. These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation.', - type: 'group', - fields: [ { - name: 'pid', - level: 'core', - type: 'long', - description: 'Process id.', - example: 'ssh', + name: 'hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', }, { - name: 'name', + name: 'hash.sha512', level: 'extended', type: 'keyword', - description: 'Process name. Sometimes called program name or similar.', - example: 'ssh', + ignore_above: 1024, + description: 'SHA512 hash.', }, { - name: 'ppid', + name: 'inode', level: 'extended', - type: 'long', - description: 'Process parent id.', + type: 'keyword', + ignore_above: 1024, + description: 'Inode representing the file in the filesystem.', + example: '256383', }, { - name: 'args', + name: 'mime_type', level: 'extended', type: 'keyword', - description: 'Process arguments. May be filtered to protect sensitive information.', - example: ['ssh', '-l', 'user', '10.0.0.16'], + ignore_above: 1024, + description: + 'MIME type should identify the format of the file or stream of bytes\nusing https://www.iana.org/assignments/media-types/media-types.xhtml[IANA\nofficial types], where possible. When more than one type is applicable, the\nmost specific type should be used.', + default_field: false, }, { - name: 'executable', + name: 'mode', level: 'extended', type: 'keyword', - description: 'Absolute path to the process executable.', - example: '/usr/bin/ssh', + ignore_above: 1024, + description: 'Mode of the file in octal representation.', + example: '0640', }, { - name: 'title', + name: 'mtime', + level: 'extended', + type: 'date', + description: 'Last time the file content was modified.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the file including the extension, without the directory.', + example: 'example.png', + }, + { + name: 'owner', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: "File owner's username.", + example: 'alice', + }, + { + name: 'path', level: 'extended', type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], description: - 'Process title. The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened.', + 'Full path to the file, including the file name. It should include\nthe drive letter, when appropriate.', + example: '/home/alice/example.png', }, { - name: 'thread.id', + name: 'pe.company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'pe.description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'pe.file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + { + name: 'size', level: 'extended', type: 'long', - example: 4242, - description: 'Thread ID.', + description: 'File size in bytes.\n\nOnly relevant when `file.type` is "file".', + example: 16384, }, { - name: 'start', + name: 'target_path', level: 'extended', - type: 'date', - example: '2016-05-23T08:05:34.853Z', - description: 'The time the process started.', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Target path for symlinks.', }, { - name: 'working_directory', + name: 'type', level: 'extended', type: 'keyword', - example: '/home/alice', - description: 'The working directory of the process.', + ignore_above: 1024, + description: 'File type (file, dir, or symlink).', + example: 'file', }, - ], - }, - { - name: 'related', - title: 'Related', - group: 2, - description: - 'This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`.', - type: 'group', - fields: [ { - name: 'ip', + name: 'uid', level: 'extended', - type: 'ip', - description: 'All of the IPs seen on your event.', + type: 'keyword', + ignore_above: 1024, + description: 'The user ID (UID) or security identifier (SID) of the file owner.', + example: '1001', }, ], }, { - name: 'server', - title: 'Server', + name: 'geo', + title: 'Geo', group: 2, description: - 'A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', + 'Geo fields can carry data about a specific location related to an\nevent.\n\nThis geolocation information can be derived from techniques such as Geo IP,\nor be user-supplied.', type: 'group', fields: [ { - name: 'address', - level: 'extended', + name: 'city_name', + level: 'core', type: 'keyword', - description: - 'Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'ip', + name: 'continent_name', level: 'core', - type: 'ip', - description: 'IP address of the server. Can be one or multiple IPv4 or IPv6 addresses.', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'port', + name: 'country_iso_code', level: 'core', - type: 'long', - description: 'Port of the server.', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'mac', + name: 'country_name', level: 'core', type: 'keyword', - description: 'MAC address of the server.', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'domain', + name: 'location', level: 'core', - type: 'keyword', - description: 'Server domain.', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'bytes', - level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the server to the client.', + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'packets', + name: 'region_iso_code', level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the server to the client.', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + name: 'region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, ], }, { - name: 'service', - title: 'Service', + name: 'group', + title: 'Group', group: 2, description: - 'The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version.', + 'The group fields are meant to represent groups that are relevant\nto the event.', type: 'group', fields: [ { - name: 'id', - level: 'core', + name: 'domain', + level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Unique identifier of the running service. This id should uniquely identify this service. This makes it possible to correlate logs and metrics for one specific service. Example: If you are experiencing issues with one redis instance, you can filter on that id to see metrics and logs for that single instance.', - example: 'd37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6', + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { name: 'name', - level: 'core', + level: 'extended', type: 'keyword', - example: 'elasticsearch-metrics', - description: - 'Name of the service data is collected from. The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified.', + ignore_above: 1024, + description: 'Name of the group.', }, + ], + }, + { + name: 'hash', + title: 'Hash', + group: 2, + description: + 'The hash fields represent different hash algorithms and their values.\n\nField names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for\nother hashes by lowercasing the hash algorithm name and using underscore separators\nas appropriate (snake case, e.g. sha3_512).', + type: 'group', + fields: [ { - name: 'type', - level: 'core', + name: 'md5', + level: 'extended', type: 'keyword', - example: 'elasticsearch', - description: - 'The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`.', + ignore_above: 1024, + description: 'MD5 hash.', }, { - name: 'state', - level: 'core', + name: 'sha1', + level: 'extended', type: 'keyword', - description: 'Current state of the service.', + ignore_above: 1024, + description: 'SHA1 hash.', }, { - name: 'version', - level: 'core', + name: 'sha256', + level: 'extended', type: 'keyword', - example: '3.2.4', - description: - 'Version of the service the data was collected from. This allows to look at a data set only for a specific version of a service.', + ignore_above: 1024, + description: 'SHA256 hash.', }, { - name: 'ephemeral_id', + name: 'sha512', level: 'extended', type: 'keyword', - description: - 'Ephemeral identifier of this service (if one exists). This id normally changes across restarts, but `service.id` does not.', - example: '8a4f500f', + ignore_above: 1024, + description: 'SHA512 hash.', }, ], }, { - name: 'source', - title: 'Source', + name: 'host', + title: 'Host', group: 2, description: - 'Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields.', + 'A host is defined as a general computing instance.\n\nECS host.* fields should be populated with details about the host on which the\nevent happened, or from which the measurement was taken. Host types include\nhardware, virtual machines, Docker containers, and Kubernetes nodes.', type: 'group', fields: [ { - name: 'address', + name: 'architecture', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system architecture.', + example: 'x86_64', + }, + { + name: 'domain', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Name of the domain of which the host is a member.\n\nFor example, on Windows this could be the host Active Directory domain\nor NetBIOS domain name. For Linux this could be the domain of the host\nLDAP provider.', + example: 'CONTOSO', + default_field: false, }, { - name: 'ip', + name: 'geo.city_name', level: 'core', - type: 'ip', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'port', + name: 'geo.continent_name', level: 'core', - type: 'long', - description: 'Port of the source.', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'mac', + name: 'geo.country_iso_code', level: 'core', type: 'keyword', - description: 'MAC address of the source.', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'domain', + name: 'geo.country_name', level: 'core', type: 'keyword', - description: 'Source domain.', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'bytes', + name: 'geo.location', level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the source to the destination.', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'packets', + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the source to the destination.', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, - ], - }, - { - name: 'url', - title: 'URL', - description: 'URL fields provide a complete URL, with scheme, host, and path.', - type: 'group', - fields: [ { - name: 'original', - level: 'extended', + name: 'hostname', + level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not.', - example: - 'https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch', + 'Hostname of the host.\n\nIt normally contains what the `hostname` command returns on the host machine.', }, { - name: 'full', - level: 'extended', + name: 'id', + level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source.', - example: 'https://www.elastic.co:443/search?q=elasticsearch#top', + 'Unique host id.\n\nAs hostname is not always unique, use values that are meaningful in your environment.\n\nExample: The current usage of `beat.name`.', }, { - name: 'scheme', - level: 'extended', + name: 'ip', + level: 'core', + type: 'ip', + description: 'Host ip addresses.', + }, + { + name: 'mac', + level: 'core', type: 'keyword', - description: - 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.', - example: 'https', + ignore_above: 1024, + description: 'Host mac addresses.', }, { - name: 'domain', - level: 'extended', + name: 'name', + level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Domain of the request, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.', - example: 'www.elastic.co', + 'Name of the host.\n\nIt can contain what `hostname` returns on Unix systems, the fully qualified\ndomain name, or a name specified by the user. The sender decides which value\nto use.', }, { - name: 'port', + name: 'os.family', level: 'extended', - type: 'integer', - description: 'Port of the request, such as 443.', - example: 443, + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', }, { - name: 'path', + name: 'os.full', level: 'extended', type: 'keyword', - description: 'Path of the request, such as "/search".', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', }, { - name: 'query', + name: 'os.kernel', level: 'extended', type: 'keyword', - description: - 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', }, { - name: 'fragment', + name: 'os.name', level: 'extended', type: 'keyword', - description: - 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', }, { - name: 'username', + name: 'os.platform', level: 'extended', type: 'keyword', - description: 'Username of the request.', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', }, { - name: 'password', + name: 'os.version', level: 'extended', type: 'keyword', - description: 'Password of the request.', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', }, - ], - }, - { - name: 'user', - title: 'User', - group: 2, - description: - 'The user fields describe information about the user that is relevant to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them.', - reusable: { - top_level: true, - expected: ['client', 'destination', 'host', 'server', 'source'], - }, - type: 'group', - fields: [ { - name: 'id', + name: 'type', level: 'core', type: 'keyword', - description: 'One or multiple unique identifiers of the user.', + ignore_above: 1024, + description: + 'Type of host.\n\nFor Cloud providers this can be the machine type like `t2.medium`. If vm,\nthis could be the container, for example, or other information meaningful\nin your environment.', }, { - name: 'name', - level: 'core', - type: 'keyword', - example: 'albert', - description: 'Short name or login of the user.', + name: 'uptime', + level: 'extended', + type: 'long', + description: 'Seconds the host has been up.', + example: 1325, }, { - name: 'full_name', + name: 'user.domain', level: 'extended', type: 'keyword', - example: 'Albert Einstein', - description: "User's full name, if available. ", + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'email', + name: 'user.email', level: 'extended', type: 'keyword', + ignore_above: 1024, description: 'User email address.', }, { - name: 'hash', + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used.', + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'group', - title: 'Group', - group: 2, + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'The group fields are meant to represent groups that are relevant to the event.', - type: 'group', - fields: [ - { - name: 'id', - level: 'extended', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'name', - level: 'extended', - type: 'keyword', - description: 'Name of the group.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Short name or login of the user.', + example: 'albert', }, ], }, { - name: 'user_agent', - title: 'User agent', + name: 'http', + title: 'HTTP', group: 2, description: - 'The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string.', + 'Fields related to HTTP activity. Use the `url` field set to store\nthe url of the request.', type: 'group', fields: [ { - name: 'original', + name: 'request.body.bytes', level: 'extended', - type: 'keyword', - description: 'Unparsed version of the user_agent.', - example: - 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1', + type: 'long', + format: 'bytes', + description: 'Size in bytes of the request body.', + example: 887, }, { - name: 'name', + name: 'request.body.content', level: 'extended', type: 'keyword', - example: 'Safari', - description: 'Name of the user agent.', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The full HTTP request body.', + example: 'Hello world', }, { - name: 'version', + name: 'request.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Total size in bytes of the request (body and headers).', + example: 1437, + }, + { + name: 'request.method', level: 'extended', type: 'keyword', - description: 'Version of the user agent.', - example: 12, + ignore_above: 1024, + description: + 'HTTP request method.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'get, post, put', }, { - name: 'device.name', + name: 'request.referrer', level: 'extended', type: 'keyword', - example: 'iPhone', - description: 'Name of the device.', + ignore_above: 1024, + description: 'Referrer for this HTTP request.', + example: 'https://blog.example.com/', }, { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, + name: 'response.body.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Size in bytes of the response body.', + example: 887, + }, + { + name: 'response.body.content', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'The full HTTP response body.', + example: 'Hello world', + }, + { + name: 'response.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Total size in bytes of the response (body and headers).', + example: 1437, + }, + { + name: 'response.status_code', + level: 'extended', + type: 'long', + format: 'string', + description: 'HTTP response status code.', + example: 404, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'HTTP version.', + example: 1.1, }, ], }, { - name: 'agent.hostname', - type: 'keyword', - description: 'Hostname of the agent.', - }, - ], - }, - { - key: 'beat', - title: 'Beat', - description: 'Contains common beat fields available in all event types.', - fields: [ - { - name: 'beat.timezone', - type: 'alias', - path: 'event.timezone', - migration: true, - }, - { - name: 'fields', - type: 'object', - object_type: 'keyword', - description: 'Contains user configurable fields.', - }, - { - name: 'error', + name: 'interface', + title: 'Interface', + group: 2, + description: + 'The interface fields are used to record ingress and egress interface\ninformation when reported by an observer (e.g. firewall, router, load balancer)\nin the context of the observer handling a network connection. In the case of\na single observer interface (e.g. network sensor on a span port) only the observer.ingress\ninformation should be populated.', type: 'group', - description: 'Error fields containing additional info in case of errors.', fields: [ { - name: 'type', + name: 'alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'name', + level: 'extended', type: 'keyword', - description: 'Error type.', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, }, ], }, { - name: 'beat.name', - type: 'alias', - path: 'host.name', - migration: true, - }, - { - name: 'beat.hostname', - type: 'alias', - path: 'agent.hostname', - migration: true, - }, - ], - }, - { - key: 'cloud', - title: 'Cloud provider metadata', - description: 'Metadata from cloud providers added by the add_cloud_metadata processor.', - fields: [ - { - name: 'cloud.project.id', - example: 'project-x', - description: 'Name of the project in Google Cloud.', - }, - { - name: 'meta.cloud.provider', - type: 'alias', - path: 'cloud.provider', - migration: true, - }, - { - name: 'meta.cloud.instance_id', - type: 'alias', - path: 'cloud.instance.id', - migration: true, - }, - { - name: 'meta.cloud.instance_name', - type: 'alias', - path: 'cloud.instance.name', - migration: true, - }, - { - name: 'meta.cloud.machine_type', - type: 'alias', - path: 'cloud.machine.type', - migration: true, - }, - { - name: 'meta.cloud.availability_zone', - type: 'alias', - path: 'cloud.availability_zone', - migration: true, - }, - { - name: 'meta.cloud.project_id', - type: 'alias', - path: 'cloud.project.id', - migration: true, - }, - { - name: 'meta.cloud.region', - type: 'alias', - path: 'cloud.region', - migration: true, - }, - ], - }, - { - key: 'docker', - title: 'Docker', - description: 'Docker stats collected from Docker.', - short_config: false, - anchor: 'docker-processor', - fields: [ - { - name: 'docker', + name: 'log', + title: 'Log', + group: 2, + description: + 'Details about the event logging mechanism or logging transport.\n\nThe log.* fields are typically populated with details about the logging mechanism\nused to create and/or transport the event. For example, syslog details belong\nunder `log.syslog.*`.\n\nThe details specific to your event source are typically not logged under `log.*`,\nbut rather in `event.*` or in other ECS fields.', type: 'group', fields: [ { - name: 'container.id', - type: 'alias', - path: 'container.id', - migration: true, + name: 'level', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Original log level of the log event.\n\nIf the source of the event provides a log level or textual severity, this\nis the one that goes in `log.level`. If your source does not specify one,\nyou may put your event transport severity here (e.g. Syslog severity).\n\nSome examples are `warn`, `err`, `i`, `informational`.', + example: 'error', }, { - name: 'container.image', - type: 'alias', - path: 'container.image.name', - migration: true, + name: 'logger', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The name of the logger inside an application. This is usually the\nname of the class which initialized the logger, or can be a custom name.', + example: 'org.elasticsearch.bootstrap.Bootstrap', }, { - name: 'container.name', - type: 'alias', - path: 'container.name', - migration: true, + name: 'origin.file.line', + level: 'extended', + type: 'integer', + description: + 'The line number of the file containing the source code which originated\nthe log event.', + example: 42, }, { - name: 'container.labels', + name: 'origin.file.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The name of the file containing the source code which originated\nthe log event. Note that this is not the name of the log file.', + example: 'Bootstrap.java', + }, + { + name: 'origin.function', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the function or method which originated the log event.', + example: 'init', + }, + { + name: 'original', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is the original log message and contains the full log message\nbefore splitting it up in multiple parts.\n\nIn contrast to the `message` field which can contain an extracted part of\nthe log message, this field contains the original, full log message. It can\nhave already some modifications applied like encoding or new lines removed\nto clean up the log message.\n\nThis field is not indexed and doc_values are disabled so it cannot be queried\nbut the value can be retrieved from `_source`.', + example: 'Sep 19 08:26:10 localhost My log', + }, + { + name: 'syslog', + level: 'extended', type: 'object', object_type: 'keyword', - description: 'Image labels.', + description: + 'The Syslog metadata of the event, if the event was transmitted\nvia Syslog. Please see RFCs 5424 or 3164.', + }, + { + name: 'syslog.facility.code', + level: 'extended', + type: 'long', + format: 'string', + description: + 'The Syslog numeric facility of the log event, if available.\n\nAccording to RFCs 5424 and 3164, this value should be an integer between 0\nand 23.', + example: 23, + }, + { + name: 'syslog.facility.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The Syslog text-based facility of the log event, if available.', + example: 'local7', + }, + { + name: 'syslog.priority', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Syslog numeric priority of the event, if available.\n\nAccording to RFCs 5424 and 3164, the priority is 8 * facility + severity.\nThis number is therefore expected to contain a value between 0 and 191.', + example: 135, + }, + { + name: 'syslog.severity.code', + level: 'extended', + type: 'long', + description: + 'The Syslog numeric severity of the log event, if available.\n\nIf the event source publishing via Syslog provides a different numeric severity\nvalue (e.g. firewall, IDS), your source numeric severity should go to `event.severity`.\nIf the event source does not specify a distinct severity, you can optionally\ncopy the Syslog severity to `event.severity`.', + example: 3, + }, + { + name: 'syslog.severity.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The Syslog numeric severity of the log event, if available.\n\nIf the event source publishing via Syslog provides a different severity value\n(e.g. firewall, IDS), your source text severity should go to `log.level`.\nIf the event source does not specify a distinct severity, you can optionally\ncopy the Syslog severity to `log.level`.', + example: 'Error', }, ], }, - ], - }, - { - key: 'host', - title: 'Host', - description: 'Info collected for the host machine.', - anchor: 'host-processor', - }, - { - key: 'kubernetes', - title: 'Kubernetes', - description: 'Kubernetes metadata added by the kubernetes processor', - short_config: false, - anchor: 'kubernetes-processor', - fields: [ { - name: 'kubernetes', + name: 'network', + title: 'Network', + group: 2, + description: + 'The network is defined as the communication path over which a host\nor network event happens.\n\nThe network.* fields should be populated with details about the network activity\nassociated with an event.', type: 'group', fields: [ { - name: 'pod.name', + name: 'application', + level: 'extended', type: 'keyword', - description: 'Kubernetes pod name', + ignore_above: 1024, + description: + 'A name given to an application level protocol. This can be arbitrarily\nassigned for things like microservices, but also apply to things like skype,\nicq, facebook, twitter. This would be used in situations where the vendor\nor service can be decoded such as from the source/dest IP owners, ports, or\nwire format.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'aim', }, { - name: 'pod.uid', + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: + 'Total bytes transferred in both directions.\n\nIf `source.bytes` and `destination.bytes` are known, `network.bytes` is their\nsum.', + example: 368, + }, + { + name: 'community_id', + level: 'extended', type: 'keyword', - description: 'Kubernetes Pod UID', + ignore_above: 1024, + description: + 'A hash of source and destination IPs and ports, as well as the\nprotocol used in a communication. This is a tool-agnostic standard to identify\nflows.\n\nLearn more at https://github.com/corelight/community-id-spec.', + example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=', }, { - name: 'namespace', + name: 'direction', + level: 'core', type: 'keyword', - description: 'Kubernetes namespace', + ignore_above: 1024, + description: + "Direction of the network traffic.\nRecommended values are:\n * inbound\n * outbound\n * internal\n * external\n * unknown\n\nWhen mapping events from a host-based monitoring context, populate this field from the host's point of view.\nWhen mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter.", + example: 'inbound', }, { - name: 'node.name', + name: 'forwarded_ip', + level: 'core', + type: 'ip', + description: 'Host IP address when the source IP address is the proxy.', + example: '192.1.1.2', + }, + { + name: 'iana_number', + level: 'extended', type: 'keyword', - description: 'Kubernetes node name', + ignore_above: 1024, + description: + 'IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).\nStandardized list of protocols. This aligns well with NetFlow and sFlow related\nlogs which use the IANA Protocol Number.', + example: 6, }, { - name: 'labels', + name: 'inner', + level: 'extended', type: 'object', - description: 'Kubernetes labels map', + object_type: 'keyword', + description: + 'Network.inner fields are added in addition to network.vlan fields\nto describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed\nfields include vlan.id and vlan.name. Inner vlan fields are typically used\nwhen sending traffic with multiple 802.1q encapsulations to a network sensor\n(e.g. Zeek, Wireshark.)', + default_field: false, }, { - name: 'annotations', - type: 'object', - description: 'Kubernetes annotations map', + name: 'inner.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, }, { - name: 'container.name', + name: 'inner.vlan.name', + level: 'extended', type: 'keyword', - description: 'Kubernetes container name', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, }, { - name: 'container.image', + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name given by operators to sections of their network.', + example: 'Guest Wifi', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: + 'Total packets transferred in both directions.\n\nIf `source.packets` and `destination.packets` are known, `network.packets`\nis their sum.', + example: 24, + }, + { + name: 'protocol', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'L7 Network protocol name. ex. http, lumberjack, transport protocol.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'http', + }, + { + name: 'transport', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Same as network.iana_number, but instead using the Keyword name\nof the transport layer (udp, tcp, ipv6-icmp, etc.)\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'tcp', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'In the OSI Model this would be the Network Layer. ipv4, ipv6,\nipsec, pim, etc\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'ipv4', + }, + { + name: 'vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'vlan.name', + level: 'extended', type: 'keyword', - description: 'Kubernetes container image', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, }, ], }, - ], - }, - { - key: 'process', - title: 'Process', - description: 'Process metadata fields', - fields: [ { - name: 'process', + name: 'observer', + title: 'Observer', + group: 2, + description: + 'An observer is defined as a special network, security, or application\ndevice used to detect, observe, or create network, security, or application-related\nevents and metrics.\n\nThis could be a custom hardware appliance or a server that has been configured\nto run special network, security, or application software. Examples include\nfirewalls, web proxies, intrusion detection/prevention systems, network monitoring\nsensors, web application firewalls, data loss prevention systems, and APM servers.\nThe observer.* fields shall be populated with details of the system, if any,\nthat detects, observes and/or creates a network, security, or application event\nor metric. Message queues and ETL components used in processing events or metrics\nare not considered observers in ECS.', type: 'group', fields: [ { - name: 'exe', - type: 'alias', - path: 'process.executable', - migration: true, + name: 'egress', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'Observer.egress holds information like interface number and name,\nvlan, and zone information to classify egress traffic. Single armed monitoring\nsuch as a network sensor on a span port should only use observer.ingress\nto categorize traffic.', + default_field: false, }, - ], - }, - ], - }, - { - key: 'log', - title: 'Log file content', - description: 'Contains log file lines.', - fields: [ - { - name: 'log.file.path', - type: 'keyword', - required: false, - description: - 'The file from which the line was read. This field contains the absolute path to the file. For example: `/var/log/system.log`.', - }, - { - name: 'log.source.address', - type: 'keyword', - required: false, - description: 'Source address from which the log event was read / sent from.', - }, - { - name: 'log.offset', - type: 'long', - required: false, - description: 'The file offset the reported line starts at.', - }, - { - name: 'stream', - type: 'keyword', - required: false, - description: "Log stream when reading container logs, can be 'stdout' or 'stderr' ", - }, - { - name: 'input.type', - required: true, - description: - 'The input type from which the event was generated. This field is set to the value specified for the `type` option in the input section of the Filebeat config file.', - }, - { - name: 'event.sequence', - type: 'long', - required: false, - description: 'The sequence number of this event.', - }, - { - name: 'syslog.facility', - type: 'long', - required: false, - description: 'The facility extracted from the priority.', - }, - { - name: 'syslog.priority', - type: 'long', - required: false, - description: 'The priority of the syslog event.', - }, - { - name: 'syslog.severity_label', - type: 'keyword', - required: false, - description: 'The human readable severity.', - }, - { - name: 'syslog.facility_label', - type: 'keyword', - required: false, - description: 'The human readable facility.', - }, - { - name: 'process.program', - type: 'keyword', - required: false, - description: 'The name of the program.', - }, - { - name: 'log.flags', - description: 'This field contains the flags of the event.', - }, - { - name: 'http.response.content_length', - type: 'alias', - path: 'http.response.body.bytes', - migration: true, - }, - { - name: 'user_agent', - type: 'group', - fields: [ { - name: 'os', - type: 'group', - fields: [ + name: 'egress.interface.alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'egress.interface.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'egress.interface.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, + }, + { + name: 'egress.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'egress.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'egress.zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Network zone of outbound traffic as reported by the observer to\ncategorize the destination area of egress traffic, e.g. Internal, External,\nDMZ, HR, Legal, etc.', + example: 'Public_Internet', + default_field: false, + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'hostname', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Hostname of the observer.', + }, + { + name: 'ingress', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'Observer.ingress holds information like interface number and name,\nvlan, and zone information to classify ingress traffic. Single armed monitoring\nsuch as a network sensor on a span port should only use observer.ingress\nto categorize traffic.', + default_field: false, + }, + { + name: 'ingress.interface.alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'ingress.interface.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'ingress.interface.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, + }, + { + name: 'ingress.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'ingress.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'ingress.zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Network zone of incoming traffic as reported by the observer to\ncategorize the source area of ingress traffic. e.g. internal, External, DMZ,\nHR, Legal, etc.', + example: 'DMZ', + default_field: false, + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: 'IP addresses of the observer.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC addresses of the observer', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Custom name of the observer.\n\nThis is a name that can be given to an observer. This can be helpful for example\nif multiple firewalls of the same model are used in an organization.\n\nIf no custom name is needed, the field can be left empty.', + example: '1_proxySG', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'full_name', - type: 'keyword', + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The product name of the observer.', + example: 's200', + }, + { + name: 'serial_number', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Observer serial number.', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of the observer the data is coming from.\n\nThere is no predefined list of observer types. Some examples are `forwarder`,\n`firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`.', + example: 'firewall', + }, + { + name: 'vendor', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Vendor name of the observer.', + example: 'Symantec', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Observer version.', }, ], }, { - name: 'fileset.name', - type: 'keyword', - description: 'The Filebeat fileset that generated this event.', - }, - { - name: 'fileset.module', - type: 'alias', - path: 'event.module', - migration: true, - }, - { - name: 'read_timestamp', - type: 'alias', - path: 'event.created', - migration: true, - }, - ], - }, - { - key: 'apache', - title: 'Apache', - description: 'Apache Module', - short_config: true, - fields: [ - { - name: 'apache2', + name: 'organization', + title: 'Organization', + group: 2, + description: + 'The organization fields enrich data with information about the company\nor entity the data is associated with.\n\nThese fields help you arrange or filter data stored in an index by one or multiple\norganizations.', type: 'group', - description: 'Aliases for backward compatibility with old apache2 fields', fields: [ { - name: 'access', - type: 'group', - fields: [ + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the organization.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'remote_ip', - type: 'alias', - path: 'source.address', - migration: true, - }, - { - name: 'ssl.protocol', - type: 'alias', - path: 'apache.access.ssl.protocol', - migration: true, - }, - { - name: 'ssl.cipher', - type: 'alias', - path: 'apache.access.ssl.cipher', - migration: true, - }, - { - name: 'body_sent.bytes', - type: 'alias', - path: 'http.response.body.bytes', - migration: true, - }, - { - name: 'user_name', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'method', - type: 'alias', - path: 'http.request.method', - migration: true, - }, - { - name: 'url', - type: 'alias', - path: 'url.original', - migration: true, - }, - { - name: 'http_version', - type: 'alias', - path: 'http.version', - migration: true, - }, - { - name: 'response_code', - type: 'alias', - path: 'http.response.status_code', - migration: true, - }, - { - name: 'referrer', - type: 'alias', - path: 'http.request.referrer', - migration: true, - }, - { - name: 'agent', - type: 'alias', - path: 'user_agent.original', - migration: true, - }, - { - name: 'user_agent', - type: 'group', - fields: [ - { - name: 'device', - type: 'alias', - path: 'user_agent.device.name', - migration: true, - }, - { - name: 'name', - type: 'alias', - path: 'user_agent.name', - migration: true, - }, - { - name: 'os', - type: 'alias', - path: 'user_agent.os.full_name', - migration: true, - }, - { - name: 'os_name', - type: 'alias', - path: 'user_agent.os.name', - migration: true, - }, - { - name: 'original', - type: 'alias', - path: 'user_agent.original', - migration: true, - }, - ], - }, - { - name: 'geoip', - type: 'group', - fields: [ - { - name: 'continent_name', - type: 'alias', - path: 'source.geo.continent_name', - migration: true, - }, - { - name: 'country_iso_code', - type: 'alias', - path: 'source.geo.country_iso_code', - migration: true, - }, - { - name: 'location', - type: 'alias', - path: 'source.geo.location', - migration: true, - }, - { - name: 'region_name', - type: 'alias', - path: 'source.geo.region_name', - migration: true, - }, - { - name: 'city_name', - type: 'alias', - path: 'source.geo.city_name', - migration: true, - }, - { - name: 'region_iso_code', - type: 'alias', - path: 'source.geo.region_iso_code', - migration: true, - }, - ], - }, - ], - }, - { - name: 'error', - type: 'group', - fields: [ - { - name: 'level', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - { - name: 'pid', - type: 'alias', - path: 'process.pid', - migration: true, - }, - { - name: 'tid', - type: 'alias', - path: 'process.thread.id', - migration: true, - }, - { - name: 'module', - type: 'alias', - path: 'apache.error.module', - migration: true, + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Organization name.', }, ], }, { - name: 'apache', + name: 'os', + title: 'Operating System', + group: 2, + description: 'The OS fields contain information about the operating system.', type: 'group', - description: 'Apache fields.', fields: [ { - name: 'access', - type: 'group', - description: 'Contains fields for the Apache HTTP Server access logs.', - fields: [ - { - name: 'ssl.protocol', - type: 'keyword', - description: 'SSL protocol version.', - }, + name: 'family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'ssl.cipher', - type: 'keyword', - description: 'SSL cipher name.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', }, { - name: 'error', - type: 'group', - description: 'Fields from the Apache error logs.', - fields: [ + name: 'kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'module', - type: 'keyword', - description: 'The module producing the logged message.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', }, ], }, - ], - }, - { - key: 'auditd', - title: 'Auditd', - description: 'Module for parsing auditd logs.', - short_config: true, - fields: [ { - name: 'user', + name: 'package', + title: 'Package', + group: 2, + description: + 'These fields contain information about an installed software package.\nIt contains general information about a package, such as name, version or size.\nIt also contains installation details, such as time or location.', type: 'group', fields: [ { - name: 'terminal', + name: 'architecture', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package architecture.', + example: 'x86_64', + }, + { + name: 'build_version', + level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Terminal or tty device on which the user is performing the observed activity.', + 'Additional information about the build version of the installed\npackage.\n\nFor example use the commit SHA of a non-released package.', + example: '36f4f7e89dd61b0988b12ee000b98966867710cd', + default_field: false, }, { - name: 'audit', - type: 'group', - fields: [ - { - name: 'id', - type: 'keyword', - description: 'One or multiple unique identifiers of the user.', - }, - { - name: 'name', - type: 'keyword', - example: 'albert', - description: 'Short name or login of the user.', - }, - { - name: 'group.id', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, - { - name: 'group.name', - type: 'keyword', - description: 'Name of the group.', - }, - ], + name: 'checksum', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Checksum of the installed package for verification.', + example: '68b329da9893e34099c7d8ad5cb9c940', }, { - name: 'effective', - type: 'group', - fields: [ - { - name: 'id', - type: 'keyword', - description: 'One or multiple unique identifiers of the user.', - }, - { - name: 'name', - type: 'keyword', - example: 'albert', - description: 'Short name or login of the user.', - }, - { - name: 'group.id', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, - { - name: 'group.name', - type: 'keyword', - description: 'Name of the group.', - }, - ], + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Description of the package.', + example: + 'Open source programming language to build simple/reliable/efficient\nsoftware.', }, { - name: 'filesystem', - type: 'group', - fields: [ - { - name: 'id', - type: 'keyword', - description: 'One or multiple unique identifiers of the user.', - }, - { - name: 'name', - type: 'keyword', - example: 'albert', - description: 'Short name or login of the user.', - }, - { - name: 'group.id', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, - { - name: 'group.name', - type: 'keyword', - description: 'Name of the group.', - }, - ], + name: 'install_scope', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Indicating how the package was installed, e.g. user-local, global.', + example: 'global', }, { - name: 'owner', - type: 'group', - fields: [ - { - name: 'id', - type: 'keyword', - description: 'One or multiple unique identifiers of the user.', - }, - { - name: 'name', - type: 'keyword', - example: 'albert', - description: 'Short name or login of the user.', - }, - { - name: 'group.id', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, - { - name: 'group.name', - type: 'keyword', - description: 'Name of the group.', - }, - ], + name: 'installed', + level: 'extended', + type: 'date', + description: 'Time when package was installed.', }, { - name: 'saved', - type: 'group', - fields: [ - { - name: 'id', - type: 'keyword', - description: 'One or multiple unique identifiers of the user.', - }, - { - name: 'name', - type: 'keyword', - example: 'albert', - description: 'Short name or login of the user.', - }, - { - name: 'group.id', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, - { - name: 'group.name', - type: 'keyword', - description: 'Name of the group.', - }, - ], + name: 'license', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'License under which the package was released.\n\nUse a short name, e.g. the license identifier from SPDX License List where\npossible (https://spdx.org/licenses/).', + example: 'Apache License 2.0', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package name', + example: 'go', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Path where the package is installed.', + example: '/usr/local/Cellar/go/1.12.9/', + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Home page or reference URL of the software in this package, if\navailable.', + example: 'https://golang.org', + default_field: false, + }, + { + name: 'size', + level: 'extended', + type: 'long', + format: 'string', + description: 'Package size in bytes.', + example: 62231, + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Type of package.\n\nThis should contain the package file type, rather than the package manager\nname. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar.', + example: 'rpm', + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package version', + example: '1.12.9', }, ], }, { - name: 'auditd', + name: 'pe', + title: 'PE Header', + group: 2, + description: 'These fields contain Windows Portable Executable (PE) metadata.', type: 'group', - description: 'Fields from the auditd logs.', fields: [ { - name: 'log', - type: 'group', + name: 'company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + ], + }, + { + name: 'process', + title: 'Process', + group: 2, + description: + 'These fields contain information about a process.\n\nThese fields can help you correlate metrics information with a process id/name\nfrom a log message. The `process.pid` often stays in the metric itself and\nis copied to the global field for correlation.', + type: 'group', + fields: [ + { + name: 'args', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'Fields from the Linux audit log. Not all fields are documented here because they are dynamic and vary by audit event type.', - fields: [ - { - name: 'old_auid', - description: - 'For login events this is the old audit ID used for the user prior to this login.', - }, - { - name: 'new_auid', - description: - 'For login events this is the new audit ID. The audit ID can be used to trace future events to the user even if their identity changes (like becoming root).', - }, - { - name: 'old_ses', - description: - 'For login events this is the old session ID used for the user prior to this login.', - }, - { - name: 'new_ses', - description: - 'For login events this is the new session ID. It can be used to tie a user to future events by session ID.', - }, - { - name: 'sequence', - type: 'long', - description: 'The audit event sequence number.', - }, - { - name: 'items', - description: 'The number of items in an event.', - }, + 'Array of process arguments, starting with the absolute path to\nthe executable.\n\nMay be filtered to protect sensitive information.', + example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'], + }, + { + name: 'args_count', + level: 'extended', + type: 'long', + description: + 'Length of the process.args array.\n\nThis field can be useful for querying or performing bucket analysis on how\nmany arguments were provided to start a process. More arguments may be an\nindication of suspicious activity.', + example: 4, + default_field: false, + }, + { + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'command_line', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'item', - description: - 'The item field indicates which item out of the total number of items. This number is zero-based; a value of 0 means it is the first item.', + name: 'text', + type: 'text', + norms: false, }, + ], + description: + 'Full command line that started the process, including the absolute\npath to the executable, and all arguments.\n\nSome arguments may be filtered to protect sensitive information.', + example: '/usr/bin/ssh -l user 10.0.0.16', + default_field: false, + }, + { + name: 'entity_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier for the process.\n\nThe implementation of this is specified by the data source, but some examples\nof what could be used here are a process-generated UUID, Sysmon Process GUIDs,\nor a hash of some uniquely identifying components of a process.\n\nConstructing a globally unique identifier is a common practice to mitigate\nPID reuse as well as to identify a specific process over time, across multiple\nmonitored hosts.', + example: 'c2c455d9f99375d', + default_field: false, + }, + { + name: 'executable', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'tty', - type: 'keyword', - definition: 'TTY udevice the user is running programs on.', - }, - { - name: 'a0', - description: 'The first argument to the system call.', - }, - { - name: 'addr', - type: 'ip', - definition: 'Remote address that the user is connecting from.', - }, - { - name: 'rport', - type: 'long', - definition: 'Remote port number.', - }, - { - name: 'laddr', - type: 'ip', - definition: 'Local network address.', - }, - { - name: 'lport', - type: 'long', - definition: 'Local port number.', - }, - { - name: 'acct', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'pid', - type: 'alias', - path: 'process.pid', - migration: true, - }, - { - name: 'ppid', - type: 'alias', - path: 'process.ppid', - migration: true, - }, - { - name: 'res', - type: 'alias', - path: 'event.outcome', - migration: true, - }, - { - name: 'record_type', - type: 'alias', - path: 'event.action', - migration: true, - }, - { - name: 'geoip', - type: 'group', - fields: [ - { - name: 'continent_name', - type: 'alias', - path: 'source.geo.continent_name', - migration: true, - }, - { - name: 'country_iso_code', - type: 'alias', - path: 'source.geo.country_iso_code', - migration: true, - }, - { - name: 'location', - type: 'alias', - path: 'source.geo.location', - migration: true, - }, - { - name: 'region_name', - type: 'alias', - path: 'source.geo.region_name', - migration: true, - }, - { - name: 'city_name', - type: 'alias', - path: 'source.geo.city_name', - migration: true, - }, - { - name: 'region_iso_code', - type: 'alias', - path: 'source.geo.region_iso_code', - migration: true, - }, - ], - }, - { - name: 'arch', - type: 'alias', - path: 'host.architecture', - migration: true, - }, - { - name: 'gid', - type: 'alias', - path: 'user.group.id', - migration: true, - }, - { - name: 'uid', - type: 'alias', - path: 'user.id', - migration: true, - }, - { - name: 'agid', - type: 'alias', - path: 'user.audit.group.id', - migration: true, - }, - { - name: 'auid', - type: 'alias', - path: 'user.audit.id', - migration: true, - }, - { - name: 'fsgid', - type: 'alias', - path: 'user.filesystem.group.id', - migration: true, - }, - { - name: 'fsuid', - type: 'alias', - path: 'user.filesystem.id', - migration: true, - }, - { - name: 'egid', - type: 'alias', - path: 'user.effective.group.id', - migration: true, - }, - { - name: 'euid', - type: 'alias', - path: 'user.effective.id', - migration: true, - }, - { - name: 'sgid', - type: 'alias', - path: 'user.saved.group.id', - migration: true, - }, - { - name: 'suid', - type: 'alias', - path: 'user.saved.id', - migration: true, - }, - { - name: 'ogid', - type: 'alias', - path: 'user.owner.group.id', - migration: true, - }, - { - name: 'ouid', - type: 'alias', - path: 'user.owner.id', - migration: true, - }, - { - name: 'comm', - type: 'alias', - path: 'process.name', - migration: true, - }, - { - name: 'exe', - type: 'alias', - path: 'process.executable', - migration: true, - }, - { - name: 'terminal', - type: 'alias', - path: 'user.terminal', - migration: true, - }, - { - name: 'msg', - type: 'alias', - path: 'message', - migration: true, - }, - { - name: 'src', - type: 'alias', - path: 'source.address', - migration: true, - }, - { - name: 'dst', - type: 'alias', - path: 'destination.address', - migration: true, + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Absolute path to the process executable.', + example: '/usr/bin/ssh', }, - ], - }, - ], - }, - { - key: 'elasticsearch', - title: 'elasticsearch', - description: 'elasticsearch Module', - fields: [ - { - name: 'elasticsearch', - type: 'group', - description: '', - fields: [ { - name: 'component', - description: 'Elasticsearch component from where the log event originated', - example: 'o.e.c.m.MetaDataCreateIndexService', - type: 'keyword', + name: 'exit_code', + level: 'extended', + type: 'long', + description: + 'The exit code of the process, if this is a termination event.\n\nThe field should be absent if there is no exit code for the event (e.g. process\nstart).', + example: 137, + default_field: false, }, { - name: 'cluster.uuid', - description: 'UUID of the cluster', - example: 'GmvrbHlNTiSVYiPf8kxg9g', + name: 'hash.md5', + level: 'extended', type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', }, { - name: 'cluster.name', - description: 'Name of the cluster', - example: 'docker-cluster', + name: 'hash.sha1', + level: 'extended', type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', }, { - name: 'node.id', - description: 'ID of the node', - example: 'DSiWcTyeThWtUXLB9J0BMw', + name: 'hash.sha256', + level: 'extended', type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', }, { - name: 'node.name', - description: 'Name of the node', - example: 'vWNJsZ3', + name: 'hash.sha512', + level: 'extended', type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', }, { - name: 'index.name', - description: 'Index name', - example: 'filebeat-test-input', + name: 'name', + level: 'extended', type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Process name.\n\nSometimes called program name or similar.', + example: 'ssh', }, { - name: 'index.id', - description: 'Index id', - example: 'aOGgDwbURfCV57AScqbCgw', + name: 'parent.args', + level: 'extended', type: 'keyword', + ignore_above: 1024, + description: + 'Array of process arguments.\n\nMay be filtered to protect sensitive information.', + example: ['ssh', '-l', 'user', '10.0.0.16'], + default_field: false, }, { - name: 'shard.id', - description: 'Id of the shard', - example: '0', + name: 'parent.args_count', + level: 'extended', + type: 'long', + description: + 'Length of the process.args array.\n\nThis field can be useful for querying or performing bucket analysis on how\nmany arguments were provided to start a process. More arguments may be an\nindication of suspicious activity.', + example: 4, + default_field: false, + }, + { + name: 'parent.code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'parent.code_signature.status', + level: 'extended', type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'audit', - type: 'group', - description: '', - fields: [ - { - name: 'layer', - description: - 'The layer from which this event originated: rest, transport or ip_filter', - example: 'rest', - type: 'keyword', - }, - { - name: 'origin.type', - description: - 'Where the request originated: rest (request originated from a REST API request), transport (request was received on the transport channel), local_node (the local node issued the request)', - example: 'local_node', - type: 'keyword', - }, - { - name: 'realm', - description: 'The authentication realm the authentication was validated against', - example: 'default_file', - type: 'keyword', - }, - { - name: 'user.realm', - description: "The user's authentication realm, if authenticated", - example: 'active_directory', - type: 'keyword', - }, - { - name: 'user.roles', - description: 'Roles to which the principal belongs', - example: ['kibana_admin', 'beats_admin'], - type: 'keyword', - }, - { - name: 'action', - description: 'The name of the action that was executed', - example: 'cluster:monitor/main', - type: 'keyword', - }, - { - name: 'url.params', - description: 'REST URI parameters', - example: '{username=jacknich2}', - }, - { - name: 'indices', - description: 'Indices accessed by action', - example: ['foo-2019.01.04', 'foo-2019.01.03', 'foo-2019.01.06'], - type: 'keyword', - }, - { - name: 'request.id', - description: 'Unique ID of request', - example: 'WzL_kb6VSvOhAq0twPvHOQ', - type: 'keyword', - }, - { - name: 'request.name', - description: 'The type of request that was executed', - example: 'ClearScrollRequest', - type: 'keyword', - }, - { - name: 'request_body', - type: 'alias', - path: 'http.request.body.content', - migration: true, - }, - { - name: 'event_type', - type: 'alias', - path: 'event.type', - migration: true, - }, + name: 'parent.code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'parent.code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'parent.code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'parent.command_line', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'origin_address', - type: 'alias', - path: 'source.ip', - migration: true, + name: 'text', + type: 'text', + norms: false, }, + ], + description: + 'Full command line that started the process, including the absolute\npath to the executable, and all arguments.\n\nSome arguments may be filtered to protect sensitive information.', + example: '/usr/bin/ssh -l user 10.0.0.16', + default_field: false, + }, + { + name: 'parent.entity_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier for the process.\n\nThe implementation of this is specified by the data source, but some examples\nof what could be used here are a process-generated UUID, Sysmon Process GUIDs,\nor a hash of some uniquely identifying components of a process.\n\nConstructing a globally unique identifier is a common practice to mitigate\nPID reuse as well as to identify a specific process over time, across multiple\nmonitored hosts.', + example: 'c2c455d9f99375d', + default_field: false, + }, + { + name: 'parent.executable', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'uri', - type: 'alias', - path: 'url.original', - migration: true, + name: 'text', + type: 'text', + norms: false, }, + ], + description: 'Absolute path to the process executable.', + example: '/usr/bin/ssh', + default_field: false, + }, + { + name: 'parent.exit_code', + level: 'extended', + type: 'long', + description: + 'The exit code of the process, if this is a termination event.\n\nThe field should be absent if there is no exit code for the event (e.g. process\nstart).', + example: 137, + default_field: false, + }, + { + name: 'parent.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + default_field: false, + }, + { + name: 'parent.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'principal', - type: 'alias', - path: 'user.name', - migration: true, + name: 'text', + type: 'text', + norms: false, }, ], + description: 'Process name.\n\nSometimes called program name or similar.', + example: 'ssh', + default_field: false, }, { - name: 'deprecation', - type: 'group', - description: '', + name: 'parent.pgid', + level: 'extended', + type: 'long', + format: 'string', + description: 'Identifier of the group of processes the process belongs to.', + default_field: false, }, { - name: 'gc', - type: 'group', - description: 'GC fileset fields.', - fields: [ + name: 'parent.pid', + level: 'core', + type: 'long', + format: 'string', + description: 'Process id.', + example: 4242, + default_field: false, + }, + { + name: 'parent.ppid', + level: 'extended', + type: 'long', + format: 'string', + description: "Parent process' pid.", + example: 4241, + default_field: false, + }, + { + name: 'parent.start', + level: 'extended', + type: 'date', + description: 'The time the process started.', + example: '2016-05-23T08:05:34.853Z', + default_field: false, + }, + { + name: 'parent.thread.id', + level: 'extended', + type: 'long', + format: 'string', + description: 'Thread ID.', + example: 4242, + default_field: false, + }, + { + name: 'parent.thread.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Thread name.', + example: 'thread-0', + default_field: false, + }, + { + name: 'parent.title', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'phase', - type: 'group', - description: 'Fields specific to GC phase.', - fields: [ - { - name: 'name', - type: 'keyword', - description: 'Name of the GC collection phase.', - }, - { - name: 'duration_sec', - type: 'float', - description: 'Collection phase duration according to the Java virtual machine.', - }, - { - name: 'scrub_symbol_table_time_sec', - type: 'float', - description: 'Pause time in seconds cleaning up symbol tables.', - }, - { - name: 'scrub_string_table_time_sec', - type: 'float', - description: 'Pause time in seconds cleaning up string tables.', - }, - { - name: 'weak_refs_processing_time_sec', - type: 'float', - description: 'Time spent processing weak references in seconds.', - }, - { - name: 'parallel_rescan_time_sec', - type: 'float', - description: - 'Time spent in seconds marking live objects while application is stopped.', - }, - { - name: 'class_unload_time_sec', - type: 'float', - description: 'Time spent unloading unused classes in seconds.', - }, - { - name: 'cpu_time', - type: 'group', - description: 'Process CPU time spent performing collections.', - fields: [ - { - name: 'user_sec', - type: 'float', - description: 'CPU time spent outside the kernel.', - }, - { - name: 'sys_sec', - type: 'float', - description: 'CPU time spent inside the kernel.', - }, - { - name: 'real_sec', - type: 'float', - description: - 'Total elapsed CPU time spent to complete the collection from start to finish.', - }, - ], - }, - ], + name: 'text', + type: 'text', + norms: false, }, + ], + description: + 'Process title.\n\nThe proctitle, some times the same as process name. Can also be different:\nfor example a browser setting its title to the web page currently opened.', + default_field: false, + }, + { + name: 'parent.uptime', + level: 'extended', + type: 'long', + description: 'Seconds the process has been up.', + example: 1325, + default_field: false, + }, + { + name: 'parent.working_directory', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'jvm_runtime_sec', - type: 'float', - description: 'The time from JVM start up in seconds, as a floating point number.', - }, - { - name: 'threads_total_stop_time_sec', - type: 'float', - description: 'Garbage collection threads total stop time seconds.', - }, - { - name: 'stopping_threads_time_sec', - type: 'float', - description: 'Time took to stop threads seconds.', - }, - { - name: 'tags', - type: 'keyword', - description: 'GC logging tags.', - }, - { - name: 'heap', - type: 'group', - description: 'Heap allocation and total size.', - fields: [ - { - name: 'size_kb', - type: 'integer', - description: 'Total heap size in kilobytes.', - }, - { - name: 'used_kb', - type: 'integer', - description: 'Used heap in kilobytes.', - }, - ], - }, - { - name: 'old_gen', - type: 'group', - description: 'Old generation occupancy and total size.', - fields: [ - { - name: 'size_kb', - type: 'integer', - description: 'Total size of old generation in kilobytes.', - }, - { - name: 'used_kb', - type: 'integer', - description: 'Old generation occupancy in kilobytes.', - }, - ], - }, - { - name: 'young_gen', - type: 'group', - description: 'Young generation occupancy and total size.', - fields: [ - { - name: 'size_kb', - type: 'integer', - description: 'Total size of young generation in kilobytes.', - }, - { - name: 'used_kb', - type: 'integer', - description: 'Young generation occupancy in kilobytes.', - }, - ], + name: 'text', + type: 'text', + norms: false, }, ], + description: 'The working directory of the process.', + example: '/home/alice', + default_field: false, }, { - name: 'server', - description: 'Server log file', - type: 'group', - fields: [ - { - name: 'stacktrace', - description: 'Stack trace in case of errors', - index: false, - }, - { - name: 'gc', - description: 'GC log', - type: 'group', - fields: [ - { - name: 'young', - description: 'Young GC', - example: '', - type: 'group', - fields: [ - { - name: 'one', - description: '', - example: '', - type: 'long', - }, - { - name: 'two', - description: '', - example: '', - type: 'long', - }, - ], - }, - { - name: 'overhead_seq', - description: 'Sequence number', - example: 3449992, - type: 'long', - }, - { - name: 'collection_duration.ms', - description: 'Time spent in GC, in milliseconds', - example: 1600, - type: 'float', - }, - { - name: 'observation_duration.ms', - description: 'Total time over which collection was observed, in milliseconds', - example: 1800, - type: 'float', - }, - ], - }, - ], + name: 'pe.company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'slowlog', - description: 'Slowlog events from Elasticsearch', - example: - '[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{"query":{"match_all":{"boost":1.0}}}],', - type: 'group', - fields: [ - { - name: 'logger', - description: 'Logger name', - example: 'index.search.slowlog.fetch', - type: 'keyword', - }, - { - name: 'took', - description: 'Time it took to execute the query', - example: '300ms', - type: 'keyword', - }, - { - name: 'types', - description: 'Types', - example: '', - type: 'keyword', - }, - { - name: 'stats', - description: 'Stats groups', - example: 'group1', - type: 'keyword', - }, - { - name: 'search_type', - description: 'Search type', - example: 'QUERY_THEN_FETCH', - type: 'keyword', - }, - { - name: 'source_query', - description: 'Slow query', - example: '{"query":{"match_all":{"boost":1.0}}}', - type: 'keyword', - }, - { - name: 'extra_source', - description: 'Extra source information', - example: '', - type: 'keyword', - }, - { - name: 'total_hits', - description: 'Total hits', - example: 42, - type: 'keyword', - }, - { - name: 'total_shards', - description: 'Total queried shards', - example: 22, - type: 'keyword', - }, - { - name: 'routing', - description: 'Routing', - example: 's01HZ2QBk9jw4gtgaFtn', - type: 'keyword', - }, - { - name: 'id', - description: 'Id', - example: '', - type: 'keyword', - }, - { - name: 'type', - description: 'Type', - example: 'doc', - type: 'keyword', - }, - ], + name: 'pe.description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, }, - ], - }, - ], - }, - { - key: 'haproxy', - title: 'haproxy', - description: 'haproxy Module', - fields: [ - { - name: 'haproxy', - type: 'group', - description: '', - fields: [ { - name: 'frontend_name', - description: - 'Name of the frontend (or listener) which received and processed the connection.', + name: 'pe.file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, }, { - name: 'backend_name', - description: - 'Name of the backend (or listener) which was selected to manage the connection to the server.', + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, }, { - name: 'server_name', - description: 'Name of the last server to which the connection was sent.', + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, }, { - name: 'total_waiting_time_ms', - description: 'Total time in milliseconds spent waiting in the various queues', + name: 'pgid', + level: 'extended', type: 'long', + format: 'string', + description: 'Identifier of the group of processes the process belongs to.', }, { - name: 'connection_wait_time_ms', - description: - 'Total time in milliseconds spent waiting for the connection to establish to the final server', + name: 'pid', + level: 'core', type: 'long', + format: 'string', + description: 'Process id.', + example: 4242, }, { - name: 'bytes_read', - description: 'Total number of bytes transmitted to the client when the log is emitted.', + name: 'ppid', + level: 'extended', type: 'long', + format: 'string', + description: "Parent process' pid.", + example: 4241, }, { - name: 'time_queue', - description: 'Total time in milliseconds spent waiting in the various queues.', - type: 'long', + name: 'start', + level: 'extended', + type: 'date', + description: 'The time the process started.', + example: '2016-05-23T08:05:34.853Z', }, { - name: 'time_backend_connect', - description: - 'Total time in milliseconds spent waiting for the connection to establish to the final server, including retries.', + name: 'thread.id', + level: 'extended', type: 'long', + format: 'string', + description: 'Thread ID.', + example: 4242, }, { - name: 'server_queue', - description: - 'Total number of requests which were processed before this one in the server queue.', - type: 'long', + name: 'thread.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Thread name.', + example: 'thread-0', }, { - name: 'backend_queue', - description: - "Total number of requests which were processed before this one in the backend's global queue.", - type: 'long', - }, - { - name: 'bind_name', - description: 'Name of the listening address which received the connection.', - }, - { - name: 'error_message', - description: 'Error message logged by HAProxy in case of error.', - type: 'text', - }, - { - name: 'source', + name: 'title', + level: 'extended', type: 'keyword', - description: 'The HAProxy source of the log', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Process title.\n\nThe proctitle, some times the same as process name. Can also be different:\nfor example a browser setting its title to the web page currently opened.', }, { - name: 'termination_state', - description: 'Condition the session was in when the session ended.', + name: 'uptime', + level: 'extended', + type: 'long', + description: 'Seconds the process has been up.', + example: 1325, }, { - name: 'mode', + name: 'working_directory', + level: 'extended', type: 'keyword', - description: 'mode that the frontend is operating (TCP or HTTP)', - }, - { - name: 'connections', - description: 'Contains various counts of connections active in the process.', - type: 'group', - fields: [ - { - name: 'active', - description: - 'Total number of concurrent connections on the process when the session was logged.', - type: 'long', - }, - { - name: 'frontend', - description: - 'Total number of concurrent connections on the frontend when the session was logged.', - type: 'long', - }, - { - name: 'backend', - description: - 'Total number of concurrent connections handled by the backend when the session was logged.', - type: 'long', - }, - { - name: 'server', - description: - 'Total number of concurrent connections still active on the server when the session was logged.', - type: 'long', - }, + ignore_above: 1024, + multi_fields: [ { - name: 'retries', - description: - 'Number of connection retries experienced by this session when trying to connect to the server.', - type: 'long', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'The working directory of the process.', + example: '/home/alice', }, + ], + }, + { + name: 'registry', + title: 'Registry', + group: 2, + description: 'Fields related to Windows Registry operations.', + type: 'group', + fields: [ { - name: 'client', - description: 'Information about the client doing the request', - type: 'group', - fields: [ - { - name: 'ip', - type: 'alias', - path: 'source.address', - migration: true, - }, - { - name: 'port', - type: 'alias', - path: 'source.port', - migration: true, - }, - ], + name: 'data.bytes', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Original bytes written with base64 encoding.\n\nFor Windows registry operations, such as SetValueEx and RegQueryValueEx, this\ncorresponds to the data pointed by `lp_data`. This is optional but provides\nbetter recoverability and should be populated for REG_BINARY encoded values.', + example: 'ZQBuAC0AVQBTAAAAZQBuAAAAAAA=', + default_field: false, }, { - name: 'process_name', - type: 'alias', - path: 'process.name', - migration: true, + name: 'data.strings', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Content when writing string types.\n\nPopulated as an array when writing string data to the registry. For single\nstring registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with\none string. For sequences of string with REG_MULTI_SZ, this array will be\nvariable length. For numeric data, such as REG_DWORD and REG_QWORD, this should\nbe populated with the decimal representation (e.g `"1"`).', + example: '["C:\\rta\\red_ttp\\bin\\myapp.exe"]', + default_field: false, }, { - name: 'pid', - type: 'alias', - path: 'process.pid', - migration: true, + name: 'data.type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Standard registry type for encoding contents', + example: 'REG_SZ', + default_field: false, }, { - name: 'destination', - description: 'Destination information', - type: 'group', - fields: [ - { - name: 'port', - type: 'alias', - path: 'destination.port', - migration: true, - }, - { - name: 'ip', - type: 'alias', - path: 'destination.ip', - migration: true, - }, - ], + name: 'hive', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Abbreviated name for the hive.', + example: 'HKLM', + default_field: false, }, { - name: 'geoip', - type: 'group', - description: - 'Contains GeoIP information gathered based on the client.ip field. Only present if the GeoIP Elasticsearch plugin is available and used.', - fields: [ - { - name: 'continent_name', - type: 'alias', - path: 'source.geo.continent_name', - migration: true, - }, - { - name: 'country_iso_code', - type: 'alias', - path: 'source.geo.country_iso_code', - migration: true, - }, - { - name: 'location', - type: 'alias', - path: 'source.geo.location', - migration: true, - }, - { - name: 'region_name', - type: 'alias', - path: 'source.geo.region_name', - migration: true, - }, - { - name: 'city_name', - type: 'alias', - path: 'source.geo.city_name', - migration: true, - }, - { - name: 'region_iso_code', - type: 'alias', - path: 'source.geo.region_iso_code', - migration: true, - }, - ], + name: 'key', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Hive-relative path of keys.', + example: + 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe', + default_field: false, }, { - name: 'http', - description: 'Please add description', - type: 'group', - fields: [ - { - name: 'response', - description: 'Fields related to the HTTP response', - type: 'group', - fields: [ - { - name: 'captured_cookie', - description: - 'Optional "name=value" entry indicating that the client had this cookie in the response.', - }, - { - name: 'captured_headers', - description: - 'List of headers captured in the response due to the presence of the "capture response header" statement in the frontend.', - type: 'keyword', - }, - { - name: 'status_code', - type: 'alias', - path: 'http.response.status_code', - migration: true, - }, - ], - }, - { - name: 'request', - description: 'Fields related to the HTTP request', - type: 'group', - fields: [ - { - name: 'captured_cookie', - description: - 'Optional "name=value" entry indicating that the server has returned a cookie with its request.', - }, - { - name: 'captured_headers', - description: - 'List of headers captured in the request due to the presence of the "capture request header" statement in the frontend.', - type: 'keyword', - }, - { - name: 'raw_request_line', - description: - 'Complete HTTP request line, including the method, request and HTTP version string.', - type: 'keyword', - }, - { - name: 'time_wait_without_data_ms', - description: - 'Total time in milliseconds spent waiting for the server to send a full HTTP response, not counting data.', - type: 'long', - }, - { - name: 'time_wait_ms', - description: - 'Total time in milliseconds spent waiting for a full HTTP request from the client (not counting body) after the first byte was received.', - type: 'long', - }, - ], - }, - ], + name: 'path', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Full path, including hive, key and value', + example: + 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution\nOptions\\winword.exe\\Debugger', + default_field: false, }, { - name: 'tcp', - description: 'TCP log format', - type: 'group', - fields: [ - { - name: 'connection_waiting_time_ms', - type: 'long', - description: - 'Total time in milliseconds elapsed between the accept and the last close', - }, - ], + name: 'value', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the value written.', + example: 'Debugger', + default_field: false, }, ], }, - ], - }, - { - key: 'icinga', - title: 'Icinga', - description: 'Icinga Module', - fields: [ { - name: 'icinga', + name: 'related', + title: 'Related', + group: 2, + description: + 'This field set is meant to facilitate pivoting around a piece of\ndata.\n\nSome pieces of information can be seen in many places in an ECS event. To facilitate\nsearching for them, store an array of all seen values to their corresponding\nfield in `related.`.\n\nA concrete example is IP addresses, which can be under host, observer, source,\ndestination, client, server, and network.forwarded_ip. If you append all IPs\nto `related.ip`, you can then search for a given IP trivially, no matter where\nit appeared, by querying `related.ip:192.0.2.15`.', type: 'group', - description: '', fields: [ { - name: 'debug', - type: 'group', - description: 'Contains fields for the Icinga debug logs.', - fields: [ - { - name: 'facility', - type: 'keyword', - description: 'Specifies what component of Icinga logged the message.', - }, - { - name: 'severity', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - ], + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + "All the hashes seen on your event. Populating this field, then\nusing it to search for hashes can help in situations where you're unsure what\nthe hash algorithm is (and therefore which key name to search).", + default_field: false, }, { - name: 'main', - type: 'group', - description: 'Contains fields for the Icinga main logs.', - fields: [ - { - name: 'facility', - type: 'keyword', - description: 'Specifies what component of Icinga logged the message.', - }, - { - name: 'severity', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - ], + name: 'ip', + level: 'extended', + type: 'ip', + description: 'All of the IPs seen on your event.', }, { - name: 'startup', - type: 'group', - description: 'Contains fields for the Icinga startup logs.', - fields: [ - { - name: 'facility', - type: 'keyword', - description: 'Specifies what component of Icinga logged the message.', - }, - { - name: 'severity', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - ], + name: 'user', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'All the user names seen on your event.', + default_field: false, }, ], }, - ], - }, - { - key: 'iis', - title: 'IIS', - description: 'Module for parsing IIS log files.', - fields: [ { - name: 'iis', + name: 'rule', + title: 'Rule', + group: 2, + description: + 'Rule fields are used to capture the specifics of any observer or\nagent rules that generate alerts or other notable events.\n\nExamples of data sources that would populate the rule fields include: network\nadmission control platforms, network or host IDS/IPS, network firewalls, web\napplication firewalls, url filters, endpoint detection and response (EDR) systems,\netc.', type: 'group', - description: 'Fields from IIS log files.', fields: [ { - name: 'access', - type: 'group', - description: 'Contains fields for IIS access logs.', - fields: [ - { - name: 'sub_status', - type: 'long', - description: 'The HTTP substatus code.', - }, - { - name: 'win32_status', - type: 'long', - description: 'The Windows status code.', - }, - { - name: 'site_name', - type: 'keyword', - description: 'The site name and instance number.', - }, - { - name: 'server_name', - type: 'keyword', - description: 'The name of the server on which the log file entry was generated.', - }, - { - name: 'cookie', - type: 'keyword', - description: 'The content of the cookie sent or received, if any.', - }, - { - name: 'body_received.bytes', - type: 'alias', - path: 'http.request.body.bytes', - migration: true, - }, - { - name: 'body_sent.bytes', - type: 'alias', - path: 'http.response.body.bytes', - migration: true, - }, - { - name: 'server_ip', - type: 'alias', - path: 'destination.address', - migration: true, - }, - { - name: 'method', - type: 'alias', - path: 'http.request.method', - migration: true, - }, - { - name: 'url', - type: 'alias', - path: 'url.path', - migration: true, - }, - { - name: 'query_string', - type: 'alias', - path: 'url.query', - migration: true, - }, - { - name: 'port', - type: 'alias', - path: 'destination.port', - migration: true, - }, - { - name: 'user_name', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'remote_ip', - type: 'alias', - path: 'source.address', - migration: true, - }, - { - name: 'referrer', - type: 'alias', - path: 'http.request.referrer', - migration: true, - }, - { - name: 'response_code', - type: 'alias', - path: 'http.response.status_code', - migration: true, - }, - { - name: 'http_version', - type: 'alias', - path: 'http.version', - migration: true, - }, + name: 'author', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name, organization, or pseudonym of the author or authors who created\nthe rule used to generate this event.', + example: ['Star-Lord'], + default_field: false, + }, + { + name: 'category', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A categorization value keyword used by the entity using the rule\nfor detection of this event.', + example: 'Attempted Information Leak', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The description of the rule generating the event.', + example: 'Block requests to public DNS over HTTPS / TLS protocols', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A rule ID that is unique within the scope of an agent, observer,\nor other entity using the rule for detection of this event.', + example: 101, + default_field: false, + }, + { + name: 'license', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the license under which the rule used to generate this\nevent is made available.', + example: 'Apache 2.0', + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the rule or signature generating the event.', + example: 'BLOCK_DNS_over_TLS', + default_field: false, + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Reference URL to additional information about the rule used to\ngenerate this event.\n\nThe URL can point to the vendor documentation about the rule. If that is\nnot available, it can also be a link to a more general page describing this\ntype of alert.', + example: 'https://en.wikipedia.org/wiki/DNS_over_TLS', + default_field: false, + }, + { + name: 'ruleset', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the ruleset, policy, group, or parent category in which\nthe rule used to generate this event is a member.', + example: 'Standard_Protocol_Filters', + default_field: false, + }, + { + name: 'uuid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A rule ID that is unique within the scope of a set or group of\nagents, observers, or other entities using the rule for detection of this\nevent.', + example: 1100110011, + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The version / revision of the rule being used for analysis.', + example: 1.1, + default_field: false, + }, + ], + }, + { + name: 'server', + title: 'Server', + group: 2, + description: + 'A Server is defined as the responder in a network connection for\nevents regarding sessions, connections, or bidirectional flow records.\n\nFor TCP events, the server is the receiver of the initial SYN packet(s) of the\nTCP connection. For other protocols, the server is generally the responder in\nthe network transaction. Some systems actually use the term "responder" to refer\nthe server in TCP connections. The server fields describe details about the\nsystem acting as the server in the network event. Server fields are usually\npopulated in conjunction with client fields. Server fields are generally not\npopulated for packet-level events.\n\nClient / server representations can add semantic context to an exchange, which\nis helpful to visualize the data in certain situations. If your context falls\nin that category, you should still ensure that source and destination are filled\nappropriately.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event server addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'hostname', - type: 'alias', - path: 'host.hostname', - migration: true, - }, - { - name: 'user_agent', - type: 'group', - fields: [ - { - name: 'device', - type: 'alias', - path: 'user_agent.device.name', - migration: true, - }, - { - name: 'name', - type: 'alias', - path: 'user_agent.name', - migration: true, - }, - { - name: 'os', - type: 'alias', - path: 'user_agent.os.full_name', - migration: true, - }, - { - name: 'os_name', - type: 'alias', - path: 'user_agent.os.name', - migration: true, - }, - { - name: 'original', - type: 'alias', - path: 'user_agent.original', - migration: true, - }, - ], - }, - { - name: 'geoip', - type: 'group', - fields: [ - { - name: 'continent_name', - type: 'alias', - path: 'source.geo.continent_name', - migration: true, - }, - { - name: 'country_iso_code', - type: 'alias', - path: 'source.geo.country_iso_code', - migration: true, - }, - { - name: 'location', - type: 'alias', - path: 'source.geo.location', - migration: true, - }, - { - name: 'region_name', - type: 'alias', - path: 'source.geo.region_name', - migration: true, - }, - { - name: 'city_name', - type: 'alias', - path: 'source.geo.city_name', - migration: true, - }, - { - name: 'region_iso_code', - type: 'alias', - path: 'source.geo.region_iso_code', - migration: true, - }, - ], + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Organization name.', + example: 'Google LLC', }, { - name: 'error', - type: 'group', - description: 'Contains fields for IIS error logs.', - fields: [ - { - name: 'reason_phrase', - type: 'keyword', - description: 'The HTTP reason phrase.', - }, - { - name: 'queue_name', - type: 'keyword', - description: 'The IIS application pool name.', - }, - { - name: 'remote_ip', - type: 'alias', - path: 'source.address', - migration: true, - }, - { - name: 'remote_port', - type: 'alias', - path: 'source.port', - migration: true, - }, - { - name: 'server_ip', - type: 'alias', - path: 'destination.address', - migration: true, - }, - { - name: 'server_port', - type: 'alias', - path: 'destination.port', - migration: true, - }, - { - name: 'http_version', - type: 'alias', - path: 'http.version', - migration: true, - }, - { - name: 'method', - type: 'alias', - path: 'http.request.method', - migration: true, - }, - { - name: 'url', - type: 'alias', - path: 'url.original', - migration: true, - }, - { - name: 'response_code', - type: 'alias', - path: 'http.response.status_code', - migration: true, - }, - { - name: 'geoip', - type: 'group', - fields: [ - { - name: 'continent_name', - type: 'alias', - path: 'source.geo.continent_name', - migration: true, - }, - { - name: 'country_iso_code', - type: 'alias', - path: 'source.geo.country_iso_code', - migration: true, - }, - { - name: 'location', - type: 'alias', - path: 'source.geo.location', - migration: true, - }, - { - name: 'region_name', - type: 'alias', - path: 'source.geo.region_name', - migration: true, - }, - { - name: 'city_name', - type: 'alias', - path: 'source.geo.city_name', - migration: true, - }, - { - name: 'region_iso_code', - type: 'alias', - path: 'source.geo.region_iso_code', - migration: true, - }, - ], - }, - ], + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the server to the client.', + example: 184, }, - ], - }, - ], - }, - { - key: 'kafka', - title: 'Kafka', - description: 'Kafka module', - fields: [ - { - name: 'kafka', - type: 'group', - description: '', - fields: [ { - name: 'log', - type: 'group', - description: 'Kafka log lines.', - fields: [ - { - name: 'level', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - { - name: 'component', - type: 'keyword', - description: 'Component the log is coming from.', - }, - { - name: 'class', - type: 'keyword', - description: 'Java class the log is coming from.', - }, - { - name: 'trace', - type: 'group', - description: 'Trace in the log line.', - fields: [ - { - name: 'class', - type: 'keyword', - description: 'Java class the trace is coming from.', - }, - { - name: 'message', - type: 'text', - description: 'Message part of the trace.', - }, - ], - }, - ], + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Server domain.', }, - ], - }, - ], - }, - { - key: 'kibana', - title: 'kibana', - description: 'kibana Module', - fields: [ - { - name: 'kibana', - type: 'group', - description: '', - fields: [ { - name: 'log', - type: 'group', - description: 'Kafka log lines.', - fields: [ - { - name: 'tags', - type: 'keyword', - description: 'Kibana logging tags.', - }, - { - name: 'state', - type: 'keyword', - description: 'Current state of Kibana.', - }, - { - name: 'meta', - type: 'object', - object_type: 'keyword', - }, - { - name: 'kibana.log.meta.req.headers.referer', - type: 'alias', - path: 'http.request.referrer', - migration: true, - }, - { - name: 'kibana.log.meta.req.referer', - type: 'alias', - path: 'http.request.referrer', - migration: true, - }, - { - name: 'kibana.log.meta.req.headers.user-agent', - type: 'alias', - path: 'user_agent.original', - migration: true, - }, - { - name: 'kibana.log.meta.req.remoteAddress', - type: 'alias', - path: 'source.address', - migration: true, - }, - { - name: 'kibana.log.meta.req.url', - type: 'alias', - path: 'url.original', - migration: true, - }, + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the server.\n\nCan be one or multiple IPv4 or IPv6 addresses.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the server.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the server to the client.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the server.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered server domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'kibana.log.meta.statusCode', - type: 'alias', - path: 'http.response.status_code', - migration: true, + name: 'text', + type: 'text', + norms: false, + default_field: false, }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'kibana.log.meta.method', - type: 'alias', - path: 'http.request.method', - migration: true, + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Short name or login of the user.', + example: 'albert', }, ], }, - ], - }, - { - key: 'logstash', - title: 'logstash', - description: 'logstash Module', - fields: [ { - name: 'logstash', + name: 'service', + title: 'Service', + group: 2, + description: + 'The service fields describe the service for or from which the data\nwas collected.\n\nThese fields help you find and correlate logs for a specific service and version.', type: 'group', - description: '', fields: [ { - name: 'log', - title: 'Logstash', - type: 'group', - description: 'Fields from the Logstash logs.', - fields: [ - { - name: 'module', - type: 'keyword', - description: 'The module or class where the event originate.', - }, - { - name: 'thread', - type: 'keyword', - description: 'Information about the running thread where the log originate.', - multi_fields: [ - { - name: 'text', - type: 'text', - }, - ], - }, - { - name: 'log_event', - type: 'object', - description: 'key and value debugging information.', - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - { - name: 'level', - type: 'alias', - path: 'log.level', - migration: true, - }, - ], + name: 'ephemeral_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Ephemeral identifier of this service (if one exists).\n\nThis id normally changes across restarts, but `service.id` does not.', + example: '8a4f500f', }, { - name: 'slowlog', - type: 'group', - description: 'slowlog', - fields: [ - { - name: 'module', - type: 'keyword', - description: 'The module or class where the event originate.', - }, - { - name: 'thread', - type: 'keyword', - description: 'Information about the running thread where the log originate.', - multi_fields: [ - { - name: 'text', - type: 'text', - }, - ], - }, - { - name: 'event', - type: 'keyword', - description: 'Raw dump of the original event', - multi_fields: [ - { - name: 'text', - type: 'text', - }, - ], - }, - { - name: 'plugin_name', - type: 'keyword', - description: 'Name of the plugin', - }, - { - name: 'plugin_type', - type: 'keyword', - description: 'Type of the plugin: Inputs, Filters, Outputs or Codecs.', - }, - { - name: 'took_in_millis', - type: 'long', - description: 'Execution time for the plugin in milliseconds.', - }, - { - name: 'plugin_params', - type: 'keyword', - description: 'String value of the plugin configuration', - multi_fields: [ - { - name: 'text', - type: 'text', - }, - ], - }, - { - name: 'plugin_params_object', - type: 'object', - description: 'key -> value of the configuration used by the plugin.', - }, - { - name: 'level', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'took_in_nanos', - type: 'alias', - path: 'event.duration', - migration: true, - }, - ], + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the running service. If the service is comprised\nof many nodes, the `service.id` should be the same for all nodes.\n\nThis id should uniquely identify the service. This makes it possible to correlate\nlogs and metrics for one specific service, no matter which particular node\nemitted the event.\n\nNote that if you need to see the events from one specific host of the service,\nyou should filter on that `host.name` or `host.id` instead.', + example: 'd37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the service data is collected from.\n\nThe name of the service is normally user given. This allows for distributed\nservices that run on multiple hosts to correlate the related instances based\non the name.\n\nIn the case of Elasticsearch the `service.name` could contain the cluster\nname. For Beats the `service.name` is by default a copy of the `service.type`\nfield if no name is specified.', + example: 'elasticsearch-metrics', + }, + { + name: 'node.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of a service node.\n\nThis allows for two nodes of the same service running on the same host to\nbe differentiated. Therefore, `service.node.name` should typically be unique\nacross nodes of a given service.\n\nIn the case of Elasticsearch, the `service.node.name` could contain the unique\nnode name within the Elasticsearch cluster. In cases where the service does not\nhave the concept of a node name, the host name or container name can be used\nto distinguish running instances that make up this service. If those do not\nprovide uniqueness (e.g. multiple instances of the service running on the\nsame host) - the node name can be manually set.', + example: 'instance-0000000016', + }, + { + name: 'state', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Current state of the service.', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of the service data is collected from.\n\nThe type can be used to group and correlate logs and metrics from one service\ntype.\n\nExample: If logs or metrics are collected from Elasticsearch, `service.type`\nwould be `elasticsearch`.', + example: 'elasticsearch', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Version of the service the data was collected from.\n\nThis allows to look at a data set only for a specific version of a service.', + example: '3.2.4', }, ], }, - ], - }, - { - key: 'mongodb', - title: 'mongodb', - description: 'Module for parsing MongoDB log files.', - fields: [ { - name: 'mongodb', + name: 'source', + title: 'Source', + group: 2, + description: + 'Source fields describe details about the source of a packet/event.\n\nSource fields are usually populated in conjunction with destination fields.', type: 'group', - description: 'Fields from MongoDB logs.', fields: [ { - name: 'log', - type: 'group', - description: 'Contains fields from MongoDB logs.', - fields: [ - { - name: 'component', - description: 'Functional categorization of message', - example: 'COMMAND', - type: 'keyword', - }, - { - name: 'context', - description: 'Context of message', - example: 'initandlisten', - type: 'keyword', - }, - { - name: 'severity', - type: 'alias', - path: 'log.level', - migration: true, - }, + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event source addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'message', - type: 'alias', - path: 'message', - migration: true, + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Organization name.', + example: 'Google LLC', }, - ], - }, - ], - }, - { - key: 'mysql', - title: 'MySQL', - description: 'Module for parsing the MySQL log files.', - short_config: true, - fields: [ - { - name: 'mysql', - type: 'group', - description: 'Fields from the MySQL log files.', - fields: [ { - name: 'thread_id', + name: 'bytes', + level: 'core', type: 'long', - description: 'The connection or thread ID for the query.', + format: 'bytes', + description: 'Bytes sent from the source to the destination.', + example: 184, }, { - name: 'error', - type: 'group', - description: 'Contains fields from the MySQL error logs.', - fields: [ - { - name: 'thread_id', - type: 'alias', - path: 'mysql.thread_id', - migration: true, - }, - { - name: 'level', - type: 'alias', - path: 'log.level', - migration: true, - }, + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Source domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the source.\n\nCan be one or multiple IPv4 or IPv6 addresses.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the source.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of source based NAT sessions (e.g. internal client\nto internet)\n\nTypically connections traversing load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of source based NAT sessions. (e.g. internal client\nto internet)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the source to the destination.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the source.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered source domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'message', - type: 'alias', - path: 'message', - migration: true, + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: "User's full name, if available.", + example: 'Albert Einstein', }, { - name: 'slowlog', - type: 'group', - description: 'Contains fields from the MySQL slow logs.', - fields: [ - { - name: 'lock_time.sec', - type: 'float', - description: - 'The amount of time the query waited for the lock to be available. The value is in seconds, as a floating point number.', - }, - { - name: 'rows_sent', - type: 'long', - description: 'The number of rows returned by the query.', - }, - { - name: 'rows_examined', - type: 'long', - description: 'The number of rows scanned by the query.', - }, - { - name: 'rows_affected', - type: 'long', - description: 'The number of rows modified by the query.', - }, - { - name: 'bytes_sent', - type: 'long', - format: 'bytes', - description: 'The size of the query result.', - }, - { - name: 'query', - description: 'The slow query.', - }, - { - name: 'id', - type: 'alias', - path: 'mysql.thread_id', - migration: true, - }, - { - name: 'schema', - type: 'keyword', - description: 'The schema where the slow query was executed.', - }, - { - name: 'current_user', - type: 'keyword', - description: - 'Current authenticated user, used to determine access privileges. Can differ from the value for user.', - }, - { - name: 'last_errno', - type: 'keyword', - description: 'Last SQL error seen.', - }, - { - name: 'killed', - type: 'keyword', - description: 'Code of the reason if the query was killed.', - }, - { - name: 'query_cache_hit', - type: 'boolean', - description: 'Whether the query cache was hit.', - }, - { - name: 'tmp_table', - type: 'boolean', - description: 'Whether a temporary table was used to resolve the query.', - }, - { - name: 'tmp_table_on_disk', - type: 'boolean', - description: 'Whether the query needed temporary tables on disk.', - }, - { - name: 'tmp_tables', - type: 'long', - description: 'Number of temporary tables created for this query', - }, - { - name: 'tmp_disk_tables', - type: 'long', - description: 'Number of temporary tables created on disk for this query.', - }, - { - name: 'tmp_table_sizes', - type: 'long', - format: 'bytes', - description: 'Size of temporary tables created for this query.', - }, - { - name: 'filesort', - type: 'boolean', - description: 'Whether filesort optimization was used.', - }, - { - name: 'filesort_on_disk', - type: 'boolean', - description: - 'Whether filesort optimization was used and it needed temporary tables on disk.', - }, - { - name: 'priority_queue', - type: 'boolean', - description: 'Whether a priority queue was used for filesort.', - }, - { - name: 'full_scan', - type: 'boolean', - description: 'Whether a full table scan was needed for the slow query.', - }, - { - name: 'full_join', - type: 'boolean', - description: - 'Whether a full join was needed for the slow query (no indexes were used for joins).', - }, - { - name: 'merge_passes', - type: 'long', - description: 'Number of merge passes executed for the query.', - }, - { - name: 'log_slow_rate_type', - type: 'keyword', - description: - 'Type of slow log rate limit, it can be `session` if the rate limit is applied per session, or `query` if it applies per query.', - }, - { - name: 'log_slow_rate_limit', - type: 'keyword', - description: - 'Slow log rate limit, a value of 100 means that one in a hundred queries or sessions are being logged.', - }, - { - name: 'innodb', - type: 'group', - description: 'Contains fields relative to InnoDB engine', - fields: [ - { - name: 'trx_id', - type: 'keyword', - description: 'Transaction ID', - }, - { - name: 'io_r_ops', - type: 'long', - description: 'Number of page read operations.', - }, - { - name: 'io_r_bytes', - type: 'long', - format: 'bytes', - description: 'Bytes read during page read operations.', - }, - { - name: 'io_r_wait.sec', - type: 'long', - description: 'How long it took to read all needed data from storage.', - }, - { - name: 'rec_lock_wait.sec', - type: 'long', - description: 'How long the query waited for locks.', - }, - { - name: 'queue_wait.sec', - type: 'long', - description: - 'How long the query waited to enter the InnoDB queue and to be executed once in the queue.', - }, - { - name: 'pages_distinct', - type: 'long', - description: 'Approximated count of pages accessed to execute the query.', - }, - ], - }, - { - name: 'user', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'host', - type: 'alias', - path: 'source.domain', - migration: true, - }, + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'ip', - type: 'alias', - path: 'source.ip', - migration: true, + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Short name or login of the user.', + example: 'albert', }, ], }, - ], - }, - { - key: 'nats', - title: 'nats', - description: 'Module for parsing NATS log files.', - release: 'beta', - fields: [ { - name: 'nats', + name: 'threat', + title: 'Threat', + group: 2, + description: + 'Fields to classify events and alerts according to a threat taxonomy\nsuch as the Mitre ATT&CK framework.\n\nThese fields are for users to classify alerts from all of their sources (e.g.\nIDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to\ncapture the high level category of the threat (e.g. "impact"). The threat.technique.*\nfields are meant to capture which kind of approach is used by this detected\nthreat, to accomplish the goal (e.g. "endpoint denial of service").', type: 'group', - description: 'Fields from NATS logs.', fields: [ { - name: 'log', - type: 'group', - description: 'Nats log files', - release: 'beta', + name: 'framework', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the threat framework used to further categorize and classify\nthe tactic and technique of the reported threat. Framework classification\ncan be provided by detecting systems, evaluated at ingest time, or retrospectively\ntagged to events.', + example: 'MITRE ATT&CK', + }, + { + name: 'tactic.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The id of tactic used by this threat. You can use the Mitre ATT&CK\nMatrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'TA0040', + }, + { + name: 'tactic.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the type of tactic used by this threat. You can use the\nMitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'impact', + }, + { + name: 'tactic.reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The reference url of tactic used by this threat. You can use the\nMitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'https://attack.mitre.org/tactics/TA0040/', + }, + { + name: 'technique.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The id of technique used by this tactic. You can use the Mitre\nATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'T1499', + }, + { + name: 'technique.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'The name of technique used by this tactic. You can use the Mitre\nATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'endpoint denial of service', + }, + { + name: 'technique.reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The reference url of technique used by this tactic. You can use\nthe Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'https://attack.mitre.org/techniques/T1499/', }, ], }, - ], - }, - { - key: 'nginx', - title: 'Nginx', - description: 'Module for parsing the Nginx log files.', - short_config: true, - fields: [ { - name: 'nginx', + name: 'tls', + title: 'TLS', + group: 2, + description: + 'Fields related to a TLS connection. These fields focus on the TLS\nprotocol itself and intentionally avoids in-depth analysis of the related x.509\ncertificate files.', type: 'group', - description: 'Fields from the Nginx log files.', fields: [ { - name: 'access', - type: 'group', - description: 'Contains fields for the Nginx access logs.', - fields: [ - { - name: 'remote_ip_list', - type: 'array', - description: - 'An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`.', - }, - { - name: 'body_sent.bytes', - type: 'alias', - path: 'http.response.body.bytes', - migration: true, - }, - { - name: 'remote_ip', - type: 'alias', - path: 'source.ip', - migration: true, - }, - { - name: 'user_name', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'method', - type: 'alias', - path: 'http.request.method', - migration: true, - }, - { - name: 'url', - type: 'alias', - path: 'url.original', - migration: true, - }, - { - name: 'http_version', - type: 'alias', - path: 'http.version', - migration: true, - }, - { - name: 'response_code', - type: 'alias', - path: 'http.response.status_code', - migration: true, - }, - { - name: 'referrer', - type: 'alias', - path: 'http.request.referrer', - migration: true, - }, - { - name: 'agent', - type: 'alias', - path: 'user_agent.original', - migration: true, - }, - { - name: 'user_agent', - type: 'group', - fields: [ - { - name: 'device', - type: 'alias', - path: 'user_agent.device.name', - migration: true, - }, - { - name: 'name', - type: 'alias', - path: 'user_agent.name', - migration: true, - }, - { - name: 'os', - type: 'alias', - path: 'user_agent.os.full_name', - migration: true, - }, - { - name: 'os_name', - type: 'alias', - path: 'user_agent.os.name', - migration: true, - }, - { - name: 'original', - type: 'alias', - path: 'user_agent.original', - migration: true, - }, - ], - }, - { - name: 'geoip', - type: 'group', - fields: [ - { - name: 'continent_name', - type: 'alias', - path: 'source.geo.continent_name', - migration: true, - }, - { - name: 'country_iso_code', - type: 'alias', - path: 'source.geo.country_iso_code', - migration: true, - }, - { - name: 'location', - type: 'alias', - path: 'source.geo.location', - migration: true, - }, - { - name: 'region_name', - type: 'alias', - path: 'source.geo.region_name', - migration: true, - }, - { - name: 'city_name', - type: 'alias', - path: 'source.geo.city_name', - migration: true, - }, - { - name: 'region_iso_code', - type: 'alias', - path: 'source.geo.region_iso_code', - migration: true, - }, - ], - }, - ], + name: 'cipher', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'String indicating the cipher used during the current connection.', + example: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', + default_field: false, }, { - name: 'error', - type: 'group', - description: 'Contains fields for the Nginx error logs.', - fields: [ - { - name: 'connection_id', - type: 'long', - description: 'Connection identifier.', - }, - { - name: 'level', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'pid', - type: 'alias', - path: 'process.pid', - migration: true, - }, - { - name: 'tid', - type: 'alias', - path: 'process.thread.id', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - ], + name: 'client.certificate', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'PEM-encoded stand-alone certificate offered by the client. This\nis usually mutually-exclusive of `client.certificate_chain` since this value\nalso exists in that list.', + example: 'MII...', + default_field: false, }, - ], - }, - ], - }, - { - key: 'osquery', - title: 'Osquery', - description: 'Fields exported by the `osquery` module', - fields: [ - { - name: 'osquery', - type: 'group', - description: '', - fields: [ { - name: 'result', - type: 'group', - description: 'Common fields exported by the result metricset.', - fields: [ - { - name: 'name', - type: 'keyword', - description: 'The name of the query that generated this event.', - }, - { - name: 'action', - type: 'keyword', - description: - 'For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot".', - }, - { - name: 'host_identifier', - type: 'keyword', - description: - 'The identifier for the host on which the osquery agent is running. Normally the hostname.', - }, - { - name: 'unix_time', - type: 'long', - description: - 'Unix timestamp of the event, in seconds since the epoch. Used for computing the `@timestamp` column.', - }, - { - name: 'calendar_time', - type: 'keyword', - description: - 'String representation of the collection time, as formatted by osquery.', - }, - ], + name: 'client.certificate_chain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of PEM-encoded certificates that make up the certificate\nchain offered by the client. This is usually mutually-exclusive of `client.certificate`\nsince that value should be the first certificate in the chain.', + example: ['MII...', 'MII...'], + default_field: false, }, - ], - }, - ], - }, - { - key: 'postgresql', - title: 'PostgreSQL', - description: 'Module for parsing the PostgreSQL log files.', - short_config: true, - fields: [ - { - name: 'postgresql', - type: 'group', - description: 'Fields from PostgreSQL logs.', - fields: [ { - name: 'log', - type: 'group', - description: 'Fields from the PostgreSQL log files.', - fields: [ - { - name: 'timestamp', - description: 'The timestamp from the log line.', - }, - { - name: 'core_id', - type: 'long', - description: 'Core id', - }, - { - name: 'database', - example: 'mydb', - description: 'Name of database', - }, - { - name: 'query', - example: 'SELECT * FROM users;', - description: 'Query statement.', - }, - { - name: 'timezone', - type: 'alias', - path: 'event.timezone', - migration: true, - }, - { - name: 'thread_id', - type: 'alias', - path: 'process.pid', - migration: true, - }, - { - name: 'user', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'level', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, + name: 'client.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the MD5 digest of DER-encoded version\nof certificate offered by the client. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC', + default_field: false, + }, + { + name: 'client.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA1 digest of DER-encoded version\nof certificate offered by the client. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '9E393D93138888D288266C2D915214D1D1CCEB2A', + default_field: false, + }, + { + name: 'client.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA256 digest of DER-encoded\nversion of certificate offered by the client. For consistency with other hash\nvalues, this value should be formatted as an uppercase hash.', + example: '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0', + default_field: false, + }, + { + name: 'client.issuer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Distinguished name of subject of the issuer of the x.509 certificate\npresented by the client.', + example: 'CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'client.ja3', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash that identifies clients based on how they perform an SSL/TLS\nhandshake.', + example: 'd4e5b18d6b55c71272893221c96ba240', + default_field: false, + }, + { + name: 'client.not_after', + level: 'extended', + type: 'date', + description: + 'Date/Time indicating when client certificate is no longer considered\nvalid.', + example: '2021-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'client.not_before', + level: 'extended', + type: 'date', + description: 'Date/Time indicating when client certificate is first considered\nvalid.', + example: '1970-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'client.server_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Also called an SNI, this tells the server which hostname to which\nthe client is attempting to connect. When this value is available, it should\nget copied to `destination.domain`.', + example: 'www.elastic.co', + default_field: false, + }, + { + name: 'client.subject', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Distinguished name of subject of the x.509 certificate presented\nby the client.', + example: 'CN=myclient, OU=Documentation Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'client.supported_ciphers', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Array of ciphers offered by the client during the client hello.', + example: [ + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', + '...', ], + default_field: false, + }, + { + name: 'curve', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'String indicating the curve used for the given cipher, when applicable.', + example: 'secp256r1', + default_field: false, + }, + { + name: 'established', + level: 'extended', + type: 'boolean', + description: + 'Boolean flag indicating if the TLS negotiation was successful and\ntransitioned to an encrypted tunnel.', + default_field: false, + }, + { + name: 'next_protocol', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'String indicating the protocol being tunneled. Per the values in\nthe IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids),\nthis string should be lower case.', + example: 'http/1.1', + default_field: false, + }, + { + name: 'resumed', + level: 'extended', + type: 'boolean', + description: + 'Boolean flag indicating if this TLS connection was resumed from\nan existing TLS negotiation.', + default_field: false, + }, + { + name: 'server.certificate', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'PEM-encoded stand-alone certificate offered by the server. This\nis usually mutually-exclusive of `server.certificate_chain` since this value\nalso exists in that list.', + example: 'MII...', + default_field: false, + }, + { + name: 'server.certificate_chain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of PEM-encoded certificates that make up the certificate\nchain offered by the server. This is usually mutually-exclusive of `server.certificate`\nsince that value should be the first certificate in the chain.', + example: ['MII...', 'MII...'], + default_field: false, + }, + { + name: 'server.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the MD5 digest of DER-encoded version\nof certificate offered by the server. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC', + default_field: false, + }, + { + name: 'server.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA1 digest of DER-encoded version\nof certificate offered by the server. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '9E393D93138888D288266C2D915214D1D1CCEB2A', + default_field: false, + }, + { + name: 'server.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA256 digest of DER-encoded\nversion of certificate offered by the server. For consistency with other hash\nvalues, this value should be formatted as an uppercase hash.', + example: '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0', + default_field: false, + }, + { + name: 'server.issuer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Subject of the issuer of the x.509 certificate presented by the\nserver.', + example: 'CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'server.ja3s', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash that identifies servers based on how they perform an SSL/TLS\nhandshake.', + example: '394441ab65754e2207b1e1b457b3641d', + default_field: false, + }, + { + name: 'server.not_after', + level: 'extended', + type: 'date', + description: + 'Timestamp indicating when server certificate is no longer considered\nvalid.', + example: '2021-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'server.not_before', + level: 'extended', + type: 'date', + description: 'Timestamp indicating when server certificate is first considered\nvalid.', + example: '1970-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'server.subject', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Subject of the x.509 certificate presented by the server.', + example: 'CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Numeric part of the version parsed from the original string.', + example: '1.2', + default_field: false, + }, + { + name: 'version_protocol', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Normalized lowercase protocol name parsed from original string.', + example: 'tls', + default_field: false, }, ], }, - ], - }, - { - key: 'redis', - title: 'Redis', - description: 'Redis Module', - fields: [ { - name: 'redis', + name: 'tracing', + title: 'Tracing', + group: 2, + description: + 'Distributed tracing makes it possible to analyze performance throughout\na microservice architecture all in one view. This is accomplished by tracing\nall of the requests - from the initial web request in the front-end service\n- to queries made through multiple back-end services.', type: 'group', - description: '', fields: [ { - name: 'log', - type: 'group', - description: 'Redis log files', - fields: [ - { - name: 'role', - type: 'keyword', - description: - 'The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`.', - }, - { - name: 'pid', - type: 'alias', - path: 'process.pid', - migration: true, - }, - { - name: 'level', - type: 'alias', - path: 'log.level', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - ], + name: 'trace.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the trace.\n\nA trace groups multiple events like transactions that belong together. For\nexample, a user request handled by multiple inter-connected services.', + example: '4bf92f3577b34da6a3ce929d0e0e4736', }, { - name: 'slowlog', - type: 'group', - description: 'Slow logs are retrieved from Redis via a network connection.', - fields: [ - { - name: 'cmd', - type: 'keyword', - description: 'The command executed.', - }, - { - name: 'duration.us', - type: 'long', - description: 'How long it took to execute the command in microseconds.', - }, - { - name: 'id', - type: 'long', - description: 'The ID of the query.', - }, - { - name: 'key', - type: 'keyword', - description: 'The key on which the command was executed.', - }, - { - name: 'args', - type: 'keyword', - description: 'The arguments with which the command was called.', - }, - ], + name: 'transaction.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the transaction.\n\nA transaction is the highest level of work measured within a service, such\nas a request to a server.', + example: '00f067aa0ba902b7', }, ], }, - ], - }, - { - key: 'santa', - title: 'Google Santa', - description: 'Santa Module', - fields: [ { - name: 'santa', + name: 'url', + title: 'URL', + group: 2, + description: + 'URL fields provide support for complete or partial URLs, and supports\nthe breaking down into scheme, domain, path, and so on.', type: 'group', - description: '', fields: [ { - name: 'action', + name: 'domain', + level: 'extended', type: 'keyword', - example: 'EXEC', - description: 'Action', + ignore_above: 1024, + description: + 'Domain of the url, such as "www.elastic.co".\n\nIn some cases a URL may refer to an IP and/or port directly, without a domain\nname. In this case, the IP address would go to the `domain` field.', + example: 'www.elastic.co', }, { - name: 'decision', + name: 'extension', + level: 'extended', type: 'keyword', - example: 'ALLOW', - description: 'Decision that santad took.', + ignore_above: 1024, + description: + 'The field contains the file extension from the original request\nurl.\n\nThe file extension is only set if it exists, as not every url has a file extension.\n\nThe leading period must not be included. For example, the value must be "png",\nnot ".png".', + example: 'png', }, { - name: 'reason', + name: 'fragment', + level: 'extended', type: 'keyword', - example: 'CERT', - description: 'Reason for the decsision.', + ignore_above: 1024, + description: + 'Portion of the url after the `#`, such as "top".\n\nThe `#` is not part of the fragment.', }, { - name: 'mode', + name: 'full', + level: 'extended', type: 'keyword', - example: 'M', - description: 'Operating mode of Santa.', - }, - { - name: 'disk', - type: 'group', - description: 'Fields for DISKAPPEAR actions.', - fields: [ + ignore_above: 1024, + multi_fields: [ { - name: 'volume', - description: 'The volume name.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, + ], + description: + 'If full URLs are important to your use case, they should be stored\nin `url.full`, whether this field is reconstructed or present in the event\nsource.', + example: 'https://www.elastic.co:443/search?q=elasticsearch#top', + }, + { + name: 'original', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'bus', - description: 'The disk bus protocol.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, - { - name: 'serial', - description: 'The disk serial number.', + ], + description: + 'Unmodified original url as seen in the event source.\n\nNote that in network monitoring, the observed URL may be a full URL, whereas\nin access logs, the URL is often just represented as a path.\n\nThis field is meant to represent the URL as it was observed, complete or not.', + example: + 'https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch', + }, + { + name: 'password', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Password of the request.', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Path of the request, such as "/search".', + }, + { + name: 'port', + level: 'extended', + type: 'long', + format: 'string', + description: 'Port of the request, such as 443.', + example: 443, + }, + { + name: 'query', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The query field describes the query string of the request, such\nas "q=elasticsearch".\n\nThe `?` is excluded from the query string. If a URL contains no `?`, there\nis no query field. If there is a `?` but no query, the query field exists\nwith an empty string. The `exists` query can be used to differentiate between\nthe two cases.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered url domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'scheme', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Scheme of the request, such as "https".\n\nNote: The `:` is not part of the scheme.', + example: 'https', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'username', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Username of the request.', + }, + ], + }, + { + name: 'user', + title: 'User', + group: 2, + description: + 'The user fields describe information about the user that is relevant\nto the event.\n\nFields can have one entry or multiple entries. If a user has more than one id,\nprovide an array that includes all of them.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'bsdname', - example: 'disk1s3', - description: 'The disk BSD name.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'user_agent', + title: 'User agent', + group: 2, + description: + 'The user_agent fields normally come from a browser request.\n\nThey often show up in web service logs coming from the parsed user agent string.', + type: 'group', + fields: [ + { + name: 'device.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the device.', + example: 'iPhone', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the user agent.', + example: 'Safari', + }, + { + name: 'original', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'model', - example: 'APPLE SSD SM0512L', - description: 'The disk model.', + name: 'text', + type: 'text', + norms: false, }, + ], + description: 'Unparsed user_agent string.', + example: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15\n(KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'fs', - example: 'apfs', - description: 'The disk volume kind (filesystem type).', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'mount', - description: 'The disk volume path.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Version of the user agent.', + example: 12, }, ], }, { - name: 'certificate.common_name', - type: 'keyword', - description: 'Common name from code signing certificate.', - }, - { - name: 'certificate.sha256', - type: 'keyword', - description: 'SHA256 hash of code signing certificate.', - }, - { - name: 'hash.sha256', - type: 'keyword', - description: 'Hash of process executable.', + name: 'vlan', + title: 'VLAN', + group: 2, + description: + 'The VLAN fields are used to identify 802.1q tag(s) of a packet,\nas well as ingress and egress VLAN associations of an observer in relation to\na specific packet or connection.\n\nNetwork.vlan fields are used to record a single VLAN tag, or the outer tag in\nthe case of q-in-q encapsulations, for a packet or connection as observed, typically\nprovided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic.\n\nNetwork.inner VLAN fields are used to report inner q-in-q 802.1q tags (multiple\n802.1q encapsulations) as observed, typically provided by a network sensor (e.g.\nZeek, Wireshark) passively reporting on traffic. Network.inner VLAN fields should\nonly be used in addition to network.vlan fields to indicate q-in-q tagging.\n\nObserver.ingress and observer.egress VLAN values are used to record observer\nspecific information when observer events contain discrete ingress and egress\nVLAN information, typically provided by firewalls, routers, or load balancers.', + type: 'group', + fields: [ + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + ], }, - ], - }, - { - key: 'system', - title: 'System', - description: 'Module for parsing system log files.', - short_config: true, - fields: [ { - name: 'system', + name: 'vulnerability', + title: 'Vulnerability', + group: 2, + description: + 'The vulnerability fields describe information about a vulnerability\nthat is relevant to an event.', type: 'group', - description: 'Fields from the system log files.', fields: [ { - name: 'auth', - type: 'group', - description: 'Fields from the Linux authorization logs.', - fields: [ + name: 'category', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of system or architecture that the vulnerability affects.\nThese may be platform-specific (for example, Debian or SUSE) or general (for\nexample, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys\nvulnerability categories])\n\nThis field must be an array.', + example: '["Firewall"]', + default_field: false, + }, + { + name: 'classification', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The classification of the vulnerability scoring system. For example\n(https://www.first.org/cvss/)', + example: 'CVSS', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'timestamp', - type: 'alias', - path: '@timestamp', - migration: true, - }, - { - name: 'hostname', - type: 'alias', - path: 'host.hostname', - migration: true, - }, - { - name: 'program', - type: 'alias', - path: 'process.name', - migration: true, - }, - { - name: 'pid', - type: 'alias', - path: 'process.pid', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - { - name: 'user', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'ssh', - type: 'group', - fields: [ - { - name: 'method', - description: - 'The SSH authentication method. Can be one of "password" or "publickey".', - }, - { - name: 'signature', - description: 'The signature of the client public key.', - }, - { - name: 'dropped_ip', - type: 'ip', - description: - 'The client IP from SSH connections that are open and immediately dropped.', - }, - { - name: 'event', - type: 'alias', - path: 'event.action', - migration: true, - }, - { - name: 'ip', - type: 'alias', - path: 'source.ip', - migration: true, - }, - { - name: 'port', - type: 'alias', - path: 'source.port', - migration: true, - }, - { - name: 'geoip', - type: 'group', - fields: [ - { - name: 'continent_name', - type: 'alias', - path: 'source.geo.continent_name', - migration: true, - }, - { - name: 'country_iso_code', - type: 'alias', - path: 'source.geo.country_iso_code', - migration: true, - }, - { - name: 'location', - type: 'alias', - path: 'source.geo.location', - migration: true, - }, - { - name: 'region_name', - type: 'alias', - path: 'source.geo.region_name', - migration: true, - }, - { - name: 'city_name', - type: 'alias', - path: 'source.geo.city_name', - migration: true, - }, - { - name: 'region_iso_code', - type: 'alias', - path: 'source.geo.region_iso_code', - migration: true, - }, - ], - }, - ], - }, - { - name: 'sudo', - type: 'group', - description: 'Fields specific to events created by the `sudo` command.', - fields: [ - { - name: 'error', - example: 'user NOT in sudoers', - description: 'The error message in case the sudo command failed.', - }, - { - name: 'tty', - description: 'The TTY where the sudo command is executed.', - }, - { - name: 'pwd', - description: 'The current directory where the sudo command is executed.', - }, - { - name: 'user', - example: 'root', - description: 'The target user to which the sudo command is switching.', - }, - { - name: 'command', - description: 'The command executed via sudo.', - }, - ], - }, - { - name: 'useradd', - type: 'group', - description: 'Fields specific to events created by the `useradd` command.', - fields: [ - { - name: 'home', - description: 'The home folder for the new user.', - }, - { - name: 'shell', - description: 'The default shell for the new user.', - }, - { - name: 'name', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'uid', - type: 'alias', - path: 'user.id', - migration: true, - }, - { - name: 'gid', - type: 'alias', - path: 'group.id', - migration: true, - }, - ], - }, - { - name: 'groupadd', - type: 'group', - description: 'Fields specific to events created by the `groupadd` command.', - fields: [ - { - name: 'name', - type: 'alias', - path: 'group.name', - migration: true, - }, - { - name: 'gid', - type: 'alias', - path: 'group.id', - migration: true, - }, - ], + name: 'text', + type: 'text', + norms: false, }, ], + description: + 'The description of the vulnerability that provides additional context\nof the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common\nVulnerabilities and Exposure CVE description])', + example: 'In macOS before 2.12.6, there is a vulnerability in the RPC...', + default_field: false, }, { - name: 'syslog', - type: 'group', - description: 'Contains fields from the syslog system logs.', - fields: [ - { - name: 'timestamp', - type: 'alias', - path: '@timestamp', - migration: true, - }, - { - name: 'hostname', - type: 'alias', - path: 'host.hostname', - migration: true, - }, - { - name: 'program', - type: 'alias', - path: 'process.name', - migration: true, - }, - { - name: 'pid', - type: 'alias', - path: 'process.pid', - migration: true, - }, - { - name: 'message', - type: 'alias', - path: 'message', - migration: true, - }, - ], + name: 'enumeration', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of identifier used for this vulnerability. For example\n(https://cve.mitre.org/about/)', + example: 'CVE', + default_field: false, }, - ], - }, - ], - }, - { - key: 'traefik', - title: 'Traefik', - description: 'Module for parsing the Traefik log files.', - fields: [ - { - name: 'traefik', - type: 'group', - description: 'Fields from the Traefik log files.', - fields: [ { - name: 'access', - type: 'group', - description: 'Contains fields for the Traefik access logs.', - fields: [ - { - name: 'user_identifier', - type: 'keyword', - description: 'Is the RFC 1413 identity of the client', - }, - { - name: 'request_count', - type: 'long', - description: 'The number of requests', - }, - { - name: 'frontend_name', - type: 'keyword', - description: 'The name of the frontend used', - }, - { - name: 'backend_url', - type: 'keyword', - description: 'The url of the backend where request is forwarded', - }, - { - name: 'body_sent.bytes', - type: 'alias', - path: 'http.response.body.bytes', - migration: true, - }, - { - name: 'remote_ip', - type: 'alias', - path: 'source.address', - migration: true, - }, - { - name: 'user_name', - type: 'alias', - path: 'user.name', - migration: true, - }, - { - name: 'method', - type: 'alias', - path: 'http.request.method', - migration: true, - }, - { - name: 'url', - type: 'alias', - path: 'url.original', - migration: true, - }, - { - name: 'http_version', - type: 'alias', - path: 'http.version', - migration: true, - }, - { - name: 'response_code', - type: 'alias', - path: 'http.response.status_code', - migration: true, - }, - { - name: 'referrer', - type: 'alias', - path: 'http.request.referrer', - migration: true, - }, - { - name: 'agent', - type: 'alias', - path: 'user_agent.original', - migration: true, - }, - { - name: 'user_agent', - type: 'group', - fields: [ - { - name: 'device', - type: 'alias', - path: 'user_agent.device.name', - }, - { - name: 'name', - type: 'alias', - path: 'user_agent.name', - }, - { - name: 'os', - type: 'alias', - path: 'user_agent.os.full_name', - }, - { - name: 'os_name', - type: 'alias', - path: 'user_agent.os.name', - }, - { - name: 'original', - type: 'alias', - path: 'user_agent.original', - }, - ], - }, - { - name: 'geoip', - type: 'group', - fields: [ - { - name: 'continent_name', - type: 'alias', - path: 'source.geo.continent_name', - }, - { - name: 'country_iso_code', - type: 'alias', - path: 'source.geo.country_iso_code', - }, - { - name: 'location', - type: 'alias', - path: 'source.geo.location', - }, - { - name: 'region_name', - type: 'alias', - path: 'source.geo.region_name', - }, - { - name: 'city_name', - type: 'alias', - path: 'source.geo.city_name', - }, - { - name: 'region_iso_code', - type: 'alias', - path: 'source.geo.region_iso_code', - }, - ], - }, - ], - }, - ], - }, - ], - }, - { - key: 'iptables', - title: 'iptables', - description: 'Module for handling the iptables logs.', - fields: [ - { - name: 'iptables', - type: 'group', - description: 'Fields from the iptables logs.', - fields: [ - { - name: 'ether_type', - type: 'long', - description: 'Value of the ethernet type field identifying the network layer protocol.', - }, - { - name: 'flow_label', - type: 'integer', - description: 'IPv6 flow label.', - }, - { - name: 'fragment_flags', + name: 'id', + level: 'extended', type: 'keyword', - description: 'IP fragment flags. A combination of CE, DF and MF.', - }, - { - name: 'fragment_offset', - type: 'long', - description: 'Offset of the current IP fragment.', - }, - { - name: 'icmp', - type: 'group', - description: 'ICMP fields.', - fields: [ - { - name: 'code', - type: 'long', - description: 'ICMP code.', - }, - { - name: 'id', - type: 'long', - description: 'ICMP ID.', - }, - { - name: 'parameter', - type: 'long', - description: 'ICMP parameter.', - }, - { - name: 'redirect', - type: 'ip', - description: 'ICMP redirect address.', - }, - { - name: 'seq', - type: 'long', - description: 'ICMP sequence number.', - }, - { - name: 'type', - type: 'long', - description: 'ICMP type.', - }, - ], + ignore_above: 1024, + description: + 'The identification (ID) is the number portion of a vulnerability\nentry. It includes a unique identification number for the vulnerability. For\nexample (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities\nand Exposure CVE ID]', + example: 'CVE-2019-00001', + default_field: false, }, { - name: 'id', - type: 'long', - description: 'Packet identifier.', + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A resource that provides additional information, context, and mitigations\nfor the identified vulnerability.', + example: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111', + default_field: false, }, { - name: 'incomplete_bytes', - type: 'long', - description: 'Number of incomplete bytes.', + name: 'report_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The report or scan identification number.', + example: 20191018.0001, + default_field: false, }, { - name: 'input_device', + name: 'scanner.vendor', + level: 'extended', type: 'keyword', - description: 'Device that received the packet.', + ignore_above: 1024, + description: 'The name of the vulnerability scanner vendor.', + example: 'Tenable', + default_field: false, }, { - name: 'precedence_bits', - type: 'short', - description: 'IP precedence bits.', + name: 'score.base', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nBase scores cover an assessment for exploitability metrics (attack vector,\ncomplexity, privileges, and user interaction), impact metrics (confidentiality,\nintegrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document)', + example: 5.5, + default_field: false, }, { - name: 'tos', - type: 'long', - description: 'IP Type of Service field.', + name: 'score.environmental', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nEnvironmental scores cover an assessment for any modified Base metrics, confidentiality,\nintegrity, and availability requirements. For example (https://www.first.org/cvss/specification-document)', + example: 5.5, + default_field: false, }, { - name: 'length', - type: 'long', - description: 'Packet length.', + name: 'score.temporal', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nTemporal scores cover an assessment for code maturity, remediation level,\nand confidence. For example (https://www.first.org/cvss/specification-document)', + default_field: false, }, { - name: 'output_device', + name: 'score.version', + level: 'extended', type: 'keyword', - description: 'Device that output the packet.', - }, - { - name: 'tcp', - type: 'group', - description: 'TCP fields.', - fields: [ - { - name: 'flags', - type: 'keyword', - description: 'TCP flags.', - }, - { - name: 'reserved_bits', - type: 'short', - description: 'TCP reserved bits.', - }, - { - name: 'seq', - type: 'long', - description: 'TCP sequence number.', - }, - { - name: 'ack', - type: 'long', - description: 'TCP Acknowledgment number.', - }, - { - name: 'window', - type: 'long', - description: 'Advertised TCP window size.', - }, - ], - }, - { - name: 'ttl', - type: 'integer', - description: 'Time To Live field.', + ignore_above: 1024, + description: + 'The National Vulnerability Database (NVD) provides qualitative\nseverity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score\nranges in addition to the severity ratings for CVSS v3.0 as they are defined\nin the CVSS v3.0 specification.\n\nCVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit\norganization, whose mission is to help computer security incident response\nteams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss)', + example: 2, + default_field: false, }, { - name: 'udp', - type: 'group', - description: 'UDP fields.', - fields: [ - { - name: 'length', - type: 'long', - description: 'Length of the UDP header and payload.', - }, - ], + name: 'severity', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The severity of the vulnerability can help with metrics and internal\nprioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss)', + example: 'Critical', + default_field: false, }, - { - name: 'ubiquiti', - type: 'group', - description: 'Fields for Ubiquiti network devices.', - fields: [ - { - name: 'input_zone', - type: 'keyword', - description: 'Input zone.', - }, - { - name: 'output_zone', - type: 'keyword', - description: 'Output zone.', - }, - { - name: 'rule_number', - type: 'keyword', - description: 'The rule number within the rule set.', - }, - { - name: 'rule_set', - type: 'keyword', - description: 'The rule set name.', - }, - ], + ], + }, + ], + }, + { + key: 'beat', + anchor: 'beat-common', + title: 'Beat', + description: 'Contains common beat fields available in all event types.\n', + fields: [ + { + name: 'agent.hostname', + type: 'keyword', + description: 'Hostname of the agent.', + }, + { + name: 'beat.timezone', + type: 'alias', + path: 'event.timezone', + migration: true, + }, + { + name: 'fields', + type: 'object', + object_type: 'keyword', + description: 'Contains user configurable fields.\n', + }, + { + name: 'beat.name', + type: 'alias', + path: 'host.name', + migration: true, + }, + { + name: 'beat.hostname', + type: 'alias', + path: 'agent.hostname', + migration: true, + }, + { + name: 'timeseries.instance', + type: 'keyword', + description: 'Time series instance id', + }, + ], + }, + { + key: 'cloud', + title: 'Cloud provider metadata', + description: 'Metadata from cloud providers added by the add_cloud_metadata processor.\n', + fields: [ + { + name: 'cloud.project.id', + example: 'project-x', + description: 'Name of the project in Google Cloud.\n', + }, + { + name: 'cloud.image.id', + example: 'ami-abcd1234', + description: 'Image ID for the cloud instance.\n', + }, + { + name: 'meta.cloud.provider', + type: 'alias', + path: 'cloud.provider', + migration: true, + }, + { + name: 'meta.cloud.instance_id', + type: 'alias', + path: 'cloud.instance.id', + migration: true, + }, + { + name: 'meta.cloud.instance_name', + type: 'alias', + path: 'cloud.instance.name', + migration: true, + }, + { + name: 'meta.cloud.machine_type', + type: 'alias', + path: 'cloud.machine.type', + migration: true, + }, + { + name: 'meta.cloud.availability_zone', + type: 'alias', + path: 'cloud.availability_zone', + migration: true, + }, + { + name: 'meta.cloud.project_id', + type: 'alias', + path: 'cloud.project.id', + migration: true, + }, + { + name: 'meta.cloud.region', + type: 'alias', + path: 'cloud.region', + migration: true, + }, + ], + }, + { + key: 'docker', + title: 'Docker', + description: 'Docker stats collected from Docker.\n', + short_config: false, + anchor: 'docker-processor', + fields: [ + { + name: 'docker', + type: 'group', + fields: [ + { + name: 'container.id', + type: 'alias', + path: 'container.id', + migration: true, + }, + { + name: 'container.image', + type: 'alias', + path: 'container.image.name', + migration: true, + }, + { + name: 'container.name', + type: 'alias', + path: 'container.name', + migration: true, + }, + { + name: 'container.labels', + type: 'object', + object_type: 'keyword', + description: 'Image labels.\n', }, ], }, ], }, { - key: 'netflow-module', - title: 'NetFlow', - description: - 'Module for receiving NetFlow and IPFIX flow records over UDP. The module does not add fields beyond what the netflow input provides.', + key: 'host', + title: 'Host', + description: 'Info collected for the host machine.\n', + anchor: 'host-processor', + fields: [ + { + name: 'host', + type: 'group', + fields: [ + { + name: 'containerized', + type: 'boolean', + description: 'If the host is a container.\n', + }, + { + name: 'os.build', + type: 'keyword', + example: '18D109', + description: 'OS build information.\n', + }, + { + name: 'os.codename', + type: 'keyword', + example: 'stretch', + description: 'OS codename, if any.\n', + }, + ], + }, + ], }, { - key: 'suricata', - title: 'Suricata', - description: 'Module for handling the EVE JSON logs produced by Suricata.', + key: 'kubernetes', + title: 'Kubernetes', + description: 'Kubernetes metadata added by the kubernetes processor\n', + short_config: false, + anchor: 'kubernetes-processor', fields: [ { - name: 'suricata', + name: 'kubernetes', type: 'group', - description: 'Fields from the Suricata EVE log file.', fields: [ { - name: 'eve', - type: 'group', - description: 'Fields exported by the EVE JSON logs', - fields: [ - { - name: 'event_type', - type: 'keyword', - }, - { - name: 'app_proto_orig', - type: 'keyword', - }, - { - name: 'tcp', - type: 'group', - fields: [ - { - name: 'tcp_flags', - type: 'keyword', - }, - { - name: 'psh', - type: 'boolean', - }, - { - name: 'tcp_flags_tc', - type: 'keyword', - }, - { - name: 'ack', - type: 'boolean', - }, - { - name: 'syn', - type: 'boolean', - }, - { - name: 'state', - type: 'keyword', - }, - { - name: 'tcp_flags_ts', - type: 'keyword', - }, - { - name: 'rst', - type: 'boolean', - }, - { - name: 'fin', - type: 'boolean', - }, - ], - }, - { - name: 'fileinfo', - type: 'group', - fields: [ - { - name: 'sha1', - type: 'keyword', - }, - { - name: 'filename', - type: 'alias', - path: 'file.path', - }, - { - name: 'tx_id', - type: 'long', - }, - { - name: 'state', - type: 'keyword', - }, - { - name: 'stored', - type: 'boolean', - }, - { - name: 'gaps', - type: 'boolean', - }, - { - name: 'sha256', - type: 'keyword', - }, - { - name: 'md5', - type: 'keyword', - }, - { - name: 'size', - type: 'alias', - path: 'file.size', - }, - ], - }, - { - name: 'icmp_type', - type: 'long', - }, - { - name: 'dest_port', - type: 'alias', - path: 'destination.port', - }, - { - name: 'src_port', - type: 'alias', - path: 'source.port', - }, - { - name: 'proto', - type: 'alias', - path: 'network.transport', - }, - { - name: 'pcap_cnt', - type: 'long', - }, - { - name: 'src_ip', - type: 'alias', - path: 'source.ip', - }, - { - name: 'dns', - type: 'group', - fields: [ - { - name: 'type', - type: 'keyword', - }, - { - name: 'rrtype', - type: 'keyword', - }, - { - name: 'rrname', - type: 'keyword', - }, - { - name: 'rdata', - type: 'keyword', - }, - { - name: 'tx_id', - type: 'long', - }, - { - name: 'ttl', - type: 'long', - }, - { - name: 'rcode', - type: 'keyword', - }, - { - name: 'id', - type: 'long', - }, - ], - }, + name: 'pod.name', + type: 'keyword', + description: 'Kubernetes pod name\n', + }, + { + name: 'pod.uid', + type: 'keyword', + description: 'Kubernetes Pod UID\n', + }, + { + name: 'namespace', + type: 'keyword', + description: 'Kubernetes namespace\n', + }, + { + name: 'node.name', + type: 'keyword', + description: 'Kubernetes node name\n', + }, + { + name: 'labels.*', + type: 'object', + object_type: 'keyword', + object_type_mapping_type: '*', + description: 'Kubernetes labels map\n', + }, + { + name: 'annotations.*', + type: 'object', + object_type: 'keyword', + object_type_mapping_type: '*', + description: 'Kubernetes annotations map\n', + }, + { + name: 'replicaset.name', + type: 'keyword', + description: 'Kubernetes replicaset name\n', + }, + { + name: 'deployment.name', + type: 'keyword', + description: 'Kubernetes deployment name\n', + }, + { + name: 'statefulset.name', + type: 'keyword', + description: 'Kubernetes statefulset name\n', + }, + { + name: 'container.name', + type: 'keyword', + description: 'Kubernetes container name\n', + }, + { + name: 'container.image', + type: 'keyword', + description: 'Kubernetes container image\n', + }, + ], + }, + ], + }, + { + key: 'process', + title: 'Process', + description: 'Process metadata fields\n', + fields: [ + { + name: 'process', + type: 'group', + fields: [ + { + name: 'exe', + type: 'alias', + path: 'process.executable', + migration: true, + }, + ], + }, + ], + }, + { + key: 'jolokia-autodiscover', + title: 'Jolokia Discovery autodiscover provider', + description: 'Metadata from Jolokia Discovery added by the jolokia provider.\n', + fields: [ + { + name: 'jolokia.agent.version', + type: 'keyword', + description: 'Version number of jolokia agent.\n', + }, + { + name: 'jolokia.agent.id', + type: 'keyword', + description: + 'Each agent has a unique id which can be either provided during startup of the agent in form of a configuration parameter or being autodetected. If autodected, the id has several parts: The IP, the process id, hashcode of the agent and its type.\n', + }, + { + name: 'jolokia.server.product', + type: 'keyword', + description: 'The container product if detected.\n', + }, + { + name: 'jolokia.server.version', + type: 'keyword', + description: "The container's version (if detected).\n", + }, + { + name: 'jolokia.server.vendor', + type: 'keyword', + description: 'The vendor of the container the agent is running in.\n', + }, + { + name: 'jolokia.url', + type: 'keyword', + description: 'The URL how this agent can be contacted.\n', + }, + { + name: 'jolokia.secured', + type: 'boolean', + description: 'Whether the agent was configured for authentication or not.\n', + }, + ], + }, + { + key: 'log', + title: 'Log file content', + description: 'Contains log file lines.\n', + fields: [ + { + name: 'log.file.path', + type: 'keyword', + required: false, + description: + 'The file from which the line was read. This field contains the absolute path to the file. For example: `/var/log/system.log`.\n', + }, + { + name: 'log.source.address', + type: 'keyword', + required: false, + description: 'Source address from which the log event was read / sent from.\n', + }, + { + name: 'log.offset', + type: 'long', + required: false, + description: 'The file offset the reported line starts at.\n', + }, + { + name: 'stream', + type: 'keyword', + required: false, + description: "Log stream when reading container logs, can be 'stdout' or 'stderr'\n", + }, + { + name: 'input.type', + required: true, + description: + 'The input type from which the event was generated. This field is set to the value specified for the `type` option in the input section of the Filebeat config file.\n', + }, + { + name: 'syslog.facility', + type: 'long', + required: false, + description: 'The facility extracted from the priority.\n', + }, + { + name: 'syslog.priority', + type: 'long', + required: false, + description: 'The priority of the syslog event.\n', + }, + { + name: 'syslog.severity_label', + type: 'keyword', + required: false, + description: 'The human readable severity.\n', + }, + { + name: 'syslog.facility_label', + type: 'keyword', + required: false, + description: 'The human readable facility.\n', + }, + { + name: 'process.program', + type: 'keyword', + required: false, + description: 'The name of the program.\n', + }, + { + name: 'log.flags', + description: 'This field contains the flags of the event.\n', + }, + { + name: 'http.response.content_length', + type: 'alias', + path: 'http.response.body.bytes', + migration: true, + }, + { + name: 'user_agent', + type: 'group', + fields: [ + { + name: 'os', + type: 'group', + fields: [ { - name: 'flow_id', + name: 'full_name', type: 'keyword', }, - { - name: 'email', - type: 'group', - fields: [ - { - name: 'status', - type: 'keyword', - }, - ], - }, - { - name: 'dest_ip', - type: 'alias', - path: 'destination.ip', + ], + }, + ], + }, + { + name: 'fileset.name', + type: 'keyword', + description: 'The Filebeat fileset that generated this event.\n', + }, + { + name: 'fileset.module', + type: 'alias', + path: 'event.module', + migration: true, + }, + { + name: 'read_timestamp', + type: 'alias', + path: 'event.created', + migration: true, + }, + { + name: 'docker.attrs', + type: 'object', + object_type: 'keyword', + description: + "docker.attrs contains labels and environment variables written by docker's JSON File logging driver. These fields are only available when they are configured in the logging driver options.\n", + }, + { + name: 'icmp.code', + type: 'keyword', + description: 'ICMP code.\n', + }, + { + name: 'icmp.type', + type: 'keyword', + description: 'ICMP type.\n', + }, + { + name: 'igmp.type', + type: 'keyword', + description: 'IGMP type.\n', + }, + { + name: 'azure', + type: 'group', + fields: [ + { + name: 'eventhub', + type: 'keyword', + description: 'Name of the eventhub.\n', + }, + { + name: 'offset', + type: 'long', + description: 'The offset.\n', + }, + { + name: 'enqueued_time', + type: 'date', + description: 'The enqueued time.\n', + }, + { + name: 'partition_id', + type: 'long', + description: 'The partition id.\n', + }, + { + name: 'consumer_group', + type: 'keyword', + description: 'The consumer group.\n', + }, + { + name: 'sequence_number', + type: 'long', + description: 'The sequence number.\n', + }, + ], + }, + { + name: 'kafka', + type: 'group', + fields: [ + { + name: 'topic', + type: 'keyword', + description: 'Kafka topic\n', + }, + { + name: 'partition', + type: 'long', + description: 'Kafka partition number\n', + }, + { + name: 'offset', + type: 'long', + description: 'Kafka offset of this message\n', + }, + { + name: 'key', + type: 'keyword', + description: 'Kafka key, corresponding to the Kafka value stored in the message\n', + }, + { + name: 'block_timestamp', + type: 'date', + description: 'Kafka outer (compressed) block timestamp\n', + }, + { + name: 'headers', + type: 'array', + description: + 'An array of Kafka header strings for this message, in the form ": ".\n', + }, + ], + }, + ], + }, + { + key: 'apache', + title: 'Apache', + description: 'Apache Module\n', + short_config: true, + fields: [ + { + name: 'apache2', + type: 'group', + description: 'Aliases for backward compatibility with old apache2 fields\n', + fields: [ + { + name: 'access', + type: 'group', + fields: [ + { + name: 'remote_ip', + type: 'alias', + path: 'source.address', + migration: true, }, { - name: 'icmp_code', - type: 'long', + name: 'ssl.protocol', + type: 'alias', + path: 'apache.access.ssl.protocol', + migration: true, }, { - name: 'http', + name: 'ssl.cipher', + type: 'alias', + path: 'apache.access.ssl.cipher', + migration: true, + }, + { + name: 'body_sent.bytes', + type: 'alias', + path: 'http.response.body.bytes', + migration: true, + }, + { + name: 'user_name', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'method', + type: 'alias', + path: 'http.request.method', + migration: true, + }, + { + name: 'url', + type: 'alias', + path: 'url.original', + migration: true, + }, + { + name: 'http_version', + type: 'alias', + path: 'http.version', + migration: true, + }, + { + name: 'response_code', + type: 'alias', + path: 'http.response.status_code', + migration: true, + }, + { + name: 'referrer', + type: 'alias', + path: 'http.request.referrer', + migration: true, + }, + { + name: 'agent', + type: 'alias', + path: 'user_agent.original', + migration: true, + }, + { + name: 'user_agent', type: 'group', fields: [ { - name: 'status', + name: 'device', type: 'alias', - path: 'http.response.status_code', + path: 'user_agent.device.name', + migration: true, }, { - name: 'redirect', - type: 'keyword', + name: 'name', + type: 'alias', + path: 'user_agent.name', + migration: true, }, { - name: 'http_user_agent', + name: 'os', type: 'alias', - path: 'user_agent.original', + path: 'user_agent.os.full_name', + migration: true, }, { - name: 'protocol', - type: 'keyword', + name: 'os_name', + type: 'alias', + path: 'user_agent.os.name', + migration: true, }, { - name: 'http_refer', + name: 'original', type: 'alias', - path: 'http.request.referrer', + path: 'user_agent.original', + migration: true, + }, + ], + }, + { + name: 'geoip', + type: 'group', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + migration: true, }, { - name: 'url', + name: 'country_iso_code', type: 'alias', - path: 'url.original', + path: 'source.geo.country_iso_code', + migration: true, }, { - name: 'hostname', + name: 'location', type: 'alias', - path: 'url.domain', + path: 'source.geo.location', + migration: true, }, { - name: 'length', + name: 'region_name', type: 'alias', - path: 'http.response.body.bytes', + path: 'source.geo.region_name', + migration: true, }, { - name: 'http_method', + name: 'city_name', type: 'alias', - path: 'http.request.method', + path: 'source.geo.city_name', + migration: true, }, { - name: 'http_content_type', - type: 'keyword', + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + migration: true, }, ], }, + ], + }, + { + name: 'error', + type: 'group', + fields: [ { - name: 'timestamp', + name: 'level', type: 'alias', - path: '@timestamp', + path: 'log.level', + migration: true, }, { - name: 'in_iface', - type: 'keyword', + name: 'message', + type: 'alias', + path: 'message', + migration: true, }, { - name: 'alert', - type: 'group', - fields: [ - { - name: 'category', - type: 'keyword', - }, - { - name: 'severity', - type: 'alias', - path: 'event.severity', - }, - { - name: 'rev', - type: 'long', - }, - { - name: 'gid', - type: 'long', - }, - { - name: 'signature', - type: 'keyword', - }, - { - name: 'action', - type: 'alias', - path: 'event.outcome', - }, - { - name: 'signature_id', - type: 'long', - }, - ], + name: 'pid', + type: 'alias', + path: 'process.pid', + migration: true, }, { - name: 'ssh', - type: 'group', - fields: [ - { - name: 'client', - type: 'group', - fields: [ - { - name: 'proto_version', - type: 'keyword', - }, - { - name: 'software_version', - type: 'keyword', - }, - ], - }, - { - name: 'server', - type: 'group', - fields: [ - { - name: 'proto_version', - type: 'keyword', - }, - { - name: 'software_version', - type: 'keyword', - }, - ], - }, - ], + name: 'tid', + type: 'alias', + path: 'process.thread.id', + migration: true, }, { - name: 'stats', - type: 'group', - fields: [ - { - name: 'capture', - type: 'group', - fields: [ - { - name: 'kernel_packets', - type: 'long', - }, - { - name: 'kernel_drops', - type: 'long', - }, - { - name: 'kernel_ifdrops', - type: 'long', - }, - ], - }, - { - name: 'uptime', - type: 'long', - }, - { - name: 'detect', - type: 'group', - fields: [ - { - name: 'alert', - type: 'long', - }, - ], - }, - { - name: 'http', - type: 'group', - fields: [ - { - name: 'memcap', - type: 'long', - }, - { - name: 'memuse', - type: 'long', - }, - ], - }, - { - name: 'file_store', - type: 'group', - fields: [ - { - name: 'open_files', - type: 'long', - }, - ], - }, - { - name: 'defrag', - type: 'group', - fields: [ - { - name: 'max_frag_hits', - type: 'long', - }, - { - name: 'ipv4', - type: 'group', - fields: [ - { - name: 'timeouts', - type: 'long', - }, - { - name: 'fragments', - type: 'long', - }, - { - name: 'reassembled', - type: 'long', - }, - ], - }, - { - name: 'ipv6', - type: 'group', - fields: [ - { - name: 'timeouts', - type: 'long', - }, - { - name: 'fragments', - type: 'long', - }, - { - name: 'reassembled', - type: 'long', - }, - ], - }, - ], - }, - { - name: 'flow', - type: 'group', - fields: [ - { - name: 'tcp_reuse', - type: 'long', - }, - { - name: 'udp', - type: 'long', - }, - { - name: 'memcap', - type: 'long', - }, - { - name: 'emerg_mode_entered', - type: 'long', - }, - { - name: 'emerg_mode_over', - type: 'long', - }, - { - name: 'tcp', - type: 'long', - }, - { - name: 'icmpv6', - type: 'long', - }, - { - name: 'icmpv4', - type: 'long', - }, - { - name: 'spare', - type: 'long', - }, - { - name: 'memuse', - type: 'long', - }, - ], - }, - { - name: 'tcp', - type: 'group', - fields: [ - { - name: 'pseudo_failed', - type: 'long', - }, - { - name: 'ssn_memcap_drop', - type: 'long', - }, - { - name: 'insert_data_overlap_fail', - type: 'long', - }, - { - name: 'sessions', - type: 'long', - }, - { - name: 'pseudo', - type: 'long', - }, - { - name: 'synack', - type: 'long', - }, - { - name: 'insert_data_normal_fail', - type: 'long', - }, - { - name: 'syn', - type: 'long', - }, - { - name: 'memuse', - type: 'long', - }, - { - name: 'invalid_checksum', + name: 'module', + type: 'alias', + path: 'apache.error.module', + migration: true, + }, + ], + }, + ], + }, + { + name: 'apache', + type: 'group', + description: 'Apache fields.\n', + fields: [ + { + name: 'access', + type: 'group', + description: 'Contains fields for the Apache HTTP Server access logs.\n', + fields: [ + { + name: 'ssl.protocol', + type: 'keyword', + description: 'SSL protocol version.\n', + }, + { + name: 'ssl.cipher', + type: 'keyword', + description: 'SSL cipher name.\n', + }, + ], + }, + { + name: 'error', + type: 'group', + description: 'Fields from the Apache error logs.\n', + fields: [ + { + name: 'module', + type: 'keyword', + description: 'The module producing the logged message.\n', + }, + ], + }, + ], + }, + ], + }, + { + key: 'auditd', + title: 'Auditd', + description: 'Module for parsing auditd logs.\n', + short_config: true, + fields: [ + { + name: 'user', + type: 'group', + fields: [ + { + name: 'terminal', + type: 'keyword', + description: + 'Terminal or tty device on which the user is performing the observed activity.\n', + }, + { + name: 'audit', + type: 'group', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'One or multiple unique identifiers of the user.\n', + }, + { + name: 'name', + type: 'keyword', + example: 'albert', + description: 'Short name or login of the user.\n', + }, + { + name: 'group.id', + type: 'keyword', + description: 'Unique identifier for the group on the system/platform.\n', + }, + { + name: 'group.name', + type: 'keyword', + description: 'Name of the group.\n', + }, + ], + }, + { + name: 'effective', + type: 'group', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'One or multiple unique identifiers of the user.\n', + }, + { + name: 'name', + type: 'keyword', + example: 'albert', + description: 'Short name or login of the user.\n', + }, + { + name: 'group.id', + type: 'keyword', + description: 'Unique identifier for the group on the system/platform.\n', + }, + { + name: 'group.name', + type: 'keyword', + description: 'Name of the group.\n', + }, + ], + }, + { + name: 'filesystem', + type: 'group', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'One or multiple unique identifiers of the user.\n', + }, + { + name: 'name', + type: 'keyword', + example: 'albert', + description: 'Short name or login of the user.\n', + }, + { + name: 'group.id', + type: 'keyword', + description: 'Unique identifier for the group on the system/platform.\n', + }, + { + name: 'group.name', + type: 'keyword', + description: 'Name of the group.\n', + }, + ], + }, + { + name: 'owner', + type: 'group', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'One or multiple unique identifiers of the user.\n', + }, + { + name: 'name', + type: 'keyword', + example: 'albert', + description: 'Short name or login of the user.\n', + }, + { + name: 'group.id', + type: 'keyword', + description: 'Unique identifier for the group on the system/platform.\n', + }, + { + name: 'group.name', + type: 'keyword', + description: 'Name of the group.\n', + }, + ], + }, + { + name: 'saved', + type: 'group', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'One or multiple unique identifiers of the user.\n', + }, + { + name: 'name', + type: 'keyword', + example: 'albert', + description: 'Short name or login of the user.\n', + }, + { + name: 'group.id', + type: 'keyword', + description: 'Unique identifier for the group on the system/platform.\n', + }, + { + name: 'group.name', + type: 'keyword', + description: 'Name of the group.\n', + }, + ], + }, + ], + }, + { + name: 'auditd', + type: 'group', + description: 'Fields from the auditd logs.\n', + fields: [ + { + name: 'log', + type: 'group', + description: + 'Fields from the Linux audit log. Not all fields are documented here because they are dynamic and vary by audit event type.\n', + fields: [ + { + name: 'old_auid', + description: + 'For login events this is the old audit ID used for the user prior to this login.\n', + }, + { + name: 'new_auid', + description: + 'For login events this is the new audit ID. The audit ID can be used to trace future events to the user even if their identity changes (like becoming root).\n', + }, + { + name: 'old_ses', + description: + 'For login events this is the old session ID used for the user prior to this login.\n', + }, + { + name: 'new_ses', + description: + 'For login events this is the new session ID. It can be used to tie a user to future events by session ID.\n', + }, + { + name: 'sequence', + type: 'long', + description: 'The audit event sequence number.\n', + }, + { + name: 'items', + description: 'The number of items in an event.\n', + }, + { + name: 'item', + description: + 'The item field indicates which item out of the total number of items. This number is zero-based; a value of 0 means it is the first item.\n', + }, + { + name: 'tty', + type: 'keyword', + definition: 'TTY udevice the user is running programs on.\n', + }, + { + name: 'a0', + description: 'The first argument to the system call.\n', + }, + { + name: 'addr', + type: 'ip', + definition: 'Remote address that the user is connecting from.\n', + }, + { + name: 'rport', + type: 'long', + definition: 'Remote port number.\n', + }, + { + name: 'laddr', + type: 'ip', + definition: 'Local network address.\n', + }, + { + name: 'lport', + type: 'long', + definition: 'Local port number.\n', + }, + { + name: 'acct', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'pid', + type: 'alias', + path: 'process.pid', + migration: true, + }, + { + name: 'ppid', + type: 'alias', + path: 'process.ppid', + migration: true, + }, + { + name: 'res', + type: 'alias', + path: 'event.outcome', + migration: true, + }, + { + name: 'record_type', + type: 'alias', + path: 'event.action', + migration: true, + }, + { + name: 'geoip', + type: 'group', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + migration: true, + }, + { + name: 'country_iso_code', + type: 'alias', + path: 'source.geo.country_iso_code', + migration: true, + }, + { + name: 'location', + type: 'alias', + path: 'source.geo.location', + migration: true, + }, + { + name: 'region_name', + type: 'alias', + path: 'source.geo.region_name', + migration: true, + }, + { + name: 'city_name', + type: 'alias', + path: 'source.geo.city_name', + migration: true, + }, + { + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + migration: true, + }, + ], + }, + { + name: 'arch', + type: 'alias', + path: 'host.architecture', + migration: true, + }, + { + name: 'gid', + type: 'alias', + path: 'user.group.id', + migration: true, + }, + { + name: 'uid', + type: 'alias', + path: 'user.id', + migration: true, + }, + { + name: 'agid', + type: 'alias', + path: 'user.audit.group.id', + migration: true, + }, + { + name: 'auid', + type: 'alias', + path: 'user.audit.id', + migration: true, + }, + { + name: 'fsgid', + type: 'alias', + path: 'user.filesystem.group.id', + migration: true, + }, + { + name: 'fsuid', + type: 'alias', + path: 'user.filesystem.id', + migration: true, + }, + { + name: 'egid', + type: 'alias', + path: 'user.effective.group.id', + migration: true, + }, + { + name: 'euid', + type: 'alias', + path: 'user.effective.id', + migration: true, + }, + { + name: 'sgid', + type: 'alias', + path: 'user.saved.group.id', + migration: true, + }, + { + name: 'suid', + type: 'alias', + path: 'user.saved.id', + migration: true, + }, + { + name: 'ogid', + type: 'alias', + path: 'user.owner.group.id', + migration: true, + }, + { + name: 'ouid', + type: 'alias', + path: 'user.owner.id', + migration: true, + }, + { + name: 'comm', + type: 'alias', + path: 'process.name', + migration: true, + }, + { + name: 'exe', + type: 'alias', + path: 'process.executable', + migration: true, + }, + { + name: 'terminal', + type: 'alias', + path: 'user.terminal', + migration: true, + }, + { + name: 'msg', + type: 'alias', + path: 'message', + migration: true, + }, + { + name: 'src', + type: 'alias', + path: 'source.address', + migration: true, + }, + { + name: 'dst', + type: 'alias', + path: 'destination.address', + migration: true, + }, + ], + }, + ], + }, + ], + }, + { + key: 'elasticsearch', + title: 'elasticsearch', + description: 'elasticsearch Module\n', + fields: [ + { + name: 'elasticsearch', + type: 'group', + description: '\n', + fields: [ + { + name: 'component', + description: 'Elasticsearch component from where the log event originated', + example: 'o.e.c.m.MetaDataCreateIndexService', + type: 'keyword', + }, + { + name: 'cluster.uuid', + description: 'UUID of the cluster', + example: 'GmvrbHlNTiSVYiPf8kxg9g', + type: 'keyword', + }, + { + name: 'cluster.name', + description: 'Name of the cluster', + example: 'docker-cluster', + type: 'keyword', + }, + { + name: 'node.id', + description: 'ID of the node', + example: 'DSiWcTyeThWtUXLB9J0BMw', + type: 'keyword', + }, + { + name: 'node.name', + description: 'Name of the node', + example: 'vWNJsZ3', + type: 'keyword', + }, + { + name: 'index.name', + description: 'Index name', + example: 'filebeat-test-input', + type: 'keyword', + }, + { + name: 'index.id', + description: 'Index id', + example: 'aOGgDwbURfCV57AScqbCgw', + type: 'keyword', + }, + { + name: 'shard.id', + description: 'Id of the shard', + example: '0', + type: 'keyword', + }, + { + name: 'audit', + type: 'group', + description: '\n', + fields: [ + { + name: 'layer', + description: + 'The layer from which this event originated: rest, transport or ip_filter', + example: 'rest', + type: 'keyword', + }, + { + name: 'event_type', + description: + 'The type of event that occurred: anonymous_access_denied, authentication_failed, access_denied, access_granted, connection_granted, connection_denied, tampered_request, run_as_granted, run_as_denied', + example: 'access_granted', + type: 'keyword', + }, + { + name: 'origin.type', + description: + 'Where the request originated: rest (request originated from a REST API request), transport (request was received on the transport channel), local_node (the local node issued the request)', + example: 'local_node', + type: 'keyword', + }, + { + name: 'realm', + description: 'The authentication realm the authentication was validated against', + example: 'default_file', + type: 'keyword', + }, + { + name: 'user.realm', + description: "The user's authentication realm, if authenticated", + example: 'active_directory', + type: 'keyword', + }, + { + name: 'user.roles', + description: 'Roles to which the principal belongs', + example: ['kibana_user', 'beats_admin'], + type: 'keyword', + }, + { + name: 'action', + description: 'The name of the action that was executed', + example: 'cluster:monitor/main', + type: 'keyword', + }, + { + name: 'url.params', + description: 'REST URI parameters', + example: '{username=jacknich2}', + }, + { + name: 'indices', + description: 'Indices accessed by action', + example: ['foo-2019.01.04', 'foo-2019.01.03', 'foo-2019.01.06'], + type: 'keyword', + }, + { + name: 'request.id', + description: 'Unique ID of request', + example: 'WzL_kb6VSvOhAq0twPvHOQ', + type: 'keyword', + }, + { + name: 'request.name', + description: 'The type of request that was executed', + example: 'ClearScrollRequest', + type: 'keyword', + }, + { + name: 'request_body', + type: 'alias', + path: 'http.request.body.content', + migration: true, + }, + { + name: 'origin_address', + type: 'alias', + path: 'source.ip', + migration: true, + }, + { + name: 'uri', + type: 'alias', + path: 'url.original', + migration: true, + }, + { + name: 'principal', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'message', + type: 'text', + }, + ], + }, + { + name: 'gc', + type: 'group', + description: 'GC fileset fields.\n', + fields: [ + { + name: 'phase', + type: 'group', + description: 'Fields specific to GC phase.\n', + fields: [ + { + name: 'name', + type: 'keyword', + description: 'Name of the GC collection phase.\n', + }, + { + name: 'duration_sec', + type: 'float', + description: + 'Collection phase duration according to the Java virtual machine.\n', + }, + { + name: 'scrub_symbol_table_time_sec', + type: 'float', + description: 'Pause time in seconds cleaning up symbol tables.\n', + }, + { + name: 'scrub_string_table_time_sec', + type: 'float', + description: 'Pause time in seconds cleaning up string tables.\n', + }, + { + name: 'weak_refs_processing_time_sec', + type: 'float', + description: 'Time spent processing weak references in seconds.\n', + }, + { + name: 'parallel_rescan_time_sec', + type: 'float', + description: + 'Time spent in seconds marking live objects while application is stopped.\n', + }, + { + name: 'class_unload_time_sec', + type: 'float', + description: 'Time spent unloading unused classes in seconds.\n', + }, + { + name: 'cpu_time', + type: 'group', + description: 'Process CPU time spent performing collections.\n', + fields: [ + { + name: 'user_sec', + type: 'float', + description: 'CPU time spent outside the kernel.\n', + }, + { + name: 'sys_sec', + type: 'float', + description: 'CPU time spent inside the kernel.\n', + }, + { + name: 'real_sec', + type: 'float', + description: + 'Total elapsed CPU time spent to complete the collection from start to finish.\n', + }, + ], + }, + ], + }, + { + name: 'jvm_runtime_sec', + type: 'float', + description: 'The time from JVM start up in seconds, as a floating point number.\n', + }, + { + name: 'threads_total_stop_time_sec', + type: 'float', + description: 'Garbage collection threads total stop time seconds.\n', + }, + { + name: 'stopping_threads_time_sec', + type: 'float', + description: 'Time took to stop threads seconds.\n', + }, + { + name: 'tags', + type: 'keyword', + description: 'GC logging tags.\n', + }, + { + name: 'heap', + type: 'group', + description: 'Heap allocation and total size.\n', + fields: [ + { + name: 'size_kb', + type: 'integer', + description: 'Total heap size in kilobytes.\n', + }, + { + name: 'used_kb', + type: 'integer', + description: 'Used heap in kilobytes.\n', + }, + ], + }, + { + name: 'old_gen', + type: 'group', + description: 'Old generation occupancy and total size.\n', + fields: [ + { + name: 'size_kb', + type: 'integer', + description: 'Total size of old generation in kilobytes.\n', + }, + { + name: 'used_kb', + type: 'integer', + description: 'Old generation occupancy in kilobytes.\n', + }, + ], + }, + { + name: 'young_gen', + type: 'group', + description: 'Young generation occupancy and total size.\n', + fields: [ + { + name: 'size_kb', + type: 'integer', + description: 'Total size of young generation in kilobytes.\n', + }, + { + name: 'used_kb', + type: 'integer', + description: 'Young generation occupancy in kilobytes.\n', + }, + ], + }, + ], + }, + { + name: 'server', + description: 'Server log file', + type: 'group', + fields: [ + { + name: 'stacktrace', + description: 'Stack trace in case of errors', + index: false, + }, + { + name: 'gc', + description: 'GC log', + type: 'group', + fields: [ + { + name: 'young', + description: 'Young GC', + example: '', + type: 'group', + fields: [ + { + name: 'one', + description: '', + example: '', + type: 'long', + }, + { + name: 'two', + description: '', + example: '', + type: 'long', + }, + ], + }, + { + name: 'overhead_seq', + description: 'Sequence number', + example: 3449992, + type: 'long', + }, + { + name: 'collection_duration.ms', + description: 'Time spent in GC, in milliseconds', + example: 1600, + type: 'float', + }, + { + name: 'observation_duration.ms', + description: 'Total time over which collection was observed, in milliseconds', + example: 1800, + type: 'float', + }, + ], + }, + ], + }, + { + name: 'slowlog', + description: 'Slowlog events from Elasticsearch', + example: + '[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{"query":{"match_all":{"boost":1.0}}}],', + type: 'group', + fields: [ + { + name: 'logger', + description: 'Logger name', + example: 'index.search.slowlog.fetch', + type: 'keyword', + }, + { + name: 'took', + description: 'Time it took to execute the query', + example: '300ms', + type: 'keyword', + }, + { + name: 'types', + description: 'Types', + example: '', + type: 'keyword', + }, + { + name: 'stats', + description: 'Stats groups', + example: 'group1', + type: 'keyword', + }, + { + name: 'search_type', + description: 'Search type', + example: 'QUERY_THEN_FETCH', + type: 'keyword', + }, + { + name: 'source_query', + description: 'Slow query', + example: '{"query":{"match_all":{"boost":1.0}}}', + type: 'keyword', + }, + { + name: 'extra_source', + description: 'Extra source information', + example: '', + type: 'keyword', + }, + { + name: 'total_hits', + description: 'Total hits', + example: 42, + type: 'keyword', + }, + { + name: 'total_shards', + description: 'Total queried shards', + example: 22, + type: 'keyword', + }, + { + name: 'routing', + description: 'Routing', + example: 's01HZ2QBk9jw4gtgaFtn', + type: 'keyword', + }, + { + name: 'id', + description: 'Id', + example: '', + type: 'keyword', + }, + { + name: 'type', + description: 'Type', + example: 'doc', + type: 'keyword', + }, + { + name: 'source', + description: 'Source of document that was indexed', + type: 'keyword', + }, + ], + }, + ], + }, + ], + }, + { + key: 'haproxy', + title: 'haproxy', + description: 'haproxy Module\n', + fields: [ + { + name: 'haproxy', + type: 'group', + description: '\n', + fields: [ + { + name: 'frontend_name', + description: + 'Name of the frontend (or listener) which received and processed the connection.', + }, + { + name: 'backend_name', + description: + 'Name of the backend (or listener) which was selected to manage the connection to the server.', + }, + { + name: 'server_name', + description: 'Name of the last server to which the connection was sent.', + }, + { + name: 'total_waiting_time_ms', + description: 'Total time in milliseconds spent waiting in the various queues', + type: 'long', + }, + { + name: 'connection_wait_time_ms', + description: + 'Total time in milliseconds spent waiting for the connection to establish to the final server', + type: 'long', + }, + { + name: 'bytes_read', + description: 'Total number of bytes transmitted to the client when the log is emitted.', + type: 'long', + }, + { + name: 'time_queue', + description: 'Total time in milliseconds spent waiting in the various queues.', + type: 'long', + }, + { + name: 'time_backend_connect', + description: + 'Total time in milliseconds spent waiting for the connection to establish to the final server, including retries.', + type: 'long', + }, + { + name: 'server_queue', + description: + 'Total number of requests which were processed before this one in the server queue.', + type: 'long', + }, + { + name: 'backend_queue', + description: + "Total number of requests which were processed before this one in the backend's global queue.", + type: 'long', + }, + { + name: 'bind_name', + description: 'Name of the listening address which received the connection.', + }, + { + name: 'error_message', + description: 'Error message logged by HAProxy in case of error.', + type: 'text', + }, + { + name: 'source', + type: 'keyword', + description: 'The HAProxy source of the log', + }, + { + name: 'termination_state', + description: 'Condition the session was in when the session ended.', + }, + { + name: 'mode', + type: 'keyword', + description: 'mode that the frontend is operating (TCP or HTTP)', + }, + { + name: 'connections', + description: 'Contains various counts of connections active in the process.', + type: 'group', + fields: [ + { + name: 'active', + description: + 'Total number of concurrent connections on the process when the session was logged.', + type: 'long', + }, + { + name: 'frontend', + description: + 'Total number of concurrent connections on the frontend when the session was logged.', + type: 'long', + }, + { + name: 'backend', + description: + 'Total number of concurrent connections handled by the backend when the session was logged.', + type: 'long', + }, + { + name: 'server', + description: + 'Total number of concurrent connections still active on the server when the session was logged.', + type: 'long', + }, + { + name: 'retries', + description: + 'Number of connection retries experienced by this session when trying to connect to the server.', + type: 'long', + }, + ], + }, + { + name: 'client', + description: 'Information about the client doing the request', + type: 'group', + fields: [ + { + name: 'ip', + type: 'alias', + path: 'source.address', + migration: true, + }, + { + name: 'port', + type: 'alias', + path: 'source.port', + migration: true, + }, + ], + }, + { + name: 'process_name', + type: 'alias', + path: 'process.name', + migration: true, + }, + { + name: 'pid', + type: 'alias', + path: 'process.pid', + migration: true, + }, + { + name: 'destination', + description: 'Destination information', + type: 'group', + fields: [ + { + name: 'port', + type: 'alias', + path: 'destination.port', + migration: true, + }, + { + name: 'ip', + type: 'alias', + path: 'destination.ip', + migration: true, + }, + ], + }, + { + name: 'geoip', + type: 'group', + description: + 'Contains GeoIP information gathered based on the client.ip field. Only present if the GeoIP Elasticsearch plugin is available and used.\n', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + migration: true, + }, + { + name: 'country_iso_code', + type: 'alias', + path: 'source.geo.country_iso_code', + migration: true, + }, + { + name: 'location', + type: 'alias', + path: 'source.geo.location', + migration: true, + }, + { + name: 'region_name', + type: 'alias', + path: 'source.geo.region_name', + migration: true, + }, + { + name: 'city_name', + type: 'alias', + path: 'source.geo.city_name', + migration: true, + }, + { + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + migration: true, + }, + ], + }, + { + name: 'http', + description: 'Please add description', + type: 'group', + fields: [ + { + name: 'response', + description: 'Fields related to the HTTP response', + type: 'group', + fields: [ + { + name: 'captured_cookie', + description: + 'Optional "name=value" entry indicating that the client had this cookie in the response.\n', + }, + { + name: 'captured_headers', + description: + 'List of headers captured in the response due to the presence of the "capture response header" statement in the frontend.\n', + type: 'keyword', + }, + { + name: 'status_code', + type: 'alias', + path: 'http.response.status_code', + migration: true, + }, + ], + }, + { + name: 'request', + description: 'Fields related to the HTTP request', + type: 'group', + fields: [ + { + name: 'captured_cookie', + description: + 'Optional "name=value" entry indicating that the server has returned a cookie with its request.\n', + }, + { + name: 'captured_headers', + description: + 'List of headers captured in the request due to the presence of the "capture request header" statement in the frontend.\n', + type: 'keyword', + }, + { + name: 'raw_request_line', + description: + 'Complete HTTP request line, including the method, request and HTTP version string.', + type: 'keyword', + }, + { + name: 'time_wait_without_data_ms', + description: + 'Total time in milliseconds spent waiting for the server to send a full HTTP response, not counting data.', + type: 'long', + }, + { + name: 'time_wait_ms', + description: + 'Total time in milliseconds spent waiting for a full HTTP request from the client (not counting body) after the first byte was received.', + type: 'long', + }, + ], + }, + ], + }, + { + name: 'tcp', + description: 'TCP log format', + type: 'group', + fields: [ + { + name: 'connection_waiting_time_ms', + type: 'long', + description: + 'Total time in milliseconds elapsed between the accept and the last close', + }, + ], + }, + ], + }, + ], + }, + { + key: 'icinga', + title: 'Icinga', + description: 'Icinga Module\n', + fields: [ + { + name: 'icinga', + type: 'group', + description: '\n', + fields: [ + { + name: 'debug', + type: 'group', + description: 'Contains fields for the Icinga debug logs.\n', + fields: [ + { + name: 'facility', + type: 'keyword', + description: 'Specifies what component of Icinga logged the message.\n', + }, + { + name: 'severity', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + { + name: 'main', + type: 'group', + description: 'Contains fields for the Icinga main logs.\n', + fields: [ + { + name: 'facility', + type: 'keyword', + description: 'Specifies what component of Icinga logged the message.\n', + }, + { + name: 'severity', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + { + name: 'startup', + type: 'group', + description: 'Contains fields for the Icinga startup logs.\n', + fields: [ + { + name: 'facility', + type: 'keyword', + description: 'Specifies what component of Icinga logged the message.\n', + }, + { + name: 'severity', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + ], + }, + ], + }, + { + key: 'iis', + title: 'IIS', + description: 'Module for parsing IIS log files.\n', + fields: [ + { + name: 'iis', + type: 'group', + description: 'Fields from IIS log files.\n', + fields: [ + { + name: 'access', + type: 'group', + description: 'Contains fields for IIS access logs.\n', + fields: [ + { + name: 'sub_status', + type: 'long', + description: 'The HTTP substatus code.\n', + }, + { + name: 'win32_status', + type: 'long', + description: 'The Windows status code.\n', + }, + { + name: 'site_name', + type: 'keyword', + description: 'The site name and instance number.\n', + }, + { + name: 'server_name', + type: 'keyword', + description: 'The name of the server on which the log file entry was generated.\n', + }, + { + name: 'cookie', + type: 'keyword', + description: 'The content of the cookie sent or received, if any.\n', + }, + { + name: 'body_received.bytes', + type: 'alias', + path: 'http.request.body.bytes', + migration: true, + }, + { + name: 'body_sent.bytes', + type: 'alias', + path: 'http.response.body.bytes', + migration: true, + }, + { + name: 'server_ip', + type: 'alias', + path: 'destination.address', + migration: true, + }, + { + name: 'method', + type: 'alias', + path: 'http.request.method', + migration: true, + }, + { + name: 'url', + type: 'alias', + path: 'url.path', + migration: true, + }, + { + name: 'query_string', + type: 'alias', + path: 'url.query', + migration: true, + }, + { + name: 'port', + type: 'alias', + path: 'destination.port', + migration: true, + }, + { + name: 'user_name', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'remote_ip', + type: 'alias', + path: 'source.address', + migration: true, + }, + { + name: 'referrer', + type: 'alias', + path: 'http.request.referrer', + migration: true, + }, + { + name: 'response_code', + type: 'alias', + path: 'http.response.status_code', + migration: true, + }, + { + name: 'http_version', + type: 'alias', + path: 'http.version', + migration: true, + }, + { + name: 'hostname', + type: 'alias', + path: 'host.hostname', + migration: true, + }, + { + name: 'user_agent', + type: 'group', + fields: [ + { + name: 'device', + type: 'alias', + path: 'user_agent.device.name', + migration: true, + }, + { + name: 'name', + type: 'alias', + path: 'user_agent.name', + migration: true, + }, + { + name: 'os', + type: 'alias', + path: 'user_agent.os.full_name', + migration: true, + }, + { + name: 'os_name', + type: 'alias', + path: 'user_agent.os.name', + migration: true, + }, + { + name: 'original', + type: 'alias', + path: 'user_agent.original', + migration: true, + }, + ], + }, + { + name: 'geoip', + type: 'group', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + migration: true, + }, + { + name: 'country_iso_code', + type: 'alias', + path: 'source.geo.country_iso_code', + migration: true, + }, + { + name: 'location', + type: 'alias', + path: 'source.geo.location', + migration: true, + }, + { + name: 'region_name', + type: 'alias', + path: 'source.geo.region_name', + migration: true, + }, + { + name: 'city_name', + type: 'alias', + path: 'source.geo.city_name', + migration: true, + }, + { + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + migration: true, + }, + ], + }, + ], + }, + { + name: 'error', + type: 'group', + description: 'Contains fields for IIS error logs.\n', + fields: [ + { + name: 'reason_phrase', + type: 'keyword', + description: 'The HTTP reason phrase.\n', + }, + { + name: 'queue_name', + type: 'keyword', + description: 'The IIS application pool name.\n', + }, + { + name: 'remote_ip', + type: 'alias', + path: 'source.address', + migration: true, + }, + { + name: 'remote_port', + type: 'alias', + path: 'source.port', + migration: true, + }, + { + name: 'server_ip', + type: 'alias', + path: 'destination.address', + migration: true, + }, + { + name: 'server_port', + type: 'alias', + path: 'destination.port', + migration: true, + }, + { + name: 'http_version', + type: 'alias', + path: 'http.version', + migration: true, + }, + { + name: 'method', + type: 'alias', + path: 'http.request.method', + migration: true, + }, + { + name: 'url', + type: 'alias', + path: 'url.original', + migration: true, + }, + { + name: 'response_code', + type: 'alias', + path: 'http.response.status_code', + migration: true, + }, + { + name: 'geoip', + type: 'group', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + migration: true, + }, + { + name: 'country_iso_code', + type: 'alias', + path: 'source.geo.country_iso_code', + migration: true, + }, + { + name: 'location', + type: 'alias', + path: 'source.geo.location', + migration: true, + }, + { + name: 'region_name', + type: 'alias', + path: 'source.geo.region_name', + migration: true, + }, + { + name: 'city_name', + type: 'alias', + path: 'source.geo.city_name', + migration: true, + }, + { + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + migration: true, + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + key: 'kafka', + title: 'Kafka', + description: 'Kafka module\n', + fields: [ + { + name: 'kafka', + type: 'group', + description: '\n', + fields: [ + { + name: 'log', + type: 'group', + description: 'Kafka log lines.\n', + fields: [ + { + name: 'level', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + { + name: 'component', + type: 'keyword', + description: 'Component the log is coming from.\n', + }, + { + name: 'class', + type: 'keyword', + description: 'Java class the log is coming from.\n', + }, + { + name: 'trace', + type: 'group', + description: 'Trace in the log line.\n', + fields: [ + { + name: 'class', + type: 'keyword', + description: 'Java class the trace is coming from.\n', + }, + { + name: 'message', + type: 'text', + description: 'Message part of the trace.\n', + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + key: 'kibana', + title: 'kibana', + description: 'kibana Module\n', + fields: [ + { + name: 'kibana', + type: 'group', + description: '\n', + fields: [ + { + name: 'log', + type: 'group', + description: 'Kafka log lines.\n', + fields: [ + { + name: 'tags', + type: 'keyword', + description: 'Kibana logging tags.\n', + }, + { + name: 'state', + type: 'keyword', + description: 'Current state of Kibana.\n', + }, + { + name: 'meta', + type: 'object', + object_type: 'keyword', + }, + { + name: 'kibana.log.meta.req.headers.referer', + type: 'alias', + path: 'http.request.referrer', + migration: true, + }, + { + name: 'kibana.log.meta.req.referer', + type: 'alias', + path: 'http.request.referrer', + migration: true, + }, + { + name: 'kibana.log.meta.req.headers.user-agent', + type: 'alias', + path: 'user_agent.original', + migration: true, + }, + { + name: 'kibana.log.meta.req.remoteAddress', + type: 'alias', + path: 'source.address', + migration: true, + }, + { + name: 'kibana.log.meta.req.url', + type: 'alias', + path: 'url.original', + migration: true, + }, + { + name: 'kibana.log.meta.statusCode', + type: 'alias', + path: 'http.response.status_code', + migration: true, + }, + { + name: 'kibana.log.meta.method', + type: 'alias', + path: 'http.request.method', + migration: true, + }, + ], + }, + ], + }, + ], + }, + { + key: 'logstash', + title: 'logstash', + description: 'logstash Module\n', + fields: [ + { + name: 'logstash', + type: 'group', + description: '\n', + fields: [ + { + name: 'log', + title: 'Logstash', + type: 'group', + description: 'Fields from the Logstash logs.\n', + fields: [ + { + name: 'module', + type: 'keyword', + description: 'The module or class where the event originate.\n', + }, + { + name: 'thread', + type: 'keyword', + description: 'Information about the running thread where the log originate.\n', + multi_fields: [ + { + name: 'text', + type: 'text', + }, + ], + }, + { + name: 'log_event', + type: 'object', + description: 'key and value debugging information.\n', + }, + { + name: 'pipeline_id', + type: 'keyword', + example: 'main', + description: 'The ID of the pipeline.\n', + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + { + name: 'level', + type: 'alias', + path: 'log.level', + migration: true, + }, + ], + }, + { + name: 'slowlog', + type: 'group', + description: 'slowlog\n', + fields: [ + { + name: 'module', + type: 'keyword', + description: 'The module or class where the event originate.\n', + }, + { + name: 'thread', + type: 'keyword', + description: 'Information about the running thread where the log originate.\n', + multi_fields: [ + { + name: 'text', + type: 'text', + }, + ], + }, + { + name: 'event', + type: 'keyword', + description: 'Raw dump of the original event\n', + multi_fields: [ + { + name: 'text', + type: 'text', + }, + ], + }, + { + name: 'plugin_name', + type: 'keyword', + description: 'Name of the plugin\n', + }, + { + name: 'plugin_type', + type: 'keyword', + description: 'Type of the plugin: Inputs, Filters, Outputs or Codecs.\n', + }, + { + name: 'took_in_millis', + type: 'long', + description: 'Execution time for the plugin in milliseconds.\n', + }, + { + name: 'plugin_params', + type: 'keyword', + description: 'String value of the plugin configuration\n', + multi_fields: [ + { + name: 'text', + type: 'text', + }, + ], + }, + { + name: 'plugin_params_object', + type: 'object', + description: 'key -> value of the configuration used by the plugin.\n', + }, + { + name: 'level', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'took_in_nanos', + type: 'alias', + path: 'event.duration', + migration: true, + }, + ], + }, + ], + }, + ], + }, + { + key: 'mongodb', + title: 'mongodb', + description: 'Module for parsing MongoDB log files.\n', + fields: [ + { + name: 'mongodb', + type: 'group', + description: 'Fields from MongoDB logs.\n', + fields: [ + { + name: 'log', + type: 'group', + description: 'Contains fields from MongoDB logs.\n', + fields: [ + { + name: 'component', + description: 'Functional categorization of message\n', + example: 'COMMAND', + type: 'keyword', + }, + { + name: 'context', + description: 'Context of message\n', + example: 'initandlisten', + type: 'keyword', + }, + { + name: 'severity', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + ], + }, + ], + }, + { + key: 'mysql', + title: 'MySQL', + description: 'Module for parsing the MySQL log files.\n', + short_config: true, + fields: [ + { + name: 'mysql', + type: 'group', + description: 'Fields from the MySQL log files.\n', + fields: [ + { + name: 'thread_id', + type: 'long', + description: 'The connection or thread ID for the query.\n', + }, + { + name: 'error', + type: 'group', + description: 'Contains fields from the MySQL error logs.\n', + fields: [ + { + name: 'thread_id', + type: 'alias', + path: 'mysql.thread_id', + migration: true, + }, + { + name: 'level', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + { + name: 'slowlog', + type: 'group', + description: 'Contains fields from the MySQL slow logs.\n', + fields: [ + { + name: 'lock_time.sec', + type: 'float', + description: + 'The amount of time the query waited for the lock to be available. The value is in seconds, as a floating point number.\n', + }, + { + name: 'rows_sent', + type: 'long', + description: 'The number of rows returned by the query.\n', + }, + { + name: 'rows_examined', + type: 'long', + description: 'The number of rows scanned by the query.\n', + }, + { + name: 'rows_affected', + type: 'long', + description: 'The number of rows modified by the query.\n', + }, + { + name: 'bytes_sent', + type: 'long', + format: 'bytes', + description: 'The number of bytes sent to client.\n', + }, + { + name: 'bytes_received', + type: 'long', + format: 'bytes', + description: 'The number of bytes received from client.\n', + }, + { + name: 'query', + description: 'The slow query.\n', + }, + { + name: 'id', + type: 'alias', + path: 'mysql.thread_id', + migration: true, + }, + { + name: 'schema', + type: 'keyword', + description: 'The schema where the slow query was executed.\n', + }, + { + name: 'current_user', + type: 'keyword', + description: + 'Current authenticated user, used to determine access privileges. Can differ from the value for user.\n', + }, + { + name: 'last_errno', + type: 'keyword', + description: 'Last SQL error seen.\n', + }, + { + name: 'killed', + type: 'keyword', + description: 'Code of the reason if the query was killed.\n', + }, + { + name: 'query_cache_hit', + type: 'boolean', + description: 'Whether the query cache was hit.\n', + }, + { + name: 'tmp_table', + type: 'boolean', + description: 'Whether a temporary table was used to resolve the query.\n', + }, + { + name: 'tmp_table_on_disk', + type: 'boolean', + description: 'Whether the query needed temporary tables on disk.\n', + }, + { + name: 'tmp_tables', + type: 'long', + description: 'Number of temporary tables created for this query\n', + }, + { + name: 'tmp_disk_tables', + type: 'long', + description: 'Number of temporary tables created on disk for this query.\n', + }, + { + name: 'tmp_table_sizes', + type: 'long', + format: 'bytes', + description: 'Size of temporary tables created for this query.', + }, + { + name: 'filesort', + type: 'boolean', + description: 'Whether filesort optimization was used.\n', + }, + { + name: 'filesort_on_disk', + type: 'boolean', + description: + 'Whether filesort optimization was used and it needed temporary tables on disk.\n', + }, + { + name: 'priority_queue', + type: 'boolean', + description: 'Whether a priority queue was used for filesort.\n', + }, + { + name: 'full_scan', + type: 'boolean', + description: 'Whether a full table scan was needed for the slow query.\n', + }, + { + name: 'full_join', + type: 'boolean', + description: + 'Whether a full join was needed for the slow query (no indexes were used for joins).\n', + }, + { + name: 'merge_passes', + type: 'long', + description: 'Number of merge passes executed for the query.\n', + }, + { + name: 'sort_merge_passes', + type: 'long', + description: 'Number of merge passes that the sort algorithm has had to do.\n', + }, + { + name: 'sort_range_count', + type: 'long', + description: 'Number of sorts that were done using ranges.\n', + }, + { + name: 'sort_rows', + type: 'long', + description: 'Number of sorted rows.\n', + }, + { + name: 'sort_scan_count', + type: 'long', + description: 'Number of sorts that were done by scanning the table.\n', + }, + { + name: 'log_slow_rate_type', + type: 'keyword', + description: + 'Type of slow log rate limit, it can be `session` if the rate limit is applied per session, or `query` if it applies per query.\n', + }, + { + name: 'log_slow_rate_limit', + type: 'keyword', + description: + 'Slow log rate limit, a value of 100 means that one in a hundred queries or sessions are being logged.\n', + }, + { + name: 'read_first', + type: 'long', + description: 'The number of times the first entry in an index was read.\n', + }, + { + name: 'read_last', + type: 'long', + description: 'The number of times the last key in an index was read.\n', + }, + { + name: 'read_key', + type: 'long', + description: 'The number of requests to read a row based on a key.\n', + }, + { + name: 'read_next', + type: 'long', + description: 'The number of requests to read the next row in key order.\n', + }, + { + name: 'read_prev', + type: 'long', + description: 'The number of requests to read the previous row in key order.\n', + }, + { + name: 'read_rnd', + type: 'long', + description: 'The number of requests to read a row based on a fixed position.\n', + }, + { + name: 'read_rnd_next', + type: 'long', + description: 'The number of requests to read the next row in the data file.\n', + }, + { + name: 'innodb', + type: 'group', + description: 'Contains fields relative to InnoDB engine\n', + fields: [ + { + name: 'trx_id', + type: 'keyword', + description: 'Transaction ID\n', + }, + { + name: 'io_r_ops', + type: 'long', + description: 'Number of page read operations.\n', + }, + { + name: 'io_r_bytes', + type: 'long', + format: 'bytes', + description: 'Bytes read during page read operations.\n', + }, + { + name: 'io_r_wait.sec', + type: 'long', + description: 'How long it took to read all needed data from storage.\n', + }, + { + name: 'rec_lock_wait.sec', + type: 'long', + description: 'How long the query waited for locks.\n', + }, + { + name: 'queue_wait.sec', + type: 'long', + description: + 'How long the query waited to enter the InnoDB queue and to be executed once in the queue.\n', + }, + { + name: 'pages_distinct', + type: 'long', + description: 'Approximated count of pages accessed to execute the query.\n', + }, + ], + }, + { + name: 'user', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'host', + type: 'alias', + path: 'source.domain', + migration: true, + }, + { + name: 'ip', + type: 'alias', + path: 'source.ip', + migration: true, + }, + ], + }, + ], + }, + ], + }, + { + key: 'nats', + title: 'nats', + description: 'Module for parsing NATS log files.\n', + release: 'beta', + fields: [ + { + name: 'nats', + type: 'group', + description: 'Fields from NATS logs.\n', + fields: [ + { + name: 'log', + type: 'group', + description: 'Nats log files\n', + release: 'beta', + fields: [ + { + name: 'client', + type: 'group', + description: 'Fields from NATS logs client.\n', + fields: [ + { + name: 'id', + type: 'integer', + description: 'The id of the client\n', + }, + ], + }, + { + name: 'msg', + type: 'group', + description: 'Fields from NATS logs message.\n', + fields: [ + { + name: 'bytes', + type: 'long', + format: 'bytes', + description: 'Size of the payload in bytes\n', + }, + { + name: 'type', + type: 'keyword', + description: 'The protocol message type\n', + }, + { + name: 'subject', + type: 'keyword', + description: 'Subject name this message was received on\n', + }, + { + name: 'sid', + type: 'integer', + description: 'The unique alphanumeric subscription ID of the subject\n', + }, + { + name: 'reply_to', + type: 'keyword', + description: + 'The inbox subject on which the publisher is listening for responses\n', + }, + { + name: 'max_messages', + type: 'integer', + description: + 'An optional number of messages to wait for before automatically unsubscribing\n', + }, + { + name: 'error.message', + type: 'text', + description: 'Details about the error occurred\n', + }, + { + name: 'queue_group', + type: 'text', + description: 'The queue group which subscriber will join\n', + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + key: 'nginx', + title: 'Nginx', + description: 'Module for parsing the Nginx log files.\n', + short_config: true, + fields: [ + { + name: 'nginx', + type: 'group', + description: 'Fields from the Nginx log files.\n', + fields: [ + { + name: 'access', + type: 'group', + description: 'Contains fields for the Nginx access logs.\n', + fields: [ + { + name: 'remote_ip_list', + type: 'array', + description: + 'An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`.\n', + }, + { + name: 'body_sent.bytes', + type: 'alias', + path: 'http.response.body.bytes', + migration: true, + }, + { + name: 'user_name', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'method', + type: 'alias', + path: 'http.request.method', + migration: true, + }, + { + name: 'url', + type: 'alias', + path: 'url.original', + migration: true, + }, + { + name: 'http_version', + type: 'alias', + path: 'http.version', + migration: true, + }, + { + name: 'response_code', + type: 'alias', + path: 'http.response.status_code', + migration: true, + }, + { + name: 'referrer', + type: 'alias', + path: 'http.request.referrer', + migration: true, + }, + { + name: 'agent', + type: 'alias', + path: 'user_agent.original', + migration: true, + }, + { + name: 'user_agent', + type: 'group', + fields: [ + { + name: 'device', + type: 'alias', + path: 'user_agent.device.name', + migration: true, + }, + { + name: 'name', + type: 'alias', + path: 'user_agent.name', + migration: true, + }, + { + name: 'os', + type: 'alias', + path: 'user_agent.os.full_name', + migration: true, + }, + { + name: 'os_name', + type: 'alias', + path: 'user_agent.os.name', + migration: true, + }, + { + name: 'original', + type: 'alias', + path: 'user_agent.original', + migration: true, + }, + ], + }, + { + name: 'geoip', + type: 'group', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + migration: true, + }, + { + name: 'country_iso_code', + type: 'alias', + path: 'source.geo.country_iso_code', + migration: true, + }, + { + name: 'location', + type: 'alias', + path: 'source.geo.location', + migration: true, + }, + { + name: 'region_name', + type: 'alias', + path: 'source.geo.region_name', + migration: true, + }, + { + name: 'city_name', + type: 'alias', + path: 'source.geo.city_name', + migration: true, + }, + { + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + migration: true, + }, + ], + }, + ], + }, + { + name: 'error', + type: 'group', + description: 'Contains fields for the Nginx error logs.\n', + fields: [ + { + name: 'connection_id', + type: 'long', + description: 'Connection identifier.\n', + }, + { + name: 'level', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'pid', + type: 'alias', + path: 'process.pid', + migration: true, + }, + { + name: 'tid', + type: 'alias', + path: 'process.thread.id', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + { + name: 'ingress_controller', + type: 'group', + description: 'Contains fields for the Ingress Nginx controller access logs.\n', + fields: [ + { + name: 'remote_ip_list', + type: 'array', + description: + 'An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`.\n', + }, + { + name: 'http.request.length', + type: 'long', + format: 'bytes', + description: + 'The request length (including request line, header, and request body)\n', + }, + { + name: 'http.request.time', + type: 'double', + format: 'duration', + description: 'Time elapsed since the first bytes were read from the client\n', + }, + { + name: 'upstream.name', + type: 'text', + description: 'The name of the upstream.\n', + }, + { + name: 'upstream.alternative_name', + type: 'text', + description: 'The name of the alternative upstream.\n', + }, + { + name: 'upstream.response.length', + type: 'long', + format: 'bytes', + description: 'The length of the response obtained from the upstream server\n', + }, + { + name: 'upstream.response.time', + type: 'double', + format: 'duration', + description: + 'The time spent on receiving the response from the upstream server as seconds with millisecond resolution\n', + }, + { + name: 'upstream.response.status_code', + type: 'long', + description: 'The status code of the response obtained from the upstream server\n', + }, + { + name: 'http.request.id', + type: 'text', + description: 'The randomly generated ID of the request\n', + }, + { + name: 'upstream.ip', + type: 'ip', + description: + 'The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas.\n', + }, + { + name: 'upstream.port', + type: 'long', + description: 'The port of the upstream server.\n', + }, + { + name: 'body_sent.bytes', + type: 'alias', + path: 'http.response.body.bytes', + migration: true, + }, + { + name: 'user_name', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'method', + type: 'alias', + path: 'http.request.method', + migration: true, + }, + { + name: 'url', + type: 'alias', + path: 'url.original', + migration: true, + }, + { + name: 'http_version', + type: 'alias', + path: 'http.version', + migration: true, + }, + { + name: 'response_code', + type: 'alias', + path: 'http.response.status_code', + migration: true, + }, + { + name: 'referrer', + type: 'alias', + path: 'http.request.referrer', + migration: true, + }, + { + name: 'agent', + type: 'alias', + path: 'user_agent.original', + migration: true, + }, + { + name: 'user_agent', + type: 'group', + fields: [ + { + name: 'device', + type: 'alias', + path: 'user_agent.device.name', + migration: true, + }, + { + name: 'name', + type: 'alias', + path: 'user_agent.name', + migration: true, + }, + { + name: 'os', + type: 'alias', + path: 'user_agent.os.full_name', + migration: true, + }, + { + name: 'os_name', + type: 'alias', + path: 'user_agent.os.name', + migration: true, + }, + { + name: 'original', + type: 'alias', + path: 'user_agent.original', + migration: true, + }, + ], + }, + { + name: 'geoip', + type: 'group', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + migration: true, + }, + { + name: 'country_iso_code', + type: 'alias', + path: 'source.geo.country_iso_code', + migration: true, + }, + { + name: 'location', + type: 'alias', + path: 'source.geo.location', + migration: true, + }, + { + name: 'region_name', + type: 'alias', + path: 'source.geo.region_name', + migration: true, + }, + { + name: 'city_name', + type: 'alias', + path: 'source.geo.city_name', + migration: true, + }, + { + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + migration: true, + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + key: 'osquery', + title: 'Osquery', + description: 'Fields exported by the `osquery` module\n', + fields: [ + { + name: 'osquery', + type: 'group', + description: '\n', + fields: [ + { + name: 'result', + type: 'group', + description: 'Common fields exported by the result metricset.\n', + fields: [ + { + name: 'name', + type: 'keyword', + description: 'The name of the query that generated this event.\n', + }, + { + name: 'action', + type: 'keyword', + description: + 'For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot".\n', + }, + { + name: 'host_identifier', + type: 'keyword', + description: + 'The identifier for the host on which the osquery agent is running. Normally the hostname.\n', + }, + { + name: 'unix_time', + type: 'long', + description: + 'Unix timestamp of the event, in seconds since the epoch. Used for computing the `@timestamp` column.\n', + }, + { + name: 'calendar_time', + type: 'keyword', + description: + 'String representation of the collection time, as formatted by osquery.\n', + }, + ], + }, + ], + }, + ], + }, + { + key: 'postgresql', + title: 'PostgreSQL', + description: 'Module for parsing the PostgreSQL log files.\n', + short_config: true, + fields: [ + { + name: 'postgresql', + type: 'group', + description: 'Fields from PostgreSQL logs.\n', + fields: [ + { + name: 'log', + type: 'group', + description: 'Fields from the PostgreSQL log files.\n', + fields: [ + { + name: 'timestamp', + deprecated: '7.3.0', + description: 'The timestamp from the log line.\n', + }, + { + name: 'core_id', + type: 'long', + description: 'Core id\n', + }, + { + name: 'database', + example: 'mydb', + description: 'Name of database\n', + }, + { + name: 'query', + example: 'SELECT * FROM users;', + description: 'Query statement.\n', + }, + { + name: 'query_step', + example: 'parse', + description: + 'Statement step when using extended query protocol (one of statement, parse, bind or execute)\n', + }, + { + name: 'query_name', + example: 'pdo_stmt_00000001', + description: + 'Name given to a query when using extended query protocol. If it is "", or not present, this field is ignored.\n', + }, + { + name: 'error.code', + type: 'long', + description: 'Error code returned by Postgres (if any)', + }, + { + name: 'timezone', + type: 'alias', + path: 'event.timezone', + migration: true, + }, + { + name: 'thread_id', + type: 'alias', + path: 'process.pid', + migration: true, + }, + { + name: 'user', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'level', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + ], + }, + ], + }, + { + key: 'redis', + title: 'Redis', + description: 'Redis Module\n', + fields: [ + { + name: 'redis', + type: 'group', + description: '\n', + fields: [ + { + name: 'log', + type: 'group', + description: 'Redis log files\n', + fields: [ + { + name: 'role', + type: 'keyword', + description: + 'The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`.\n', + }, + { + name: 'pid', + type: 'alias', + path: 'process.pid', + migration: true, + }, + { + name: 'level', + type: 'alias', + path: 'log.level', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + { + name: 'slowlog', + type: 'group', + description: 'Slow logs are retrieved from Redis via a network connection.\n', + fields: [ + { + name: 'cmd', + type: 'keyword', + description: 'The command executed.\n', + }, + { + name: 'duration.us', + type: 'long', + description: 'How long it took to execute the command in microseconds.\n', + }, + { + name: 'id', + type: 'long', + description: 'The ID of the query.\n', + }, + { + name: 'key', + type: 'keyword', + description: 'The key on which the command was executed.\n', + }, + { + name: 'args', + type: 'keyword', + description: 'The arguments with which the command was called.\n', + }, + ], + }, + ], + }, + ], + }, + { + key: 'santa', + title: 'Google Santa', + description: 'Santa Module\n', + fields: [ + { + name: 'santa', + type: 'group', + description: '\n', + fields: [ + { + name: 'action', + type: 'keyword', + example: 'EXEC', + description: 'Action', + }, + { + name: 'decision', + type: 'keyword', + example: 'ALLOW', + description: 'Decision that santad took.', + }, + { + name: 'reason', + type: 'keyword', + example: 'CERT', + description: 'Reason for the decsision.', + }, + { + name: 'mode', + type: 'keyword', + example: 'M', + description: 'Operating mode of Santa.', + }, + { + name: 'disk', + type: 'group', + description: 'Fields for DISKAPPEAR actions.', + fields: [ + { + name: 'volume', + description: 'The volume name.', + }, + { + name: 'bus', + description: 'The disk bus protocol.', + }, + { + name: 'serial', + description: 'The disk serial number.', + }, + { + name: 'bsdname', + example: 'disk1s3', + description: 'The disk BSD name.', + }, + { + name: 'model', + example: 'APPLE SSD SM0512L', + description: 'The disk model.', + }, + { + name: 'fs', + example: 'apfs', + description: 'The disk volume kind (filesystem type).', + }, + { + name: 'mount', + description: 'The disk volume path.', + }, + ], + }, + ], + }, + { + name: 'certificate.common_name', + type: 'keyword', + description: 'Common name from code signing certificate.', + }, + { + name: 'certificate.sha256', + type: 'keyword', + description: 'SHA256 hash of code signing certificate.', + }, + ], + }, + { + key: 'system', + title: 'System', + description: 'Module for parsing system log files.\n', + short_config: true, + fields: [ + { + name: 'system', + type: 'group', + description: 'Fields from the system log files.\n', + fields: [ + { + name: 'auth', + type: 'group', + description: 'Fields from the Linux authorization logs.\n', + fields: [ + { + name: 'timestamp', + type: 'alias', + path: '@timestamp', + migration: true, + }, + { + name: 'hostname', + type: 'alias', + path: 'host.hostname', + migration: true, + }, + { + name: 'program', + type: 'alias', + path: 'process.name', + migration: true, + }, + { + name: 'pid', + type: 'alias', + path: 'process.pid', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + { + name: 'user', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'ssh', + type: 'group', + fields: [ + { + name: 'method', + description: + 'The SSH authentication method. Can be one of "password" or "publickey".\n', + }, + { + name: 'signature', + description: 'The signature of the client public key.\n', + }, + { + name: 'dropped_ip', + type: 'ip', + description: + 'The client IP from SSH connections that are open and immediately dropped.\n', + }, + { + name: 'event', + example: 'Accepted', + description: + 'The SSH event as found in the logs (Accepted, Invalid, Failed, etc.)\n', + }, + { + name: 'ip', + type: 'alias', + path: 'source.ip', + migration: true, + }, + { + name: 'port', + type: 'alias', + path: 'source.port', + migration: true, + }, + { + name: 'geoip', + type: 'group', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + migration: true, + }, + { + name: 'country_iso_code', + type: 'alias', + path: 'source.geo.country_iso_code', + migration: true, + }, + { + name: 'location', + type: 'alias', + path: 'source.geo.location', + migration: true, + }, + { + name: 'region_name', + type: 'alias', + path: 'source.geo.region_name', + migration: true, + }, + { + name: 'city_name', + type: 'alias', + path: 'source.geo.city_name', + migration: true, + }, + { + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + migration: true, + }, + ], + }, + ], + }, + { + name: 'sudo', + type: 'group', + description: 'Fields specific to events created by the `sudo` command.\n', + fields: [ + { + name: 'error', + example: 'user NOT in sudoers', + description: 'The error message in case the sudo command failed.\n', + }, + { + name: 'tty', + description: 'The TTY where the sudo command is executed.\n', + }, + { + name: 'pwd', + description: 'The current directory where the sudo command is executed.\n', + }, + { + name: 'user', + example: 'root', + description: 'The target user to which the sudo command is switching.\n', + }, + { + name: 'command', + description: 'The command executed via sudo.\n', + }, + ], + }, + { + name: 'useradd', + type: 'group', + description: 'Fields specific to events created by the `useradd` command.\n', + fields: [ + { + name: 'home', + description: 'The home folder for the new user.', + }, + { + name: 'shell', + description: 'The default shell for the new user.', + }, + { + name: 'name', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'uid', + type: 'alias', + path: 'user.id', + migration: true, + }, + { + name: 'gid', + type: 'alias', + path: 'group.id', + migration: true, + }, + ], + }, + { + name: 'groupadd', + type: 'group', + description: 'Fields specific to events created by the `groupadd` command.\n', + fields: [ + { + name: 'name', + type: 'alias', + path: 'group.name', + migration: true, + }, + { + name: 'gid', + type: 'alias', + path: 'group.id', + migration: true, + }, + ], + }, + ], + }, + { + name: 'syslog', + type: 'group', + description: 'Contains fields from the syslog system logs.\n', + fields: [ + { + name: 'timestamp', + type: 'alias', + path: '@timestamp', + migration: true, + }, + { + name: 'hostname', + type: 'alias', + path: 'host.hostname', + migration: true, + }, + { + name: 'program', + type: 'alias', + path: 'process.name', + migration: true, + }, + { + name: 'pid', + type: 'alias', + path: 'process.pid', + migration: true, + }, + { + name: 'message', + type: 'alias', + path: 'message', + migration: true, + }, + ], + }, + ], + }, + ], + }, + { + key: 'traefik', + title: 'Traefik', + description: 'Module for parsing the Traefik log files.\n', + fields: [ + { + name: 'traefik', + type: 'group', + description: 'Fields from the Traefik log files.\n', + fields: [ + { + name: 'access', + type: 'group', + description: 'Contains fields for the Traefik access logs.\n', + fields: [ + { + name: 'user_identifier', + type: 'keyword', + description: 'Is the RFC 1413 identity of the client\n', + }, + { + name: 'request_count', + type: 'long', + description: 'The number of requests\n', + }, + { + name: 'frontend_name', + type: 'keyword', + description: 'The name of the frontend used\n', + }, + { + name: 'backend_url', + type: 'keyword', + description: 'The url of the backend where request is forwarded', + }, + { + name: 'body_sent.bytes', + type: 'alias', + path: 'http.response.body.bytes', + migration: true, + }, + { + name: 'remote_ip', + type: 'alias', + path: 'source.address', + migration: true, + }, + { + name: 'user_name', + type: 'alias', + path: 'user.name', + migration: true, + }, + { + name: 'method', + type: 'alias', + path: 'http.request.method', + migration: true, + }, + { + name: 'url', + type: 'alias', + path: 'url.original', + migration: true, + }, + { + name: 'http_version', + type: 'alias', + path: 'http.version', + migration: true, + }, + { + name: 'response_code', + type: 'alias', + path: 'http.response.status_code', + migration: true, + }, + { + name: 'referrer', + type: 'alias', + path: 'http.request.referrer', + migration: true, + }, + { + name: 'agent', + type: 'alias', + path: 'user_agent.original', + migration: true, + }, + { + name: 'user_agent', + type: 'group', + fields: [ + { + name: 'device', + type: 'alias', + path: 'user_agent.device.name', + }, + { + name: 'name', + type: 'alias', + path: 'user_agent.name', + }, + { + name: 'os', + type: 'alias', + path: 'user_agent.os.full_name', + }, + { + name: 'os_name', + type: 'alias', + path: 'user_agent.os.name', + }, + { + name: 'original', + type: 'alias', + path: 'user_agent.original', + }, + ], + }, + { + name: 'geoip', + type: 'group', + fields: [ + { + name: 'continent_name', + type: 'alias', + path: 'source.geo.continent_name', + }, + { + name: 'country_iso_code', + type: 'alias', + path: 'source.geo.country_iso_code', + }, + { + name: 'location', + type: 'alias', + path: 'source.geo.location', + }, + { + name: 'region_name', + type: 'alias', + path: 'source.geo.region_name', + }, + { + name: 'city_name', + type: 'alias', + path: 'source.geo.city_name', + }, + { + name: 'region_iso_code', + type: 'alias', + path: 'source.geo.region_iso_code', + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + key: 'activemq', + title: 'activemq', + release: 'ga', + description: 'Module for parsing ActiveMQ log files.\n', + fields: [ + { + name: 'activemq', + type: 'group', + description: '\n', + fields: [ + { + name: 'caller', + type: 'keyword', + description: 'Name of the caller issuing the logging request (class or resource).\n', + }, + { + name: 'thread', + type: 'keyword', + description: 'Thread that generated the logging event.\n', + }, + { + name: 'user', + type: 'keyword', + description: 'User that generated the logging event.\n', + }, + { + name: 'audit', + type: 'group', + description: 'Fields from ActiveMQ audit logs.\n', + fields: [], + }, + { + name: 'log', + type: 'group', + description: 'Fields from ActiveMQ application logs.\n', + fields: [ + { + name: 'stack_trace', + type: 'keyword', + }, + ], + }, + ], + }, + ], + }, + { + key: 'aws', + title: 'AWS', + release: 'beta', + description: 'Module for handling logs from AWS.\n', + fields: [ + { + name: 'aws', + type: 'group', + description: 'Fields from AWS logs.\n', + fields: [ + { + name: 'cloudtrail', + type: 'group', + release: 'beta', + default_field: false, + description: 'Fields for AWS CloudTrail logs.\n', + fields: [ + { + name: 'event_version', + type: 'keyword', + description: 'The CloudTrail version of the log event format.\n', + }, + { + name: 'user_identity', + type: 'group', + description: + 'The userIdentity element contains details about the type of IAM identity that made the request, and which credentials were used. If temporary credentials were used, the element shows how the credentials were obtained.', + fields: [ + { + name: 'type', + type: 'keyword', + description: 'The type of the identity\n', + }, + { + name: 'arn', + type: 'keyword', + description: + 'The Amazon Resource Name (ARN) of the principal that made the call.', + }, + { + name: 'access_key_id', + type: 'keyword', + description: 'The access key ID that was used to sign the request.', + }, + { + name: 'session_context', + type: 'group', + description: + 'If the request was made with temporary security credentials, an element that provides information about the session that was created for those credentials', + fields: [ + { + name: 'mfa_authenticated', + type: 'keyword', + description: + 'The value is true if the root user or IAM user whose credentials were used for the request also was authenticated with an MFA device; otherwise, false.', + }, + { + name: 'creation_date', + type: 'date', + description: + 'The date and time when the temporary security credentials were issued.', + }, + ], + }, + { + name: 'invoked_by', + type: 'keyword', + description: + 'The name of the AWS service that made the request, such as Amazon EC2 Auto Scaling or AWS Elastic Beanstalk.', + }, + { + name: 'session_issuer', + type: 'group', + description: + 'If the request was made with temporary security credentials, an element that provides information about how the credentials were obtained.', + fields: [ + { + name: 'type', + type: 'keyword', + description: + 'The source of the temporary security credentials, such as Root, IAMUser, or Role.', + }, + { + name: 'principal_id', + type: 'keyword', + description: + 'The internal ID of the entity that was used to get credentials.', + }, + { + name: 'arn', + type: 'keyword', + description: + 'The ARN of the source (account, IAM user, or role) that was used to get temporary security credentials.', + }, + { + name: 'account_id', + type: 'keyword', + description: + 'The account that owns the entity that was used to get credentials.', + }, + ], + }, + ], + }, + { + name: 'error_code', + type: 'keyword', + description: 'The AWS service error if the request returns an error.', + }, + { + name: 'error_message', + type: 'keyword', + description: 'If the request returns an error, the description of the error.', + }, + { + name: 'request_parameters', + type: 'keyword', + description: 'The parameters, if any, that were sent with the request.', + }, + { + name: 'response_elements', + type: 'keyword', + description: + 'The response element for actions that make changes (create, update, or delete actions).', + }, + { + name: 'additional_eventdata', + type: 'keyword', + description: + 'Additional data about the event that was not part of the request or response.', + }, + { + name: 'request_id', + type: 'keyword', + description: + 'The value that identifies the request. The service being called generates this value.', + }, + { + name: 'event_type', + type: 'keyword', + description: 'Identifies the type of event that generated the event record.', + }, + { + name: 'api_version', + type: 'keyword', + description: + 'Identifies the API version associated with the AwsApiCall eventType value.', + }, + { + name: 'management_event', + type: 'keyword', + description: + 'A Boolean value that identifies whether the event is a management event.', + }, + { + name: 'read_only', + type: 'keyword', + description: 'Identifies whether this operation is a read-only operation.', + }, + { + name: 'resources', + type: 'group', + description: 'A list of resources accessed in the event.', + fields: [ + { + name: 'arn', + type: 'keyword', + description: 'Resource ARNs', + }, + { + name: 'account_id', + type: 'keyword', + description: 'Account ID of the resource owner', + }, + { + name: 'type', + type: 'keyword', + description: + 'Resource type identifier in the format: AWS::aws-service-name::data-type-name', + }, + ], + }, + { + name: 'recipient_account_id', + type: 'keyword', + description: 'Represents the account ID that received this event.', + }, + { + name: 'service_event_details', + type: 'keyword', + description: + 'Identifies the service event, including what triggered the event and the result.', + }, + { + name: 'shared_event_id', + type: 'keyword', + description: + 'GUID generated by CloudTrail to uniquely identify CloudTrail events from the same AWS action that is sent to different AWS accounts.', + }, + { + name: 'vpc_endpoint_id', + type: 'keyword', + description: + 'Identifies the VPC endpoint in which requests were made from a VPC to another AWS service, such as Amazon S3.', + }, + { + name: 'console_login', + type: 'group', + description: 'Fields specific to ConsoleLogin events', + fields: [ + { + name: 'additional_eventdata', + type: 'group', + description: 'Additional Event Data for ConsoleLogin events\n', + fields: [ + { + name: 'mobile_version', + type: 'boolean', + description: 'Identifies whether ConsoleLogin was from mobile version', + }, + { + name: 'login_to', + type: 'keyword', + description: 'URL for ConsoleLogin', + }, + { + name: 'mfa_used', + type: 'boolean', + description: + 'Identifies whether multi factor authentication was used during ConsoleLogin', + }, + ], + }, + ], + }, + ], + }, + { + name: 'cloudwatch', + type: 'group', + release: 'beta', + default_field: false, + description: 'Fields for AWS CloudWatch logs.\n', + fields: [], + }, + { + name: 'ec2', + type: 'group', + release: 'beta', + default_field: false, + description: 'Fields for AWS EC2 logs in CloudWatch.\n', + fields: [ + { + name: 'ip_address', + type: 'keyword', + description: 'The internet address of the requester.\n', + }, + ], + }, + { + name: 'elb', + type: 'group', + release: 'ga', + description: 'Fields for AWS ELB logs.\n', + fields: [ + { + name: 'name', + type: 'keyword', + description: 'The name of the load balancer.\n', + }, + { + name: 'type', + type: 'keyword', + description: 'The type of the load balancer for v2 Load Balancers.\n', + }, + { + name: 'target_group.arn', + type: 'keyword', + description: 'The ARN of the target group handling the request.\n', + }, + { + name: 'listener', + type: 'keyword', + description: 'The ELB listener that received the connection.\n', + }, + { + name: 'protocol', + type: 'keyword', + description: 'The protocol of the load balancer (http or tcp).\n', + }, + { + name: 'request_processing_time.sec', + type: 'float', + description: + 'The total time in seconds since the connection or request is received until it is sent to a registered backend.\n', + }, + { + name: 'backend_processing_time.sec', + type: 'float', + description: + 'The total time in seconds since the connection is sent to the backend till the backend starts responding.\n', + }, + { + name: 'response_processing_time.sec', + type: 'float', + description: + 'The total time in seconds since the response is received from the backend till it is sent to the client.\n', + }, + { + name: 'connection_time.ms', + type: 'long', + description: + 'The total time of the connection in milliseconds, since it is opened till it is closed.\n', + }, + { + name: 'tls_handshake_time.ms', + type: 'long', + description: + 'The total time for the TLS handshake to complete in milliseconds once the connection has been established.\n', + }, + { + name: 'backend.ip', + type: 'keyword', + description: 'The IP address of the backend processing this connection.\n', + }, + { + name: 'backend.port', + type: 'keyword', + description: 'The port in the backend processing this connection.\n', + }, + { + name: 'backend.http.response.status_code', + type: 'keyword', + description: + 'The status code from the backend (status code sent to the client from ELB is stored in `http.response.status_code`\n', + }, + { + name: 'ssl_cipher', + type: 'keyword', + description: 'The SSL cipher used in TLS/SSL connections.\n', + }, + { + name: 'ssl_protocol', + type: 'keyword', + description: 'The SSL protocol used in TLS/SSL connections.\n', + }, + { + name: 'chosen_cert.arn', + type: 'keyword', + description: + 'The ARN of the chosen certificate presented to the client in TLS/SSL connections.\n', + }, + { + name: 'chosen_cert.serial', + type: 'keyword', + description: + 'The serial number of the chosen certificate presented to the client in TLS/SSL connections.\n', + }, + { + name: 'incoming_tls_alert', + type: 'keyword', + description: + 'The integer value of TLS alerts received by the load balancer from the client, if present.\n', + }, + { + name: 'tls_named_group', + type: 'keyword', + description: 'The TLS named group.\n', + }, + { + name: 'trace_id', + type: 'keyword', + description: 'The contents of the `X-Amzn-Trace-Id` header.\n', + }, + { + name: 'matched_rule_priority', + type: 'keyword', + description: + 'The priority value of the rule that matched the request, if a rule matched.\n', + }, + { + name: 'action_executed', + type: 'keyword', + description: + 'The action executed when processing the request (forward, fixed-response, authenticate...). It can contain several values.\n', + }, + { + name: 'redirect_url', + type: 'keyword', + description: 'The URL used if a redirection action was executed.\n', + }, + { + name: 'error.reason', + type: 'keyword', + description: 'The error reason if the executed action failed.', + }, + ], + }, + { + name: 's3access', + type: 'group', + release: 'ga', + description: 'Fields for AWS S3 server access logs.\n', + fields: [ + { + name: 'bucket_owner', + type: 'keyword', + description: 'The canonical user ID of the owner of the source bucket.\n', + }, + { + name: 'bucket', + type: 'keyword', + description: 'The name of the bucket that the request was processed against.\n', + }, + { + name: 'remote_ip', + type: 'ip', + description: 'The apparent internet address of the requester.\n', + }, + { + name: 'requester', + type: 'keyword', + description: + 'The canonical user ID of the requester, or a - for unauthenticated requests.\n', + }, + { + name: 'request_id', + type: 'keyword', + description: 'A string generated by Amazon S3 to uniquely identify each request.\n', + }, + { + name: 'operation', + type: 'keyword', + description: + 'The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT.\n', + }, + { + name: 'key', + type: 'keyword', + description: + 'The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter.\n', + }, + { + name: 'request_uri', + type: 'keyword', + description: 'The Request-URI part of the HTTP request message.\n', + }, + { + name: 'http_status', + type: 'long', + description: 'The numeric HTTP status code of the response.\n', + }, + { + name: 'error_code', + type: 'keyword', + description: 'The Amazon S3 Error Code, or "-" if no error occurred.\n', + }, + { + name: 'bytes_sent', + type: 'long', + description: + 'The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero.\n', + }, + { + name: 'object_size', + type: 'long', + description: 'The total size of the object in question.\n', + }, + { + name: 'total_time', + type: 'long', + description: + "The number of milliseconds the request was in flight from the server's perspective.\n", + }, + { + name: 'turn_around_time', + type: 'long', + description: + 'The number of milliseconds that Amazon S3 spent processing your request.\n', + }, + { + name: 'referrer', + type: 'keyword', + description: 'The value of the HTTP Referrer header, if present.\n', + }, + { + name: 'user_agent', + type: 'keyword', + description: 'The value of the HTTP User-Agent header.\n', + }, + { + name: 'version_id', + type: 'keyword', + description: + 'The version ID in the request, or "-" if the operation does not take a versionId parameter.\n', + }, + { + name: 'host_id', + type: 'keyword', + description: 'The x-amz-id-2 or Amazon S3 extended request ID.\n', + }, + { + name: 'signature_version', + type: 'keyword', + description: + 'The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests.\n', + }, + { + name: 'cipher_suite', + type: 'keyword', + description: + 'The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP.\n', + }, + { + name: 'authentication_type', + type: 'keyword', + description: + 'The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests.\n', + }, + { + name: 'host_header', + type: 'keyword', + description: 'The endpoint used to connect to Amazon S3.\n', + }, + { + name: 'tls_version', + type: 'keyword', + description: + 'The Transport Layer Security (TLS) version negotiated by the client.\n', + }, + ], + }, + { + name: 'vpcflow', + type: 'group', + release: 'beta', + description: 'Fields for AWS VPC flow logs.\n', + fields: [ + { + name: 'version', + type: 'keyword', + description: + 'The VPC Flow Logs version. If you use the default format, the version is 2. If you specify a custom format, the version is 3.\n', + }, + { + name: 'account_id', + type: 'keyword', + description: 'The AWS account ID for the flow log.\n', + }, + { + name: 'interface_id', + type: 'keyword', + description: 'The ID of the network interface for which the traffic is recorded.\n', + }, + { + name: 'action', + type: 'keyword', + description: 'The action that is associated with the traffic, ACCEPT or REJECT.\n', + }, + { + name: 'log_status', + type: 'keyword', + description: 'The logging status of the flow log, OK, NODATA or SKIPDATA.\n', + }, + { + name: 'instance_id', + type: 'keyword', + description: + "The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you.\n", + }, + { + name: 'pkt_srcaddr', + type: 'ip', + description: 'The packet-level (original) source IP address of the traffic.\n', + }, + { + name: 'pkt_dstaddr', + type: 'ip', + description: + 'The packet-level (original) destination IP address for the traffic.\n', + }, + { + name: 'vpc_id', + type: 'keyword', + description: + 'The ID of the VPC that contains the network interface for which the traffic is recorded.\n', + }, + { + name: 'subnet_id', + type: 'keyword', + description: + 'The ID of the subnet that contains the network interface for which the traffic is recorded.\n', + }, + { + name: 'tcp_flags', + type: 'keyword', + description: + 'The bitmask value for the following TCP flags: 2=SYN,18=SYN-ACK,1=FIN,4=RST\n', + }, + { + name: 'type', + type: 'keyword', + description: 'The type of traffic: IPv4, IPv6, or EFA.\n', + }, + ], + }, + ], + }, + ], + }, + { + key: 'azure', + title: 'Azure', + release: 'beta', + description: 'Azure Module\n', + fields: [ + { + name: 'azure', + type: 'group', + description: '\n', + fields: [ + { + name: 'subscription_id', + type: 'keyword', + description: 'Azure subscription ID\n', + }, + { + name: 'correlation_id', + type: 'keyword', + description: 'Correlation ID\n', + }, + { + name: 'tenant_id', + type: 'keyword', + description: 'tenant ID\n', + }, + { + name: 'resource', + type: 'group', + description: 'Resource\n', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Resource ID\n', + }, + { + name: 'group', + type: 'keyword', + description: 'Resource group\n', + }, + { + name: 'provider', + type: 'keyword', + description: 'Resource type/namespace\n', + }, + { + name: 'namespace', + type: 'keyword', + description: 'Resource type/namespace\n', + }, + { + name: 'name', + type: 'keyword', + description: 'Name\n', + }, + { + name: 'authorization_rule', + type: 'keyword', + description: 'Authorization rule\n', + }, + ], + }, + { + name: 'activitylogs', + type: 'group', + release: 'beta', + description: 'Fields for Azure activity logs.\n', + fields: [ + { + name: 'identity', + type: 'group', + description: 'Identity\n', + fields: [ + { + name: 'claims_initiated_by_user', + type: 'group', + description: 'Claims initiated by user\n', + fields: [ + { + name: 'name', + type: 'keyword', + description: 'Name\n', + }, + { + name: 'givenname', + type: 'keyword', + description: 'Givenname\n', + }, + { + name: 'surname', + type: 'keyword', + description: 'Surname\n', + }, + { + name: 'fullname', + type: 'keyword', + description: 'Fullname\n', + }, + { + name: 'schema', + type: 'keyword', + description: 'Schema\n', + }, + ], + }, + { + name: 'claims.*', + type: 'object', + object_type: 'keyword', + object_type_mapping_type: '*', + description: 'Claims\n', + }, + { + name: 'authorization', + type: 'group', + description: 'Authorization\n', + fields: [ + { + name: 'scope', + type: 'keyword', + description: 'Scope\n', + }, + { + name: 'action', + type: 'keyword', + description: 'Action\n', + }, + { + name: 'evidence', + type: 'group', + description: 'Evidence\n', + fields: [ + { + name: 'role_assignment_scope', + type: 'keyword', + description: 'Role assignment scope\n', + }, + { + name: 'role_definition_id', + type: 'keyword', + description: 'Role definition ID\n', + }, + { + name: 'role', + type: 'keyword', + description: 'Role\n', + }, + { + name: 'role_assignment_id', + type: 'keyword', + description: 'Role assignment ID\n', + }, + { + name: 'principal_id', + type: 'keyword', + description: 'Principal ID\n', + }, + { + name: 'principal_type', + type: 'keyword', + description: 'Principal type\n', + }, + ], + }, + ], + }, + ], + }, + { + name: 'operation_name', + type: 'keyword', + description: 'Operation name\n', + }, + { + name: 'result_signature', + type: 'keyword', + description: 'Result signature\n', + }, + { + name: 'category', + type: 'keyword', + description: 'Category\n', + }, + { + name: 'properties', + type: 'group', + description: 'Properties\n', + fields: [ + { + name: 'service_request_id', + type: 'keyword', + description: 'Service Request Id\n', + }, + { + name: 'status_code', + type: 'keyword', + description: 'Status code\n', + }, + ], + }, + ], + }, + { + name: 'auditlogs', + type: 'group', + description: 'Fields for Azure audit logs.\n', + fields: [ + { + name: 'operation_name', + type: 'keyword', + description: 'The operation name\n', + }, + { + name: 'operation_version', + type: 'keyword', + description: 'The operation version\n', + }, + { + name: 'identity', + type: 'keyword', + description: 'Identity\n', + }, + { + name: 'tenant_id', + type: 'keyword', + description: 'Tenant ID\n', + }, + { + name: 'result_signature', + type: 'keyword', + description: 'Result signature\n', + }, + { + name: 'properties', + type: 'group', + description: 'The audit log properties\n', + fields: [ + { + name: 'result', + type: 'keyword', + description: 'Log result\n', + }, + { + name: 'activity_display_name', + type: 'keyword', + description: 'Activity display name\n', + }, + { + name: 'result_reason', + type: 'keyword', + description: 'Reason for the log result\n', + }, + { + name: 'correlation_id', + type: 'keyword', + description: 'Correlation ID\n', + }, + { + name: 'logged_by_service', + type: 'keyword', + description: 'Logged by service\n', + }, + { + name: 'operation_type', + type: 'keyword', + description: 'Operation type\n', + }, + { + name: 'id', + type: 'keyword', + description: 'ID\n', + }, + { + name: 'activity_datetime', + type: 'date', + description: 'Activity timestamp\n', + }, + { + name: 'category', + type: 'keyword', + description: 'category\n', + }, + { + name: 'target_resources.*', + type: 'group', + object_type_mapping_type: '*', + description: 'Target resources\n', + fields: [ + { + name: 'display_name', + type: 'keyword', + description: 'Display name\n', + }, + { + name: 'id', + type: 'keyword', + description: 'ID\n', + }, + { + name: 'type', + type: 'keyword', + description: 'Type\n', + }, + { + name: 'ip_address', + type: 'keyword', + description: 'ip Address\n', + }, + { + name: 'user_principal_name', + type: 'keyword', + description: 'User principal name\n', + }, + { + name: 'modified_properties.*', + type: 'group', + object_type: 'keyword', + object_type_mapping_type: '*', + description: 'Modified properties\n', + fields: [ + { + name: 'new_value', + type: 'keyword', + description: 'New value\n', + }, + { + name: 'display_name', + type: 'keyword', + description: 'Display value\n', + }, + { + name: 'old_value', + type: 'keyword', + description: 'Old value\n', + }, + ], + }, + ], + }, + { + name: 'initiated_by', + type: 'group', + description: 'Information regarding the initiator\n', + fields: [ + { + name: 'app', + type: 'group', + description: 'App\n', + fields: [ + { + name: 'servicePrincipalName', + type: 'keyword', + description: 'Service principal name\n', + }, + { + name: 'displayName', + type: 'keyword', + description: 'Display name\n', + }, + { + name: 'appId', + type: 'keyword', + description: 'App ID\n', + }, + { + name: 'servicePrincipalId', + type: 'keyword', + description: 'Service principal ID\n', + }, + ], + }, + { + name: 'user', + type: 'group', + description: 'User\n', + fields: [ + { + name: 'userPrincipalName', + type: 'keyword', + description: 'User principal name\n', + }, + { + name: 'displayName', + type: 'keyword', + description: 'Display name\n', + }, + { + name: 'id', + type: 'keyword', + description: 'ID\n', + }, + { + name: 'ipAddress', + type: 'keyword', + description: 'ip Address\n', + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + name: 'signinlogs', + type: 'group', + description: 'Fields for Azure sign-in logs.\n', + fields: [ + { + name: 'operation_name', + type: 'keyword', + description: 'The operation name\n', + }, + { + name: 'operation_version', + type: 'keyword', + description: 'The operation version\n', + }, + { + name: 'tenant_id', + type: 'keyword', + description: 'Tenant ID\n', + }, + { + name: 'result_signature', + type: 'keyword', + description: 'Result signature\n', + }, + { + name: 'result_description', + type: 'keyword', + description: 'Result description\n', + }, + { + name: 'identity', + type: 'keyword', + description: 'Identity\n', + }, + { + name: 'properties', + type: 'group', + description: 'The signin log properties\n', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'ID\n', + }, + { + name: 'created_at', + type: 'date', + description: 'Created date time\n', + }, + { + name: 'user_display_name', + type: 'keyword', + description: 'User display name\n', + }, + { + name: 'correlation_id', + type: 'keyword', + description: 'Correlation ID\n', + }, + { + name: 'user_principal_name', + type: 'keyword', + description: 'User principal name\n', + }, + { + name: 'user_id', + type: 'keyword', + description: 'User ID\n', + }, + { + name: 'app_id', + type: 'keyword', + description: 'App ID\n', + }, + { + name: 'app_display_name', + type: 'keyword', + description: 'App display name\n', + }, + { + name: 'ip_address', + type: 'keyword', + description: 'Ip address\n', + }, + { + name: 'client_app_used', + type: 'keyword', + description: 'Client app used\n', + }, + { + name: 'conditional_access_status', + type: 'keyword', + description: 'Conditional access status\n', + }, + { + name: 'original_request_id', + type: 'keyword', + description: 'Original request ID\n', + }, + { + name: 'is_interactive', + type: 'keyword', + description: 'Is interactive\n', + }, + { + name: 'token_issuer_name', + type: 'keyword', + description: 'Token issuer name\n', + }, + { + name: 'token_issuer_type', + type: 'keyword', + description: 'Token issuer type\n', + }, + { + name: 'processing_time_ms', + type: 'float', + description: 'Processing time in milliseconds\n', + }, + { + name: 'risk_detail', + type: 'keyword', + description: 'Risk detail\n', + }, + { + name: 'risk_level_aggregated', + type: 'keyword', + description: 'Risk level aggregated\n', + }, + { + name: 'risk_level_during_signin', + type: 'keyword', + description: 'Risk level during signIn\n', + }, + { + name: 'risk_state', + type: 'keyword', + description: 'Risk state\n', + }, + { + name: 'resource_display_name', + type: 'keyword', + description: 'Resource display name\n', + }, + { + name: 'status', + type: 'group', + description: 'Status\n', + fields: [ + { + name: 'error_code', + type: 'keyword', + description: 'Error code\n', + }, + ], + }, + { + name: 'device_detail', + type: 'group', + description: 'Status\n', + fields: [ + { + name: 'device_id', + type: 'keyword', + description: 'Device ID\n', + }, + { + name: 'operating_system', + type: 'keyword', + description: 'Operating system\n', + }, + { + name: 'browser', + type: 'keyword', + description: 'Browser\n', + }, + { + name: 'display_name', + type: 'keyword', + description: 'Display name\n', + }, + { + name: 'trust_type', + type: 'keyword', + description: 'Trust type\n', + }, + ], + }, + { + name: 'service_principal_id', + type: 'keyword', + description: 'Status\n', + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + key: 'cef-module', + title: 'CEF', + description: + 'Module for receiving CEF logs over Syslog. The module adds vendor specific fields in addition to the fields the decode_cef processor provides.\n', + fields: [ + { + name: 'forcepoint', + type: 'group', + default_field: false, + description: 'Fields for Forcepoint Custom String mappings\n', + fields: [ + { + name: 'virus_id', + type: 'keyword', + description: 'Virus ID\n', + }, + ], + }, + { + name: 'checkpoint', + type: 'group', + default_field: false, + description: 'Fields for Check Point custom string mappings.\n', + fields: [ + { + name: 'app_risk', + type: 'keyword', + description: 'Application risk.', + }, + { + name: 'app_severity', + type: 'keyword', + description: 'Application threat severity.', + }, + { + name: 'app_sig_id', + type: 'keyword', + description: 'The signature ID which the application was detected by.', + }, + { + name: 'auth_method', + type: 'keyword', + description: 'Password authentication protocol used.', + }, + { + name: 'category', + type: 'keyword', + description: 'Category.', + }, + { + name: 'confidence_level', + type: 'keyword', + description: 'Confidence level determined.', + }, + { + name: 'connectivity_state', + type: 'keyword', + description: 'Connectivity state.', + }, + { + name: 'cookie', + type: 'keyword', + description: 'IKE cookie.', + }, + { + name: 'dst_phone_number', + type: 'keyword', + description: 'Destination IP-Phone.', + }, + { + name: 'email_control', + type: 'keyword', + description: 'Engine name.', + }, + { + name: 'email_id', + type: 'keyword', + description: 'Internal email ID.', + }, + { + name: 'email_recipients_num', + type: 'long', + description: 'Number of recipients.', + }, + { + name: 'email_session_id', + type: 'keyword', + description: 'Internal email session ID.', + }, + { + name: 'email_spool_id', + type: 'keyword', + description: 'Internal email spool ID.', + }, + { + name: 'email_subject', + type: 'keyword', + description: 'Email subject.', + }, + { + name: 'event_count', + type: 'long', + description: 'Number of events associated with the log.', + }, + { + name: 'file_hash', + type: 'keyword', + description: 'File hash (SHA1 or MD5).', + }, + { + name: 'frequency', + type: 'keyword', + description: 'Scan frequency.', + }, + { + name: 'icmp_type', + type: 'long', + description: 'ICMP type.', + }, + { + name: 'icmp_code', + type: 'long', + description: 'ICMP code.', + }, + { + name: 'identity_type', + type: 'keyword', + description: 'Identity type.', + }, + { + name: 'incident_extension', + type: 'keyword', + description: 'Format of original data.', + }, + { + name: 'integrity_av_invoke_type', + type: 'keyword', + description: 'Scan invoke type.', + }, + { + name: 'peer_gateway', + type: 'ip', + description: 'Main IP of the peer Security Gateway.', + }, + { + name: 'performance_impact', + type: 'keyword', + description: 'Protection performance impact.', + }, + { + name: 'protection_id', + type: 'keyword', + description: 'Protection malware ID.', + }, + { + name: 'protection_name', + type: 'keyword', + description: 'Specific signature name of the attack.', + }, + { + name: 'protection_type', + type: 'keyword', + description: 'Type of protection used to detect the attack.', + }, + { + name: 'scan_result', + type: 'keyword', + description: 'Scan result.', + }, + { + name: 'sensor_mode', + type: 'keyword', + description: 'Sensor mode.', + }, + { + name: 'severity', + type: 'keyword', + description: 'Threat severity.', + }, + { + name: 'malware_status', + type: 'keyword', + description: 'Malware status.', + }, + { + name: 'subscription_expiration', + type: 'date', + description: 'The expiration date of the subscription.', + }, + { + name: 'tcp_flags', + type: 'keyword', + description: 'TCP packet flags.', + }, + { + name: 'termination_reason', + type: 'keyword', + description: 'Termination reason.', + }, + { + name: 'update_status', + type: 'keyword', + description: 'Update status.', + }, + { + name: 'user_status', + type: 'keyword', + description: 'User response.', + }, + { + name: 'uuid', + type: 'keyword', + description: 'External ID.', + }, + { + name: 'virus_name', + type: 'keyword', + description: 'Virus name.', + }, + { + name: 'malware_name', + type: 'keyword', + description: 'Malware name.', + }, + { + name: 'malware_family', + type: 'keyword', + description: 'Malware family.', + }, + { + name: 'voip_log_type', + type: 'keyword', + description: 'VoIP log types.', + }, + ], + }, + { + name: 'cef.extensions', + type: 'group', + default_field: false, + description: 'Extra vendor-specific extensions.\n', + fields: [ + { + name: 'cp_app_risk', + type: 'keyword', + }, + { + name: 'cp_severity', + type: 'keyword', + }, + { + name: 'ifname', + type: 'keyword', + }, + { + name: 'inzone', + type: 'keyword', + }, + { + name: 'layer_uuid', + type: 'keyword', + }, + { + name: 'layer_name', + type: 'keyword', + }, + { + name: 'logid', + type: 'keyword', + }, + { + name: 'loguid', + type: 'keyword', + }, + { + name: 'match_id', + type: 'keyword', + }, + { + name: 'nat_addtnl_rulenum', + type: 'keyword', + }, + { + name: 'nat_rulenum', + type: 'keyword', + }, + { + name: 'origin', + type: 'keyword', + }, + { + name: 'originsicname', + type: 'keyword', + }, + { + name: 'outzone', + type: 'keyword', + }, + { + name: 'parent_rule', + type: 'keyword', + }, + { + name: 'product', + type: 'keyword', + }, + { + name: 'rule_action', + type: 'keyword', + }, + { + name: 'rule_uid', + type: 'keyword', + }, + { + name: 'sequencenum', + type: 'keyword', + }, + { + name: 'service_id', + type: 'keyword', + }, + { + name: 'version', + type: 'keyword', + }, + ], + }, + ], + }, + { + key: 'cisco', + title: 'Cisco', + description: 'Module for handling Cisco network device logs.\n', + fields: [ + { + name: 'cisco', + type: 'group', + description: 'Fields from Cisco logs.\n', + fields: [ + { + name: 'asa', + type: 'group', + description: 'Fields for Cisco ASA Firewall.\n', + fields: [ + { + name: 'message_id', + type: 'keyword', + description: 'The Cisco ASA message identifier.\n', + }, + { + name: 'suffix', + type: 'keyword', + example: 'session', + description: 'Optional suffix after %ASA identifier.\n', + }, + { + name: 'source_interface', + type: 'keyword', + description: 'Source interface for the flow or event.\n', + }, + { + name: 'destination_interface', + type: 'keyword', + description: 'Destination interface for the flow or event.\n', + }, + { + name: 'rule_name', + type: 'keyword', + description: 'Name of the Access Control List rule that matched this event.\n', + }, + { + name: 'source_username', + type: 'keyword', + description: 'Name of the user that is the source for this event.\n', + }, + { + name: 'destination_username', + type: 'keyword', + description: 'Name of the user that is the destination for this event.\n', + }, + { + name: 'mapped_source_ip', + type: 'ip', + description: 'The translated source IP address.\n', + }, + { + name: 'mapped_source_port', + type: 'long', + description: 'The translated source port.\n', + }, + { + name: 'mapped_destination_ip', + type: 'ip', + description: 'The translated destination IP address.\n', + }, + { + name: 'mapped_destination_port', + type: 'long', + description: 'The translated destination port.\n', + }, + { + name: 'threat_level', + type: 'keyword', + description: + 'Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high.\n', + }, + { + name: 'threat_category', + type: 'keyword', + description: + 'Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc.\n', + }, + { + name: 'connection_id', + type: 'keyword', + description: 'Unique identifier for a flow.\n', + }, + { + name: 'icmp_type', + type: 'short', + description: 'ICMP type.\n', + }, + { + name: 'icmp_code', + type: 'short', + description: 'ICMP code.\n', + }, + { + name: 'connection_type', + type: 'keyword', + default_field: false, + description: 'The VPN connection type\n', + }, + { + name: 'dap_records', + default_field: false, + type: 'keyword', + description: 'The assigned DAP records\n', + }, + ], + }, + { + name: 'ftd', + type: 'group', + description: 'Fields for Cisco Firepower Threat Defense Firewall.\n', + fields: [ + { + name: 'message_id', + type: 'keyword', + description: 'The Cisco FTD message identifier.\n', + }, + { + name: 'suffix', + type: 'keyword', + example: 'session', + description: 'Optional suffix after %FTD identifier.\n', + }, + { + name: 'source_interface', + type: 'keyword', + description: 'Source interface for the flow or event.\n', + }, + { + name: 'destination_interface', + type: 'keyword', + description: 'Destination interface for the flow or event.\n', + }, + { + name: 'rule_name', + type: 'keyword', + description: 'Name of the Access Control List rule that matched this event.\n', + }, + { + name: 'source_username', + type: 'keyword', + description: 'Name of the user that is the source for this event.\n', + }, + { + name: 'destination_username', + type: 'keyword', + description: 'Name of the user that is the destination for this event.\n', + }, + { + name: 'mapped_source_ip', + type: 'ip', + description: 'The translated source IP address. Use ECS source.nat.ip.\n', + }, + { + name: 'mapped_source_port', + type: 'long', + description: 'The translated source port. Use ECS source.nat.port.\n', + }, + { + name: 'mapped_destination_ip', + type: 'ip', + description: 'The translated destination IP address. Use ECS destination.nat.ip.\n', + }, + { + name: 'mapped_destination_port', + type: 'long', + description: 'The translated destination port. Use ECS destination.nat.port.\n', + }, + { + name: 'threat_level', + type: 'keyword', + description: + 'Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high.\n', + }, + { + name: 'threat_category', + type: 'keyword', + description: + 'Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc.\n', + }, + { + name: 'connection_id', + type: 'keyword', + description: 'Unique identifier for a flow.\n', + }, + { + name: 'icmp_type', + type: 'short', + description: 'ICMP type.\n', + }, + { + name: 'icmp_code', + type: 'short', + description: 'ICMP code.\n', + }, + { + name: 'security', + type: 'object', + description: 'Raw fields for Security Events.', + }, + { + name: 'connection_type', + type: 'keyword', + default_field: false, + description: 'The VPN connection type\n', + }, + { + name: 'dap_records', + type: 'keyword', + default_field: false, + description: 'The assigned DAP records\n', + }, + ], + }, + { + name: 'ios', + type: 'group', + description: 'Fields for Cisco IOS logs.\n', + fields: [ + { + name: 'access_list', + type: 'keyword', + description: 'Name of the IP access list.\n', + }, + { + name: 'facility', + type: 'keyword', + example: 'SEC', + description: + 'The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message.\n', + }, + ], + }, + ], + }, + ], + }, + { + key: 'coredns', + title: 'Coredns', + description: 'Module for handling logs produced by coredns\n', + fields: [ + { + name: 'coredns', + type: 'group', + description: 'coredns fields after normalization\n', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'id of the DNS transaction\n', + }, + { + name: 'query.size', + type: 'integer', + format: 'bytes', + description: 'size of the DNS query\n', + }, + { + name: 'query.class', + type: 'keyword', + description: 'DNS query class\n', + }, + { + name: 'query.name', + type: 'keyword', + description: 'DNS query name\n', + }, + { + name: 'query.type', + type: 'keyword', + description: 'DNS query type\n', + }, + { + name: 'response.code', + type: 'keyword', + description: 'DNS response code\n', + }, + { + name: 'response.flags', + type: 'keyword', + description: 'DNS response flags\n', + }, + { + name: 'response.size', + type: 'integer', + format: 'bytes', + description: 'size of the DNS response\n', + }, + { + name: 'dnssec_ok', + type: 'boolean', + description: 'dnssec flag\n', + }, + ], + }, + ], + }, + { + key: 'envoyproxy', + title: 'Envoyproxy', + description: 'Module for handling logs produced by envoy\n', + fields: [ + { + name: 'envoyproxy', + type: 'group', + description: 'Fields from envoy proxy logs after normalization\n', + fields: [ + { + name: 'log_type', + type: 'keyword', + description: 'Envoy log type, normally ACCESS\n', + }, + { + name: 'response_flags', + type: 'keyword', + description: 'Response flags\n', + }, + { + name: 'upstream_service_time', + type: 'long', + format: 'duration', + input_format: 'nanoseconds', + description: 'Upstream service time in nanoseconds\n', + }, + { + name: 'request_id', + type: 'keyword', + description: 'ID of the request\n', + }, + { + name: 'authority', + type: 'keyword', + description: 'Envoy proxy authority field\n', + }, + { + name: 'proxy_type', + type: 'keyword', + description: 'Envoy proxy type, tcp or http\n', + }, + ], + }, + ], + }, + { + key: 'googlecloud', + title: 'Google Cloud', + description: 'Module for handling logs from Google Cloud.\n', + fields: [ + { + name: 'googlecloud', + type: 'group', + description: 'Fields from Google Cloud logs.\n', + fields: [ + { + name: 'destination.instance', + type: 'group', + description: + 'If the destination of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project.\n', + fields: [ + { + name: 'project_id', + type: 'keyword', + description: 'ID of the project containing the VM.\n', + }, + { + name: 'region', + type: 'keyword', + description: 'Region of the VM.\n', + }, + { + name: 'zone', + type: 'keyword', + description: 'Zone of the VM.\n', + }, + ], + }, + { + name: 'destination.vpc', + type: 'group', + description: + 'If the destination of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project.\n', + fields: [ + { + name: 'project_id', + type: 'keyword', + description: 'ID of the project containing the VM.\n', + }, + { + name: 'vpc_name', + type: 'keyword', + description: 'VPC on which the VM is operating.\n', + }, + { + name: 'subnetwork_name', + type: 'keyword', + description: 'Subnetwork on which the VM is operating.\n', + }, + ], + }, + { + name: 'source.instance', + type: 'group', + description: + 'If the source of the connection was a VM located on the same VPC, this field is populated with VM instance details. In a Shared VPC configuration, project_id corresponds to the project that owns the instance, usually the service project.\n', + fields: [ + { + name: 'project_id', + type: 'keyword', + description: 'ID of the project containing the VM.\n', + }, + { + name: 'region', + type: 'keyword', + description: 'Region of the VM.\n', + }, + { + name: 'zone', + type: 'keyword', + description: 'Zone of the VM.\n', + }, + ], + }, + { + name: 'source.vpc', + type: 'group', + description: + 'If the source of the connection was a VM located on the same VPC, this field is populated with VPC network details. In a Shared VPC configuration, project_id corresponds to that of the host project.\n', + fields: [ + { + name: 'project_id', + type: 'keyword', + description: 'ID of the project containing the VM.\n', + }, + { + name: 'vpc_name', + type: 'keyword', + description: 'VPC on which the VM is operating.\n', + }, + { + name: 'subnetwork_name', + type: 'keyword', + description: 'Subnetwork on which the VM is operating.\n', + }, + ], + }, + { + name: 'audit', + type: 'group', + description: 'Fields for Google Cloud audit logs.\n', + fields: [ + { + name: 'type', + type: 'keyword', + description: 'Type property.\n', + }, + { + name: 'authentication_info', + type: 'group', + description: 'Authentication information.\n', + fields: [ + { + name: 'principal_email', + type: 'keyword', + description: + 'The email address of the authenticated user making the request.\n', + }, + { + name: 'authority_selector', + type: 'keyword', + description: + 'The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority.\n', + }, + ], + }, + { + name: 'authorization_info', + type: 'array', + description: 'Authorization information for the operation.\n', + fields: [ + { + name: 'permission', + type: 'keyword', + description: 'The required IAM permission.\n', + }, + { + name: 'granted', + type: 'boolean', + description: + 'Whether or not authorization for resource and permission was granted.\n', + }, + { + name: 'resource_attributes', + type: 'group', + description: 'The attributes of the resource.\n', + fields: [ + { + name: 'service', + type: 'keyword', + description: 'The name of the service.\n', + }, + { + name: 'name', + type: 'keyword', + description: 'The name of the resource.\n', + }, + { + name: 'type', + type: 'keyword', + description: 'The type of the resource.\n', + }, + ], + }, + ], + }, + { + name: 'method_name', + type: 'keyword', + description: + "The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'.\n", + }, + { + name: 'num_response_items', + type: 'long', + description: + 'The number of items returned from a List or Query API method, if applicable.\n', + }, + { + name: 'request', + type: 'group', + description: 'The operation request.\n', + fields: [ + { + name: 'proto_name', + type: 'keyword', + description: 'Type property of the request.\n', + }, + { + name: 'filter', + type: 'keyword', + description: 'Filter of the request.\n', + }, + { + name: 'name', + type: 'keyword', + description: 'Name of the request.\n', + }, + { + name: 'resource_name', + type: 'keyword', + description: 'Name of the request resource.\n', + }, + ], + }, + { + name: 'request_metadata', + type: 'group', + description: 'Metadata about the request.\n', + fields: [ + { + name: 'caller_ip', + type: 'ip', + description: 'The IP address of the caller.\n', + }, + { + name: 'caller_supplied_user_agent', + type: 'keyword', + description: + 'The user agent of the caller. This information is not authenticated and should be treated accordingly.\n', + }, + ], + }, + { + name: 'resource_name', + type: 'keyword', + description: + "The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'.\n", + }, + { + name: 'resource_location', + type: 'group', + description: 'The location of the resource.\n', + fields: [ + { + name: 'current_locations', + type: 'keyword', + description: 'Current locations of the resource.\n', + }, + ], + }, + { + name: 'service_name', + type: 'keyword', + description: + 'The name of the API service performing the operation. For example, datastore.googleapis.com.\n', + }, + { + name: 'status', + type: 'group', + description: 'The status of the overall operation.\n', + fields: [ + { + name: 'code', + type: 'integer', + description: + 'The status code, which should be an enum value of google.rpc.Code.\n', + }, + { + name: 'message', + type: 'keyword', + description: + 'A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.\n', + }, + ], + }, + ], + }, + { + name: 'firewall', + type: 'group', + description: 'Fields for Google Cloud Firewall logs.\n', + fields: [ + { + name: 'rule_details', + type: 'group', + description: 'Description of the firewall rule that matched this connection.\n', + fields: [ + { + name: 'priority', + type: 'long', + description: 'The priority for the firewall rule.', + }, + { + name: 'action', + type: 'keyword', + description: 'Action that the rule performs on match.', + }, + { + name: 'direction', + type: 'keyword', + description: 'Direction of traffic that matches this rule.', + }, + { + name: 'reference', + type: 'keyword', + description: 'Reference to the firewall rule.', + }, + { + name: 'source_range', + type: 'keyword', + description: 'List of source ranges that the firewall rule applies to.', + }, + { + name: 'destination_range', + type: 'keyword', + description: 'List of destination ranges that the firewall applies to.', + }, + { + name: 'source_tag', + type: 'keyword', + description: 'List of all the source tags that the firewall rule applies to.\n', + }, + { + name: 'target_tag', + type: 'keyword', + description: 'List of all the target tags that the firewall rule applies to.\n', + }, + { + name: 'ip_port_info', + type: 'array', + description: 'List of ip protocols and applicable port ranges for rules.\n', + }, + { + name: 'source_service_account', + type: 'keyword', + description: + 'List of all the source service accounts that the firewall rule applies to.\n', + }, + { + name: 'target_service_account', + type: 'keyword', + description: + 'List of all the target service accounts that the firewall rule applies to.\n', + }, + ], + }, + ], + }, + { + name: 'vpcflow', + type: 'group', + description: 'Fields for Google Cloud VPC flow logs.\n', + fields: [ + { + name: 'reporter', + type: 'keyword', + description: "The side which reported the flow. Can be either 'SRC' or 'DEST'.\n", + }, + { + name: 'rtt.ms', + type: 'long', + description: + 'Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay.\n', + }, + ], + }, + ], + }, + ], + }, + { + key: 'ibmmq', + title: 'ibmmq', + description: 'ibmmq Module\n', + release: 'ga', + fields: [ + { + name: 'ibmmq', + type: 'group', + description: '\n', + fields: [ + { + name: 'errorlog', + description: 'IBM MQ error logs', + type: 'group', + fields: [ + { + name: 'installation', + description: + 'This is the installation name which can be given at installation time.\nEach installation of IBM MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation.\n', + type: 'keyword', + }, + { + name: 'qmgr', + description: + 'Name of the queue manager. Queue managers provide queuing services to applications, and manages the queues that belong to them.\n', + type: 'keyword', + }, + { + name: 'arithinsert', + description: 'Changing content based on error.id', + type: 'keyword', + }, + { + name: 'commentinsert', + description: 'Changing content based on error.id', + type: 'keyword', + }, + { + name: 'errordescription', + description: 'Please add description', + example: 'Please add example', + type: 'text', + }, + { + name: 'explanation', + description: 'Explaines the error in more detail', + type: 'keyword', + }, + { + name: 'action', + description: 'Defines what to do when the error occurs', + type: 'keyword', + }, + { + name: 'code', + description: 'Error code.', + type: 'keyword', + }, + ], + }, + ], + }, + ], + }, + { + key: 'iptables', + title: 'iptables', + description: 'Module for handling the iptables logs.\n', + fields: [ + { + name: 'iptables', + type: 'group', + description: 'Fields from the iptables logs.\n', + fields: [ + { + name: 'ether_type', + type: 'long', + description: + 'Value of the ethernet type field identifying the network layer protocol.\n', + }, + { + name: 'flow_label', + type: 'integer', + description: 'IPv6 flow label.\n', + }, + { + name: 'fragment_flags', + type: 'keyword', + description: 'IP fragment flags. A combination of CE, DF and MF.\n', + }, + { + name: 'fragment_offset', + type: 'long', + description: 'Offset of the current IP fragment.\n', + }, + { + name: 'icmp', + type: 'group', + description: 'ICMP fields.\n', + fields: [ + { + name: 'code', + type: 'long', + description: 'ICMP code.\n', + }, + { + name: 'id', + type: 'long', + description: 'ICMP ID.\n', + }, + { + name: 'parameter', + type: 'long', + description: 'ICMP parameter.\n', + }, + { + name: 'redirect', + type: 'ip', + description: 'ICMP redirect address.\n', + }, + { + name: 'seq', + type: 'long', + description: 'ICMP sequence number.\n', + }, + { + name: 'type', + type: 'long', + description: 'ICMP type.\n', + }, + ], + }, + { + name: 'id', + type: 'long', + description: 'Packet identifier.\n', + }, + { + name: 'incomplete_bytes', + type: 'long', + description: 'Number of incomplete bytes.\n', + }, + { + name: 'input_device', + type: 'keyword', + description: 'Device that received the packet.\n', + }, + { + name: 'precedence_bits', + type: 'short', + description: 'IP precedence bits.\n', + }, + { + name: 'tos', + type: 'long', + description: 'IP Type of Service field.\n', + }, + { + name: 'length', + type: 'long', + description: 'Packet length.\n', + }, + { + name: 'output_device', + type: 'keyword', + description: 'Device that output the packet.\n', + }, + { + name: 'tcp', + type: 'group', + description: 'TCP fields.\n', + fields: [ + { + name: 'flags', + type: 'keyword', + description: 'TCP flags.\n', + }, + { + name: 'reserved_bits', + type: 'short', + description: 'TCP reserved bits.\n', + }, + { + name: 'seq', + type: 'long', + description: 'TCP sequence number.\n', + }, + { + name: 'ack', + type: 'long', + description: 'TCP Acknowledgment number.\n', + }, + { + name: 'window', + type: 'long', + description: 'Advertised TCP window size.\n', + }, + ], + }, + { + name: 'ttl', + type: 'integer', + description: 'Time To Live field.\n', + }, + { + name: 'udp', + type: 'group', + description: 'UDP fields.\n', + fields: [ + { + name: 'length', + type: 'long', + description: 'Length of the UDP header and payload.\n', + }, + ], + }, + { + name: 'ubiquiti', + type: 'group', + description: 'Fields for Ubiquiti network devices.\n', + fields: [ + { + name: 'input_zone', + type: 'keyword', + description: 'Input zone.\n', + }, + { + name: 'output_zone', + type: 'keyword', + description: 'Output zone.\n', + }, + { + name: 'rule_number', + type: 'keyword', + description: 'The rule number within the rule set.', + }, + { + name: 'rule_set', + type: 'keyword', + description: 'The rule set name.', + }, + ], + }, + ], + }, + ], + }, + { + key: 'misp', + title: 'MISP', + description: 'Module for handling threat information from MISP.\n', + fields: [ + { + name: 'misp', + type: 'group', + description: 'Fields from MISP threat information.\n', + fields: [ + { + name: 'attack_pattern', + title: 'Attack Pattern', + short: 'Fields that let you store attack patterns', + description: + 'Fields provide support for specifying information about attack patterns.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the threat indicator.\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'Name of the attack pattern.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: 'Description of the attack pattern.\n', + }, + { + name: 'kill_chain_phases', + level: 'extended', + type: 'keyword', + description: 'The kill chain phase(s) to which this attack pattern corresponds.\n', + }, + ], + }, + { + name: 'campaign', + title: 'Campaign', + short: 'Fields that let you store campaign information', + description: 'Fields provide support for specifying information about campaigns.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the campaign.\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'Name of the campaign.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: 'Description of the campaign.\n', + }, + { + name: 'aliases', + level: 'extended', + type: 'text', + description: 'Alternative names used to identify this campaign.\n', + }, + { + name: 'first_seen', + level: 'core', + type: 'date', + description: 'The time that this Campaign was first seen, in RFC3339 format.\n', + }, + { + name: 'last_seen', + level: 'core', + type: 'date', + description: 'The time that this Campaign was last seen, in RFC3339 format.\n', + }, + { + name: 'objective', + level: 'core', + type: 'keyword', + description: + "This field defines the Campaign's primary goal, objective, desired outcome, or intended effect.\n", + }, + ], + }, + { + name: 'course_of_action', + title: 'Course of Action', + short: 'Fields that let you store information about course of action.', + description: + 'A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Course of Action.\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'The name used to identify the Course of Action.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: 'Description of the Course of Action.\n', + }, + ], + }, + { + name: 'identity', + title: 'Identity', + short: 'Fields that let you store information about identity.', + description: + 'Identity can represent actual individuals, organizations, or groups, as well as classes of individuals, organizations, or groups.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Identity.\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'The name used to identify the Identity.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: 'Description of the Identity.\n', + }, + { + name: 'identity_class', + level: 'core', + type: 'keyword', + description: + 'The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov\n', + }, + { + name: 'labels', + level: 'extended', + type: 'keyword', + description: 'The list of roles that this Identity performs.\n', + example: 'CEO\n', + }, + { + name: 'sectors', + level: 'extended', + type: 'keyword', + description: + 'The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov\n', + }, + { + name: 'contact_information', + level: 'extended', + type: 'text', + description: + 'The contact information (e-mail, phone number, etc.) for this Identity.\n', + }, + ], + }, + { + name: 'intrusion_set', + title: 'Intrusion Set', + short: 'Fields that let you store information about Intrusion Set.', + description: + 'An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Intrusion Set.\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'The name used to identify the Intrusion Set.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: 'Description of the Intrusion Set.\n', + }, + { + name: 'aliases', + level: 'extended', + type: 'text', + description: 'Alternative names used to identify the Intrusion Set.\n', + }, + { + name: 'first_seen', + level: 'extended', + type: 'date', + description: + 'The time that this Intrusion Set was first seen, in RFC3339 format.\n', + }, + { + name: 'last_seen', + level: 'extended', + type: 'date', + description: 'The time that this Intrusion Set was last seen, in RFC3339 format.\n', + }, + { + name: 'goals', + level: 'extended', + type: 'text', + description: + 'The high level goals of this Intrusion Set, namely, what are they trying to do.\n', + }, + { + name: 'resource_level', + level: 'extended', + type: 'text', + description: + 'This defines the organizational level at which this Intrusion Set typically works. Open Vocab - attack-resource-level-ov\n', + }, + { + name: 'primary_motivation', + level: 'extended', + type: 'text', + description: + 'The primary reason, motivation, or purpose behind this Intrusion Set. Open Vocab - attack-motivation-ov\n', + }, + { + name: 'secondary_motivations', + level: 'extended', + type: 'text', + description: + 'The secondary reasons, motivations, or purposes behind this Intrusion Set. Open Vocab - attack-motivation-ov\n', + }, + ], + }, + { + name: 'malware', + title: 'Malware', + short: 'Fields that let you store information about Malware.', + description: + "Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.\n", + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Malware.\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'The name used to identify the Malware.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: 'Description of the Malware.\n', + }, + { + name: 'labels', + level: 'core', + type: 'keyword', + description: + 'The type of malware being described. Open Vocab - malware-label-ov. adware,backdoor,bot,ddos,dropper,exploit-kit,keylogger,ransomware, remote-access-trojan,resource-exploitation,rogue-security-software,rootkit, screen-capture,spyware,trojan,virus,worm\n', + }, + { + name: 'kill_chain_phases', + format: 'string', + level: 'extended', + type: 'keyword', + description: + 'The list of kill chain phases for which this Malware instance can be used.\n', + }, + ], + }, + { + name: 'note', + title: 'Note', + short: 'Fields that let you store information about Malware.', + description: + 'A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Note.\n', + }, + { + name: 'summary', + level: 'extended', + type: 'keyword', + description: 'A brief description used as a summary of the Note.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: 'The content of the Note.\n', + }, + { + name: 'authors', + level: 'extended', + type: 'keyword', + description: 'The name of the author(s) of this Note.\n', + }, + { + name: 'object_refs', + level: 'extended', + type: 'keyword', + description: + 'The STIX Objects (SDOs and SROs) that the note is being applied to.\n', + }, + ], + }, + { + name: 'threat_indicator', + title: 'Threat Indicator', + short: 'Fields that let you store Threat Indicators', + description: + 'Fields provide support for specifying information about threat indicators, and related matching patterns.\n', + type: 'group', + fields: [ + { + name: 'labels', + level: 'core', + type: 'keyword', + description: 'list of type open-vocab that specifies the type of indicator.\n', + example: 'Domain Watchlist\n', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the threat indicator.\n', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + description: 'Version of the threat indicator.\n', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + description: 'Type of the threat indicator.\n', + }, + { + name: 'description', + level: 'core', + type: 'text', + description: 'Description of the threat indicator.\n', + }, + { + name: 'feed', + level: 'core', + type: 'text', + description: 'Name of the threat feed.\n', + }, + { + name: 'valid_from', + level: 'core', + type: 'date', + description: + 'The time from which this Indicator should be considered valuable intelligence, in RFC3339 format.\n', + }, + { + name: 'valid_until', + level: 'core', + type: 'date', + description: + 'The time at which this Indicator should no longer be considered valuable intelligence. If the valid_until property is omitted, then there is no constraint on the latest time for which the indicator should be used, in RFC3339 format.\n', + }, + { + name: 'severity', + format: 'string', + level: 'core', + type: 'keyword', + description: 'Threat severity to which this indicator corresponds.\n', + example: 'high', + }, + { + name: 'confidence', + level: 'core', + type: 'keyword', + description: 'Confidence level to which this indicator corresponds.\n', + example: 'high', + }, + { + name: 'kill_chain_phases', + format: 'string', + level: 'extended', + type: 'keyword', + description: 'The kill chain phase(s) to which this indicator corresponds.\n', + }, + { + name: 'mitre_tactic', + format: 'string', + level: 'extended', + type: 'keyword', + description: 'MITRE tactics to which this indicator corresponds.\n', + example: 'Initial Access', + }, + { + name: 'mitre_technique', + format: 'string', + level: 'extended', + type: 'keyword', + description: 'MITRE techniques to which this indicator corresponds.\n', + example: 'Drive-by Compromise', + }, + { + name: 'attack_pattern', + level: 'core', + type: 'keyword', + description: + 'The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning.\n', + example: "[destination:ip = '91.219.29.188/32']\n", + }, + { + name: 'attack_pattern_kql', + level: 'core', + type: 'keyword', + description: + 'The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format.\n', + example: 'destination.ip: "91.219.29.188/32"\n', + }, + { + name: 'negate', + level: 'core', + type: 'boolean', + description: 'When set to true, it specifies the absence of the attack_pattern.\n', + }, + { + name: 'intrusion_set', + level: 'extended', + type: 'keyword', + description: 'Name of the intrusion set if known.\n', + }, + { + name: 'campaign', + level: 'extended', + type: 'keyword', + description: 'Name of the attack campaign if known.\n', + }, + { + name: 'threat_actor', + level: 'extended', + type: 'keyword', + description: 'Name of the threat actor if known.\n', + }, + ], + }, + { + name: 'observed_data', + title: 'Observed Data', + short: 'Fields that let you store information about Observed Data.', + description: + 'Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Observed Data.\n', + }, + { + name: 'first_observed', + level: 'core', + type: 'date', + description: + 'The beginning of the time window that the data was observed, in RFC3339 format.\n', + }, + { + name: 'last_observed', + level: 'core', + type: 'date', + description: + 'The end of the time window that the data was observed, in RFC3339 format.\n', + }, + { + name: 'number_observed', + level: 'core', + type: 'integer', + description: + 'The number of times the data represented in the objects property was observed. This MUST be an integer between 1 and 999,999,999 inclusive.\n', + }, + { + name: 'objects', + level: 'core', + type: 'keyword', + description: + 'A dictionary of Cyber Observable Objects that describes the single fact that was observed.\n', + }, + ], + }, + { + name: 'report', + title: 'Report', + short: 'Fields that let you store information about Report.', + description: + 'Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Report.\n', + }, + { + name: 'labels', + level: 'core', + type: 'keyword', + description: + 'This field is an Open Vocabulary that specifies the primary subject of this report. Open Vocab - report-label-ov. threat-report,attack-pattern,campaign,identity,indicator,malware,observed-data,threat-actor,tool,vulnerability\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'The name used to identify the Report.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: 'A description that provides more details and context about Report.\n', + }, + { + name: 'published', + level: 'extended', + type: 'date', + description: + 'The date that this report object was officially published by the creator of this report, in RFC3339 format.\n', + }, + { + name: 'object_refs', + level: 'core', + type: 'text', + description: 'Specifies the STIX Objects that are referred to by this Report.\n', + }, + ], + }, + { + name: 'threat_actor', + title: 'Threat Actor', + short: 'Fields that let you store information about Threat Actor.', + description: + 'Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Threat Actor.\n', + }, + { + name: 'labels', + level: 'core', + type: 'keyword', + description: + 'This field specifies the type of threat actor. Open Vocab - threat-actor-label-ov. activist,competitor,crime-syndicate,criminal,hacker,insider-accidental,insider-disgruntled,nation-state,sensationalist,spy,terrorist\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'The name used to identify this Threat Actor or Threat Actor group.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: + 'A description that provides more details and context about the Threat Actor.\n', + }, + { + name: 'aliases', + level: 'extended', + type: 'text', + description: 'A list of other names that this Threat Actor is believed to use.\n', + }, + { + name: 'roles', + level: 'extended', + type: 'text', + description: + 'This is a list of roles the Threat Actor plays. Open Vocab - threat-actor-role-ov. agent,director,independent,sponsor,infrastructure-operator,infrastructure-architect,malware-author\n', + }, + { + name: 'goals', + level: 'extended', + type: 'text', + description: + 'The high level goals of this Threat Actor, namely, what are they trying to do.\n', + }, + { + name: 'sophistication', + level: 'extended', + type: 'text', + description: + 'The skill, specific knowledge, special training, or expertise a Threat Actor must have to perform the attack. Open Vocab - threat-actor-sophistication-ov. none,minimal,intermediate,advanced,strategic,expert,innovator\n', + }, + { + name: 'resource_level', + level: 'extended', + type: 'text', + description: + 'This defines the organizational level at which this Threat Actor typically works. Open Vocab - attack-resource-level-ov. individual,club,contest,team,organization,government\n', + }, + { + name: 'primary_motivation', + level: 'extended', + type: 'text', + description: + 'The primary reason, motivation, or purpose behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable\n', + }, + { + name: 'secondary_motivations', + level: 'extended', + type: 'text', + description: + 'The secondary reasons, motivations, or purposes behind this Threat Actor. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable\n', + }, + { + name: 'personal_motivations', + level: 'extended', + type: 'text', + description: + 'The personal reasons, motivations, or purposes of the Threat Actor regardless of organizational goals. Open Vocab - attack-motivation-ov. accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable\n', + }, + ], + }, + { + name: 'tool', + title: 'Tool', + short: 'Fields that let you store information about Tool.', + description: + 'Tools are legitimate software that can be used by threat actors to perform attacks.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Tool.\n', + }, + { + name: 'labels', + level: 'core', + type: 'keyword', + description: + 'The kind(s) of tool(s) being described. Open Vocab - tool-label-ov. denial-of-service,exploitation,information-gathering,network-capture,credential-exploitation,remote-access,vulnerability-scanning\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'The name used to identify the Tool.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: + 'A description that provides more details and context about the Tool.\n', + }, + { + name: 'tool_version', + level: 'extended', + type: 'keyword', + description: 'The version identifier associated with the Tool.\n', + }, + { + name: 'kill_chain_phases', + level: 'extended', + type: 'text', + description: + 'The list of kill chain phases for which this Tool instance can be used.\n', + }, + ], + }, + { + name: 'vulnerability', + title: 'Vulnerability', + short: 'Fields that let you store information about Vulnerability.', + description: + 'A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.\n', + type: 'group', + fields: [ + { + name: 'id', + level: 'core', + type: 'keyword', + description: 'Identifier of the Vulnerability.\n', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + description: 'The name used to identify the Vulnerability.\n', + }, + { + name: 'description', + level: 'extended', + type: 'text', + description: + 'A description that provides more details and context about the Vulnerability.\n', + }, + ], + }, + ], + }, + ], + }, + { + key: 'mssql', + title: 'mssql', + description: 'MS SQL Filebeat Module', + fields: [ + { + name: 'mssql', + type: 'group', + description: 'Fields from the MSSQL log files', + fields: [ + { + name: 'log', + description: 'Common log fields', + type: 'group', + fields: [ + { + name: 'origin', + description: + 'Origin of the message, usually the server but it can also be a recovery process', + type: 'keyword', + }, + ], + }, + ], + }, + ], + }, + { + key: 'netflow-module', + title: 'NetFlow', + description: + 'Module for receiving NetFlow and IPFIX flow records over UDP. The module does not add fields beyond what the netflow input provides.\n', + fields: [], + }, + { + key: 'o365', + title: 'Office 365', + description: 'Module for handling logs from Office 365.\n', + fields: [ + { + name: 'o365.audit', + type: 'group', + default_field: false, + description: 'Fields from Office 365 Management API audit logs.\n', + fields: [ + { + name: 'Actor', + type: 'array', + fields: [ + { + name: 'ID', + type: 'keyword', + }, + { + name: 'Type', + type: 'keyword', + }, + ], + }, + { + name: 'ActorContextId', + type: 'keyword', + }, + { + name: 'ActorIpAddress', + type: 'keyword', + }, + { + name: 'ActorUserId', + type: 'keyword', + }, + { + name: 'ActorYammerUserId', + type: 'keyword', + }, + { + name: 'AlertEntityId', + type: 'keyword', + }, + { + name: 'AlertId', + type: 'keyword', + }, + { + name: 'AlertLinks', + type: 'array', + }, + { + name: 'AlertType', + type: 'keyword', + }, + { + name: 'AppId', + type: 'keyword', + }, + { + name: 'ApplicationDisplayName', + type: 'keyword', + }, + { + name: 'ApplicationId', + type: 'keyword', + }, + { + name: 'AzureActiveDirectoryEventType', + type: 'keyword', + }, + { + name: 'ExchangeMetaData.*', + type: 'object', + }, + { + name: 'Category', + type: 'keyword', + }, + { + name: 'ClientAppId', + type: 'keyword', + }, + { + name: 'ClientInfoString', + type: 'keyword', + }, + { + name: 'ClientIP', + type: 'keyword', + }, + { + name: 'ClientIPAddress', + type: 'keyword', + }, + { + name: 'Comments', + type: 'text', + norms: false, + }, + { + name: 'CorrelationId', + type: 'keyword', + }, + { + name: 'CreationTime', + type: 'keyword', + }, + { + name: 'CustomUniqueId', + type: 'keyword', + }, + { + name: 'Data', + type: 'keyword', + }, + { + name: 'DataType', + type: 'keyword', + }, + { + name: 'EntityType', + type: 'keyword', + }, + { + name: 'EventData', + type: 'keyword', + }, + { + name: 'EventSource', + type: 'keyword', + }, + { + name: 'ExceptionInfo.*', + type: 'object', + }, + { + name: 'ExtendedProperties.*', + type: 'object', + }, + { + name: 'ExternalAccess', + type: 'keyword', + }, + { + name: 'GroupName', + type: 'keyword', + }, + { + name: 'Id', + type: 'keyword', + }, + { + name: 'ImplicitShare', + type: 'keyword', + }, + { + name: 'IncidentId', + type: 'keyword', + }, + { + name: 'InternalLogonType', + type: 'keyword', + }, + { + name: 'InterSystemsId', + type: 'keyword', + }, + { + name: 'IntraSystemId', + type: 'keyword', + }, + { + name: 'Item.*', + type: 'object', + }, + { + name: 'Item.*.*', + type: 'object', + }, + { + name: 'ItemName', + type: 'keyword', + }, + { + name: 'ItemType', + type: 'keyword', + }, + { + name: 'ListId', + type: 'keyword', + }, + { + name: 'ListItemUniqueId', + type: 'keyword', + }, + { + name: 'LogonError', + type: 'keyword', + }, + { + name: 'LogonType', + type: 'keyword', + }, + { + name: 'LogonUserSid', + type: 'keyword', + }, + { + name: 'MailboxGuid', + type: 'keyword', + }, + { + name: 'MailboxOwnerMasterAccountSid', + type: 'keyword', + }, + { + name: 'MailboxOwnerSid', + type: 'keyword', + }, + { + name: 'MailboxOwnerUPN', + type: 'keyword', + }, + { + name: 'Members', + type: 'array', + }, + { + name: 'Members.*', + type: 'object', + }, + { + name: 'ModifiedProperties.*.*', + type: 'object', + }, + { + name: 'Name', + type: 'keyword', + }, + { + name: 'ObjectId', + type: 'keyword', + }, + { + name: 'Operation', + type: 'keyword', + }, + { + name: 'OrganizationId', + type: 'keyword', + }, + { + name: 'OrganizationName', + type: 'keyword', + }, + { + name: 'OriginatingServer', + type: 'keyword', + }, + { + name: 'Parameters.*', + type: 'object', + }, + { + name: 'PolicyDetails', + type: 'array', + }, + { + name: 'PolicyId', + type: 'keyword', + }, + { + name: 'RecordType', + type: 'keyword', + }, + { + name: 'ResultStatus', + type: 'keyword', + }, + { + name: 'SensitiveInfoDetectionIsIncluded', + type: 'keyword', + }, + { + name: 'SharePointMetaData.*', + type: 'object', + }, + { + name: 'SessionId', + type: 'keyword', + }, + { + name: 'Severity', + type: 'keyword', + }, + { + name: 'Site', + type: 'keyword', + }, + { + name: 'SiteUrl', + type: 'keyword', + }, + { + name: 'Source', + type: 'keyword', + }, + { + name: 'SourceFileExtension', + type: 'keyword', + }, + { + name: 'SourceFileName', + type: 'keyword', + }, + { + name: 'SourceRelativeUrl', + type: 'keyword', + }, + { + name: 'Status', + type: 'keyword', + }, + { + name: 'SupportTicketId', + type: 'keyword', + }, + { + name: 'Target', + type: 'array', + fields: [ + { + name: 'ID', + type: 'keyword', + }, + { + name: 'Type', + type: 'keyword', + }, + ], + }, + { + name: 'TargetContextId', + type: 'keyword', + }, + { + name: 'TargetUserOrGroupName', + type: 'keyword', + }, + { + name: 'TargetUserOrGroupType', + type: 'keyword', + }, + { + name: 'TeamName', + type: 'keyword', + }, + { + name: 'TeamGuid', + type: 'keyword', + }, + { + name: 'UniqueSharingId', + type: 'keyword', + }, + { + name: 'UserAgent', + type: 'keyword', + }, + { + name: 'UserId', + type: 'keyword', + }, + { + name: 'UserKey', + type: 'keyword', + }, + { + name: 'UserType', + type: 'keyword', + }, + { + name: 'Version', + type: 'keyword', + }, + { + name: 'WebId', + type: 'keyword', + }, + { + name: 'Workload', + type: 'keyword', + }, + { + name: 'YammerNetworkId', + type: 'keyword', + }, + ], + }, + ], + }, + { + key: 'okta', + title: 'Okta', + description: 'Module for handling system logs from Okta.\n', + fields: [ + { + name: 'okta', + type: 'group', + default_field: false, + description: 'Fields from Okta.\n', + fields: [ + { + name: 'uuid', + title: 'UUID', + short: 'The unique identifier of the Okta LogEvent.', + description: 'The unique identifier of the Okta LogEvent.\n', + type: 'keyword', + }, + { + name: 'event_type', + title: 'Event Type', + short: 'The type of the LogEvent.', + description: 'The type of the LogEvent.\n', + type: 'keyword', + }, + { + name: 'version', + title: 'Version', + short: 'The version of the LogEvent.', + description: 'The version of the LogEvent.\n', + type: 'keyword', + }, + { + name: 'severity', + title: 'Severity', + short: 'The severity of the LogEvent.', + description: + 'The severity of the LogEvent. Must be one of DEBUG, INFO, WARN, or ERROR.\n', + type: 'keyword', + }, + { + name: 'display_message', + title: 'Display Message', + short: 'The display message of the LogEvent.', + description: 'The display message of the LogEvent.\n', + type: 'keyword', + }, + { + name: 'actor', + title: 'Actor', + short: 'Fields of the actor for the LogEvent.', + description: 'Fields that let you store information of the actor for the LogEvent.\n', + type: 'group', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Identifier of the actor.\n', + }, + { + name: 'type', + type: 'keyword', + description: 'Type of the actor.\n', + }, + { + name: 'alternate_id', + type: 'keyword', + description: 'Alternate identifier of the actor.\n', + }, + { + name: 'display_name', + type: 'keyword', + description: 'Display name of the actor.\n', + }, + ], + }, + { + name: 'client', + title: 'Client', + short: 'Fields about the client of the actor.', + description: 'Fields that let you store information about the client of the actor.\n', + type: 'group', + fields: [ + { + name: 'ip', + type: 'ip', + description: 'The IP address of the client.\n', + }, + { + name: 'user_agent', + description: 'Fields about the user agent information of the client.\n', + type: 'group', + fields: [ + { + name: 'raw_user_agent', + type: 'keyword', + description: 'The raw informaton of the user agent.\n', + }, + { + name: 'os', + type: 'keyword', + description: 'The OS informaton.\n', + }, + { + name: 'browser', + type: 'keyword', + description: 'The browser informaton of the client.\n', + }, + ], + }, + { + name: 'zone', + type: 'keyword', + description: 'The zone information of the client.\n', + }, + { + name: 'device', + type: 'keyword', + description: 'The information of the client device.\n', + }, + { + name: 'id', + type: 'keyword', + description: 'The identifier of the client.\n', + }, + ], + }, + { + name: 'outcome', + title: 'Outcome of the LogEvent.', + short: 'Fields that let you store information about the outcome.', + description: 'Fields that let you store information about the outcome.\n', + type: 'group', + fields: [ + { + name: 'reason', + type: 'keyword', + description: 'The reason of the outcome.\n', + }, + { + name: 'result', + type: 'keyword', + description: + 'The result of the outcome. Must be one of: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN.\n', + }, + ], + }, + { + name: 'target', + title: 'Target', + short: 'The list of targets.', + description: 'The list of targets.\n', + type: 'array', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Identifier of the actor.\n', + }, + { + name: 'type', + type: 'keyword', + description: 'Type of the actor.\n', + }, + { + name: 'alternate_id', + type: 'keyword', + description: 'Alternate identifier of the actor.\n', + }, + { + name: 'display_name', + type: 'keyword', + description: 'Display name of the actor.\n', + }, + ], + }, + { + name: 'transaction', + title: 'Transaction', + short: 'Fields that let you store information about related transaction.', + description: 'Fields that let you store information about related transaction.\n', + type: 'group', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'Identifier of the transaction.\n', + }, + { + name: 'type', + type: 'keyword', + description: 'The type of transaction. Must be one of "WEB", "JOB".\n', + }, + ], + }, + { + name: 'debug_context', + title: 'Debug Context', + short: 'Fields that let you store information about the debug context.', + description: 'Fields that let you store information about the debug context.\n', + type: 'group', + fields: [ + { + name: 'debug_data', + description: 'The debug data.\n', + type: 'group', + fields: [ + { + name: 'device_fingerprint', + type: 'keyword', + description: 'The fingerprint of the device.\n', + }, + { + name: 'request_id', + type: 'keyword', + description: 'The identifier of the request.\n', + }, + { + name: 'request_uri', + type: 'keyword', + description: 'The request URI.\n', + }, + { + name: 'threat_suspected', + type: 'keyword', + description: 'Threat suspected.\n', + }, + { + name: 'url', + type: 'keyword', + description: 'The URL.\n', + }, + ], + }, + ], + }, + { + name: 'authentication_context', + title: 'Authentication Context', + short: 'Fields that let you store information about authentication context.', + description: 'Fields that let you store information about authentication context.\n', + type: 'group', + fields: [ + { + name: 'authentication_provider', + type: 'keyword', + description: + 'The information about the authentication provider. Must be one of OKTA_AUTHENTICATION_PROVIDER, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL, FACTOR_PROVIDER.\n', + }, + { + name: 'authentication_step', + type: 'integer', + description: 'The authentication step.\n', + }, + { + name: 'credential_provider', + type: 'keyword', + description: + 'The information about credential provider. Must be one of OKTA_CREDENTIAL_PROVIDER, RSA, SYMANTEC, GOOGLE, DUO, YUBIKEY.\n', + }, + { + name: 'credential_type', + type: 'keyword', + description: + 'The information about credential type. Must be one of OTP, SMS, PASSWORD, ASSERTION, IWA, EMAIL, OAUTH2, JWT, CERTIFICATE, PRE_SHARED_SYMMETRIC_KEY, OKTA_CLIENT_SESSION, DEVICE_UDID.\n', + }, + { + name: 'issuer', + description: 'The information about the issuer.\n', + type: 'array', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'The identifier of the issuer.\n', + }, + { + name: 'type', + type: 'keyword', + description: 'The type of the issuer.\n', + }, + ], + }, + { + name: 'external_session_id', + type: 'keyword', + description: 'The session identifer of the external session if any.\n', + }, + { + name: 'interface', + type: 'keyword', + description: 'The interface used. e.g., Outlook, Office365, wsTrust\n', + }, + ], + }, + { + name: 'security_context', + title: 'Security Context', + short: 'Fields that let you store information about security context.', + description: 'Fields that let you store information about security context.\n', + type: 'group', + fields: [ + { + name: 'as', + type: 'group', + description: 'The autonomous system.\n', + fields: [ + { + name: 'number', + type: 'integer', + description: 'The AS number.\n', + }, + { + name: 'organization', + type: 'group', + description: 'The organization that owns the AS number.\n', + fields: [ + { + name: 'name', + type: 'keyword', + description: 'The organization name.\n', + }, + ], + }, + ], + }, + { + name: 'isp', + type: 'keyword', + description: 'The Internet Service Provider.\n', + }, + { + name: 'domain', + type: 'keyword', + description: 'The domain name.\n', + }, + { + name: 'is_proxy', + type: 'boolean', + description: 'Whether it is a proxy or not.\n', + }, + ], + }, + { + name: 'request', + title: 'Request', + short: 'Fields that let you store information about the request.', + description: + 'Fields that let you store information about the request, in the form of list of ip_chain.\n', + type: 'group', + fields: [ + { + name: 'ip_chain', + description: 'List of ip_chain objects.\n', + type: 'group', + fields: [ + { + name: 'ip', + type: 'ip', + description: 'IP address.\n', + }, + { + name: 'version', + type: 'keyword', + description: 'IP version. Must be one of V4, V6.\n', + }, + { + name: 'source', + type: 'keyword', + description: 'Source information.\n', + }, + { + name: 'geographical_context', + description: 'Geographical information.\n', + type: 'group', + fields: [ + { + name: 'city', + type: 'keyword', + description: 'The city.', + }, + { + name: 'state', + type: 'keyword', + description: 'The state.', + }, + { + name: 'postal_code', + type: 'keyword', + description: 'The postal code.', + }, + { + name: 'country', + type: 'keyword', + description: 'The country.', + }, + { + name: 'geolocation', + description: 'Geolocation information.\n', + type: 'geo_point', + }, + ], + }, + ], + }, + ], + }, + ], + }, + ], + }, + { + key: 'panw', + title: 'panw', + description: 'Module for Palo Alto Networks (PAN-OS)\n', + fields: [ + { + name: 'panw', + type: 'group', + description: 'Fields from the panw module.\n', + fields: [ + { + name: 'panos', + type: 'group', + description: 'Fields for the Palo Alto Networks PAN-OS logs.\n', + fields: [ + { + name: 'ruleset', + type: 'keyword', + description: 'Name of the rule that matched this session.\n', + }, + { + name: 'source', + type: 'group', + description: 'Fields to extend the top-level source object.\n', + fields: [ + { + name: 'zone', + type: 'keyword', + description: 'Source zone for this session.\n', + }, + { + name: 'interface', + type: 'keyword', + description: 'Source interface for this session.\n', + }, + { + name: 'nat', + type: 'group', + description: 'Post-NAT source address, if source NAT is performed.\n', + fields: [ + { + name: 'ip', + type: 'ip', + description: 'Post-NAT source IP.\n', + }, + { + name: 'port', + type: 'long', + description: 'Post-NAT source port.\n', + }, + ], + }, + ], + }, + { + name: 'destination', + type: 'group', + description: 'Fields to extend the top-level destination object.\n', + fields: [ + { + name: 'zone', + type: 'keyword', + description: 'Destination zone for this session.\n', + }, + { + name: 'interface', + type: 'keyword', + description: 'Destination interface for this session.\n', + }, + { + name: 'nat', + type: 'group', + description: 'Post-NAT destination address, if destination NAT is performed.\n', + fields: [ + { + name: 'ip', + type: 'ip', + description: 'Post-NAT destination IP.\n', + }, + { + name: 'port', + type: 'long', + description: 'Post-NAT destination port.\n', + }, + ], + }, + ], + }, + { + name: 'network', + type: 'group', + description: 'Fields to extend the top-level network object.\n', + fields: [ + { + name: 'pcap_id', + type: 'keyword', + description: 'Packet capture ID for a threat.\n', + }, + { + name: 'nat', + type: 'group', + fields: [ + { + name: 'community_id', + type: 'keyword', + description: 'Community ID flow-hash for the NAT 5-tuple.\n', + }, + ], + }, + ], + }, + { + name: 'file', + type: 'group', + description: 'Fields to extend the top-level file object.\n', + fields: [ + { + name: 'hash', + description: + 'Binary hash for a threat file sent to be analyzed by the WildFire service.\n', + type: 'keyword', + }, + ], + }, + { + name: 'url', + type: 'group', + description: 'Fields to extend the top-level url object.\n', + fields: [ + { + name: 'category', + type: 'keyword', + description: + "For threat URLs, it's the URL category. For WildFire, the verdict on the file and is either 'malicious', 'grayware', or 'benign'.\n", + }, + ], + }, + { + name: 'flow_id', + type: 'keyword', + description: 'Internal numeric identifier for each session.\n', + }, + { + name: 'sequence_number', + type: 'long', + description: + 'Log entry identifier that is incremented sequentially. Unique for each log type.\n', + }, + { + name: 'threat.resource', + type: 'keyword', + description: 'URL or file name for a threat.\n', + }, + { + name: 'threat.id', + type: 'keyword', + description: 'Palo Alto Networks identifier for the threat.\n', + }, + { + name: 'threat.name', + type: 'keyword', + description: 'Palo Alto Networks name for the threat.\n', + }, + ], + }, + ], + }, + ], + }, + { + key: 'rabbitmq', + title: 'RabbitMQ', + description: 'RabbitMQ Module\n', + fields: [ + { + name: 'rabbitmq', + type: 'group', + description: '\n', + fields: [ + { + name: 'log', + type: 'group', + description: 'RabbitMQ log files\n', + fields: [ + { + name: 'pid', + type: 'keyword', + description: 'The Erlang process id', + example: '<0.222.0>', + }, + ], + }, + ], + }, + ], + }, + { + key: 'suricata', + title: 'Suricata', + description: 'Module for handling the EVE JSON logs produced by Suricata.\n', + fields: [ + { + name: 'suricata', + type: 'group', + description: 'Fields from the Suricata EVE log file.\n', + fields: [ + { + name: 'eve', + type: 'group', + description: 'Fields exported by the EVE JSON logs\n', + fields: [ + { + name: 'event_type', + type: 'keyword', + }, + { + name: 'app_proto_orig', + type: 'keyword', + }, + { + name: 'tcp', + type: 'group', + fields: [ + { + name: 'tcp_flags', + type: 'keyword', + }, + { + name: 'psh', + type: 'boolean', + }, + { + name: 'tcp_flags_tc', + type: 'keyword', + }, + { + name: 'ack', + type: 'boolean', + }, + { + name: 'syn', + type: 'boolean', + }, + { + name: 'state', + type: 'keyword', + }, + { + name: 'tcp_flags_ts', + type: 'keyword', + }, + { + name: 'rst', + type: 'boolean', + }, + { + name: 'fin', + type: 'boolean', + }, + ], + }, + { + name: 'fileinfo', + type: 'group', + fields: [ + { + name: 'sha1', + type: 'keyword', + }, + { + name: 'filename', + type: 'alias', + path: 'file.path', + }, + { + name: 'tx_id', + type: 'long', + }, + { + name: 'state', + type: 'keyword', + }, + { + name: 'stored', + type: 'boolean', + }, + { + name: 'gaps', + type: 'boolean', + }, + { + name: 'sha256', + type: 'keyword', + }, + { + name: 'md5', + type: 'keyword', + }, + { + name: 'size', + type: 'alias', + path: 'file.size', + }, + ], + }, + { + name: 'icmp_type', + type: 'long', + }, + { + name: 'dest_port', + type: 'alias', + path: 'destination.port', + }, + { + name: 'src_port', + type: 'alias', + path: 'source.port', + }, + { + name: 'proto', + type: 'alias', + path: 'network.transport', + }, + { + name: 'pcap_cnt', + type: 'long', + }, + { + name: 'src_ip', + type: 'alias', + path: 'source.ip', + }, + { + name: 'dns', + type: 'group', + fields: [ + { + name: 'type', + type: 'keyword', + }, + { + name: 'rrtype', + type: 'keyword', + }, + { + name: 'rrname', + type: 'keyword', + }, + { + name: 'rdata', + type: 'keyword', + }, + { + name: 'tx_id', + type: 'long', + }, + { + name: 'ttl', + type: 'long', + }, + { + name: 'rcode', + type: 'keyword', + }, + { + name: 'id', + type: 'long', + }, + ], + }, + { + name: 'flow_id', + type: 'keyword', + }, + { + name: 'email', + type: 'group', + fields: [ + { + name: 'status', + type: 'keyword', + }, + ], + }, + { + name: 'dest_ip', + type: 'alias', + path: 'destination.ip', + }, + { + name: 'icmp_code', + type: 'long', + }, + { + name: 'http', + type: 'group', + fields: [ + { + name: 'status', + type: 'alias', + path: 'http.response.status_code', + }, + { + name: 'redirect', + type: 'keyword', + }, + { + name: 'http_user_agent', + type: 'alias', + path: 'user_agent.original', + }, + { + name: 'protocol', + type: 'keyword', + }, + { + name: 'http_refer', + type: 'alias', + path: 'http.request.referrer', + }, + { + name: 'url', + type: 'alias', + path: 'url.original', + }, + { + name: 'hostname', + type: 'alias', + path: 'url.domain', + }, + { + name: 'length', + type: 'alias', + path: 'http.response.body.bytes', + }, + { + name: 'http_method', + type: 'alias', + path: 'http.request.method', + }, + { + name: 'http_content_type', + type: 'keyword', + }, + ], + }, + { + name: 'timestamp', + type: 'alias', + path: '@timestamp', + }, + { + name: 'in_iface', + type: 'keyword', + }, + { + name: 'alert', + type: 'group', + fields: [ + { + name: 'category', + type: 'keyword', + }, + { + name: 'severity', + type: 'alias', + path: 'event.severity', + }, + { + name: 'rev', + type: 'long', + }, + { + name: 'gid', + type: 'long', + }, + { + name: 'signature', + type: 'keyword', + }, + { + name: 'action', + type: 'alias', + path: 'event.outcome', + }, + { + name: 'signature_id', + type: 'long', + }, + ], + }, + { + name: 'ssh', + type: 'group', + fields: [ + { + name: 'client', + type: 'group', + fields: [ + { + name: 'proto_version', + type: 'keyword', + }, + { + name: 'software_version', + type: 'keyword', + }, + ], + }, + { + name: 'server', + type: 'group', + fields: [ + { + name: 'proto_version', + type: 'keyword', + }, + { + name: 'software_version', + type: 'keyword', + }, + ], + }, + ], + }, + { + name: 'stats', + type: 'group', + fields: [ + { + name: 'capture', + type: 'group', + fields: [ + { + name: 'kernel_packets', + type: 'long', + }, + { + name: 'kernel_drops', + type: 'long', + }, + { + name: 'kernel_ifdrops', + type: 'long', + }, + ], + }, + { + name: 'uptime', + type: 'long', + }, + { + name: 'detect', + type: 'group', + fields: [ + { + name: 'alert', + type: 'long', + }, + ], + }, + { + name: 'http', + type: 'group', + fields: [ + { + name: 'memcap', + type: 'long', + }, + { + name: 'memuse', + type: 'long', + }, + ], + }, + { + name: 'file_store', + type: 'group', + fields: [ + { + name: 'open_files', + type: 'long', + }, + ], + }, + { + name: 'defrag', + type: 'group', + fields: [ + { + name: 'max_frag_hits', + type: 'long', + }, + { + name: 'ipv4', + type: 'group', + fields: [ + { + name: 'timeouts', + type: 'long', + }, + { + name: 'fragments', + type: 'long', + }, + { + name: 'reassembled', + type: 'long', + }, + ], + }, + { + name: 'ipv6', + type: 'group', + fields: [ + { + name: 'timeouts', + type: 'long', + }, + { + name: 'fragments', + type: 'long', + }, + { + name: 'reassembled', + type: 'long', + }, + ], + }, + ], + }, + { + name: 'flow', + type: 'group', + fields: [ + { + name: 'tcp_reuse', + type: 'long', + }, + { + name: 'udp', + type: 'long', + }, + { + name: 'memcap', + type: 'long', + }, + { + name: 'emerg_mode_entered', + type: 'long', + }, + { + name: 'emerg_mode_over', + type: 'long', + }, + { + name: 'tcp', + type: 'long', + }, + { + name: 'icmpv6', + type: 'long', + }, + { + name: 'icmpv4', + type: 'long', + }, + { + name: 'spare', + type: 'long', + }, + { + name: 'memuse', + type: 'long', + }, + ], + }, + { + name: 'tcp', + type: 'group', + fields: [ + { + name: 'pseudo_failed', + type: 'long', + }, + { + name: 'ssn_memcap_drop', + type: 'long', + }, + { + name: 'insert_data_overlap_fail', + type: 'long', + }, + { + name: 'sessions', + type: 'long', + }, + { + name: 'pseudo', + type: 'long', + }, + { + name: 'synack', + type: 'long', + }, + { + name: 'insert_data_normal_fail', + type: 'long', + }, + { + name: 'syn', + type: 'long', + }, + { + name: 'memuse', + type: 'long', + }, + { + name: 'invalid_checksum', + type: 'long', + }, + { + name: 'segment_memcap_drop', + type: 'long', + }, + { + name: 'overlap', + type: 'long', + }, + { + name: 'insert_list_fail', + type: 'long', + }, + { + name: 'rst', + type: 'long', + }, + { + name: 'stream_depth_reached', + type: 'long', + }, + { + name: 'reassembly_memuse', + type: 'long', + }, + { + name: 'reassembly_gap', + type: 'long', + }, + { + name: 'overlap_diff_data', + type: 'long', + }, + { + name: 'no_flow', type: 'long', }, + ], + }, + { + name: 'decoder', + type: 'group', + fields: [ { - name: 'segment_memcap_drop', + name: 'avg_pkt_size', type: 'long', }, { - name: 'overlap', + name: 'bytes', type: 'long', }, { - name: 'insert_list_fail', + name: 'tcp', type: 'long', }, { - name: 'rst', + name: 'raw', type: 'long', }, { - name: 'stream_depth_reached', + name: 'ppp', type: 'long', }, { - name: 'reassembly_memuse', + name: 'vlan_qinq', type: 'long', }, { - name: 'reassembly_gap', + name: 'null', type: 'long', }, { - name: 'overlap_diff_data', + name: 'ltnull', + type: 'group', + fields: [ + { + name: 'unsupported_type', + type: 'long', + }, + { + name: 'pkt_too_small', + type: 'long', + }, + ], + }, + { + name: 'invalid', + type: 'long', + }, + { + name: 'gre', + type: 'long', + }, + { + name: 'ipv4', + type: 'long', + }, + { + name: 'ipv6', + type: 'long', + }, + { + name: 'pkts', + type: 'long', + }, + { + name: 'ipv6_in_ipv6', + type: 'long', + }, + { + name: 'ipraw', + type: 'group', + fields: [ + { + name: 'invalid_ip_version', + type: 'long', + }, + ], + }, + { + name: 'pppoe', + type: 'long', + }, + { + name: 'udp', + type: 'long', + }, + { + name: 'dce', + type: 'group', + fields: [ + { + name: 'pkt_too_small', + type: 'long', + }, + ], + }, + { + name: 'vlan', + type: 'long', + }, + { + name: 'sctp', + type: 'long', + }, + { + name: 'max_pkt_size', + type: 'long', + }, + { + name: 'teredo', + type: 'long', + }, + { + name: 'mpls', + type: 'long', + }, + { + name: 'sll', + type: 'long', + }, + { + name: 'icmpv6', + type: 'long', + }, + { + name: 'icmpv4', + type: 'long', + }, + { + name: 'erspan', + type: 'long', + }, + { + name: 'ethernet', + type: 'long', + }, + { + name: 'ipv4_in_ipv6', + type: 'long', + }, + { + name: 'ieee8021ah', + type: 'long', + }, + ], + }, + { + name: 'dns', + type: 'group', + fields: [ + { + name: 'memcap_global', + type: 'long', + }, + { + name: 'memcap_state', + type: 'long', + }, + { + name: 'memuse', + type: 'long', + }, + ], + }, + { + name: 'flow_mgr', + type: 'group', + fields: [ + { + name: 'rows_busy', + type: 'long', + }, + { + name: 'flows_timeout', + type: 'long', + }, + { + name: 'flows_notimeout', + type: 'long', + }, + { + name: 'rows_skipped', + type: 'long', + }, + { + name: 'closed_pruned', + type: 'long', + }, + { + name: 'new_pruned', + type: 'long', + }, + { + name: 'flows_removed', + type: 'long', + }, + { + name: 'bypassed_pruned', + type: 'long', + }, + { + name: 'est_pruned', + type: 'long', + }, + { + name: 'flows_timeout_inuse', + type: 'long', + }, + { + name: 'flows_checked', + type: 'long', + }, + { + name: 'rows_maxlen', + type: 'long', + }, + { + name: 'rows_checked', + type: 'long', + }, + { + name: 'rows_empty', type: 'long', }, + ], + }, + { + name: 'app_layer', + type: 'group', + fields: [ + { + name: 'flow', + type: 'group', + fields: [ + { + name: 'tls', + type: 'long', + }, + { + name: 'ftp', + type: 'long', + }, + { + name: 'http', + type: 'long', + }, + { + name: 'failed_udp', + type: 'long', + }, + { + name: 'dns_udp', + type: 'long', + }, + { + name: 'dns_tcp', + type: 'long', + }, + { + name: 'smtp', + type: 'long', + }, + { + name: 'failed_tcp', + type: 'long', + }, + { + name: 'msn', + type: 'long', + }, + { + name: 'ssh', + type: 'long', + }, + { + name: 'imap', + type: 'long', + }, + { + name: 'dcerpc_udp', + type: 'long', + }, + { + name: 'dcerpc_tcp', + type: 'long', + }, + { + name: 'smb', + type: 'long', + }, + ], + }, { - name: 'no_flow', - type: 'long', + name: 'tx', + type: 'group', + fields: [ + { + name: 'tls', + type: 'long', + }, + { + name: 'ftp', + type: 'long', + }, + { + name: 'http', + type: 'long', + }, + { + name: 'dns_udp', + type: 'long', + }, + { + name: 'dns_tcp', + type: 'long', + }, + { + name: 'smtp', + type: 'long', + }, + { + name: 'ssh', + type: 'long', + }, + { + name: 'dcerpc_udp', + type: 'long', + }, + { + name: 'dcerpc_tcp', + type: 'long', + }, + { + name: 'smb', + type: 'long', + }, + ], }, ], }, + ], + }, + { + name: 'tls', + type: 'group', + fields: [ + { + name: 'notbefore', + type: 'date', + }, + { + name: 'issuerdn', + type: 'keyword', + }, + { + name: 'sni', + type: 'keyword', + }, + { + name: 'version', + type: 'keyword', + }, + { + name: 'session_resumed', + type: 'boolean', + }, + { + name: 'fingerprint', + type: 'keyword', + }, + { + name: 'serial', + type: 'keyword', + }, + { + name: 'notafter', + type: 'date', + }, + { + name: 'subject', + type: 'keyword', + }, + ], + }, + { + name: 'app_proto_ts', + type: 'keyword', + }, + { + name: 'flow', + type: 'group', + fields: [ + { + name: 'bytes_toclient', + type: 'alias', + path: 'destination.bytes', + }, + { + name: 'start', + type: 'alias', + path: 'event.start', + }, + { + name: 'pkts_toclient', + type: 'alias', + path: 'destination.packets', + }, + { + name: 'age', + type: 'long', + }, + { + name: 'state', + type: 'keyword', + }, + { + name: 'bytes_toserver', + type: 'alias', + path: 'source.bytes', + }, + { + name: 'reason', + type: 'keyword', + }, + { + name: 'pkts_toserver', + type: 'alias', + path: 'source.packets', + }, + { + name: 'end', + type: 'date', + }, + { + name: 'alerted', + type: 'boolean', + }, + ], + }, + { + name: 'app_proto', + type: 'alias', + path: 'network.protocol', + }, + { + name: 'tx_id', + type: 'long', + }, + { + name: 'app_proto_tc', + type: 'keyword', + }, + { + name: 'smtp', + type: 'group', + fields: [ + { + name: 'rcpt_to', + type: 'keyword', + }, + { + name: 'mail_from', + type: 'keyword', + }, + { + name: 'helo', + type: 'keyword', + }, + ], + }, + { + name: 'app_proto_expected', + type: 'keyword', + }, + { + name: 'flags', + type: 'group', + fields: [], + }, + ], + }, + ], + }, + ], + }, + { + key: 'zeek', + title: 'Zeek', + description: 'Module for handling logs produced by Zeek/Bro\n', + fields: [ + { + name: 'zeek', + type: 'group', + description: 'Fields from Zeek/Bro logs after normalization\n', + fields: [ + { + name: 'session_id', + type: 'keyword', + description: 'A unique identifier of the session\n', + }, + { + name: 'capture_loss', + type: 'group', + description: 'Fields exported by the Zeek capture_loss log\n', + fields: [ + { + name: 'ts_delta', + type: 'integer', + description: 'The time delay between this measurement and the last.\n', + }, + { + name: 'peer', + type: 'keyword', + description: + 'In the event that there are multiple Bro instances logging to the same host, this distinguishes each peer with its individual name.\n', + }, + { + name: 'gaps', + type: 'integer', + description: 'Number of missed ACKs from the previous measurement interval.\n', + }, + { + name: 'acks', + type: 'integer', + description: 'Total number of ACKs seen in the previous measurement interval.\n', + }, + { + name: 'percent_lost', + type: 'double', + description: "Percentage of ACKs seen where the data being ACKed wasn't seen.\n", + }, + ], + }, + { + name: 'connection', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek Connection log\n', + fields: [ + { + name: 'local_orig', + type: 'boolean', + description: 'Indicates whether the session is originated locally.\n', + }, + { + name: 'local_resp', + type: 'boolean', + description: 'Indicates whether the session is responded locally.\n', + }, + { + name: 'missed_bytes', + type: 'long', + description: 'Missed bytes for the session.\n', + }, + { + name: 'state', + type: 'keyword', + description: 'Code indicating the state of the session.\n', + }, + { + name: 'state_message', + type: 'keyword', + description: 'The state of the session.\n', + }, + { + name: 'icmp', + type: 'group', + fields: [ + { + name: 'type', + type: 'integer', + description: 'ICMP message type.\n', + }, + { + name: 'code', + type: 'integer', + description: 'ICMP message code.\n', + }, + ], + }, + { + name: 'history', + type: 'keyword', + description: 'Flags indicating the history of the session.\n', + }, + { + name: 'vlan', + type: 'integer', + description: 'VLAN identifier.\n', + }, + { + name: 'inner_vlan', + type: 'integer', + description: 'VLAN identifier.\n', + }, + ], + }, + { + name: 'dce_rpc', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek DCE_RPC log\n', + fields: [ + { + name: 'rtt', + type: 'integer', + description: + "Round trip time from the request to the response. If either the request or response wasn't seen, this will be null.\n", + }, + { + name: 'named_pipe', + type: 'keyword', + description: 'Remote pipe name.\n', + }, + { + name: 'endpoint', + type: 'keyword', + description: 'Endpoint name looked up from the uuid.\n', + }, + { + name: 'operation', + type: 'keyword', + description: 'Operation seen in the call.\n', + }, + ], + }, + { + name: 'dhcp', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek DHCP log\n', + fields: [ + { + name: 'domain', + type: 'keyword', + description: 'Domain given by the server in option 15.\n', + }, + { + name: 'duration', + type: 'double', + description: + 'Duration of the DHCP session representing the time from the first\nmessage to the last, in seconds.\n', + }, + { + name: 'hostname', + type: 'keyword', + description: 'Name given by client in Hostname option 12.\n', + }, + { + name: 'client_fqdn', + type: 'keyword', + description: 'FQDN given by client in Client FQDN option 81.\n', + }, + { + name: 'lease_time', + type: 'integer', + description: 'IP address lease interval in seconds.\n', + }, + { + name: 'address', + type: 'group', + description: 'Addresses seen in this DHCP exchange.\n', + fields: [ + { + name: 'assigned', + type: 'ip', + description: 'IP address assigned by the server.\n', + }, + { + name: 'client', + type: 'ip', + description: + 'IP address of the client. If a transaction is only a client sending\nINFORM messages then there is no lease information exchanged so this\nis helpful to know who sent the messages. Getting an address in this\nfield does require that the client sources at least one DHCP message\nusing a non-broadcast address.\n', + }, + { + name: 'mac', + type: 'keyword', + description: "Client's hardware address.\n", + }, + { + name: 'requested', + type: 'ip', + description: 'IP address requested by the client.\n', + }, + { + name: 'server', + type: 'ip', + description: 'IP address of the DHCP server.\n', + }, + ], + }, + { + name: 'msg', + type: 'group', + fields: [ + { + name: 'types', + type: 'keyword', + description: 'List of DHCP message types seen in this exchange.\n', + }, + { + name: 'origin', + type: 'ip', + description: + '(present if policy/protocols/dhcp/msg-orig.bro is loaded)\nThe address that originated each message from the msg.types field.\n', + }, + { + name: 'client', + type: 'keyword', + description: + 'Message typically accompanied with a DHCP_DECLINE so the client can\ntell the server why it rejected an address.\n', + }, + { + name: 'server', + type: 'keyword', + description: + 'Message typically accompanied with a DHCP_NAK to let the client know\nwhy it rejected the request.\n', + }, + ], + }, + { + name: 'software', + type: 'group', + fields: [ + { + name: 'client', + type: 'keyword', + description: + '(present if policy/protocols/dhcp/software.bro is loaded)\nSoftware reported by the client in the vendor_class option.\n', + }, + { + name: 'server', + type: 'keyword', + description: + '(present if policy/protocols/dhcp/software.bro is loaded)\nSoftware reported by the client in the vendor_class option.\n', + }, + ], + }, + { + name: 'id', + type: 'group', + fields: [ + { + name: 'circuit', + type: 'keyword', + description: + '(present if policy/protocols/dhcp/sub-opts.bro is loaded)\nAdded by DHCP relay agents which terminate switched or permanent\ncircuits. It encodes an agent-local identifier of the circuit from\nwhich a DHCP client-to-server packet was received. Typically it\nshould represent a router or switch interface number.\n', + }, + { + name: 'remote_agent', + type: 'keyword', + description: + '(present if policy/protocols/dhcp/sub-opts.bro is loaded)\nA globally unique identifier added by relay agents to identify the\nremote host end of the circuit.\n', + }, + { + name: 'subscriber', + type: 'keyword', + description: + "(present if policy/protocols/dhcp/sub-opts.bro is loaded)\nThe subscriber ID is a value independent of the physical network\nconfiguration so that a customer's DHCP configuration can be given\nto them correctly no matter where they are physically connected.\n", + }, + ], + }, + ], + }, + { + name: 'dnp3', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SSH log\n', + fields: [ + { + name: 'function', + type: 'group', + fields: [ + { + name: 'request', + type: 'keyword', + description: 'The name of the function message in the request.\n', + }, + { + name: 'reply', + type: 'keyword', + description: 'The name of the function message in the reply.\n', + }, + ], + }, + { + name: 'id', + type: 'integer', + description: "The response's internal indication number.\n", + }, + ], + }, + { + name: 'dns', + type: 'group', + description: 'Fields exported by the Zeek DNS log\n', + fields: [ + { + name: 'trans_id', + type: 'keyword', + description: 'DNS transaction identifier.\n', + }, + { + name: 'rtt', + type: 'double', + description: 'Round trip time for the query and response.\n', + }, + { + name: 'query', + type: 'keyword', + description: 'The domain name that is the subject of the DNS query.\n', + }, + { + name: 'qclass', + type: 'long', + description: 'The QCLASS value specifying the class of the query.\n', + }, + { + name: 'qclass_name', + type: 'keyword', + description: 'A descriptive name for the class of the query.\n', + }, + { + name: 'qtype', + type: 'long', + description: 'A QTYPE value specifying the type of the query.\n', + }, + { + name: 'qtype_name', + type: 'keyword', + description: 'A descriptive name for the type of the query.\n', + }, + { + name: 'rcode', + type: 'long', + description: 'The response code value in DNS response messages.\n', + }, + { + name: 'rcode_name', + type: 'keyword', + description: 'A descriptive name for the response code value.\n', + }, + { + name: 'AA', + type: 'boolean', + description: + 'The Authoritative Answer bit for response messages specifies that the responding\nname server is an authority for the domain name in the question section.\n', + }, + { + name: 'TC', + type: 'boolean', + description: 'The Truncation bit specifies that the message was truncated.\n', + }, + { + name: 'RD', + type: 'boolean', + description: + 'The Recursion Desired bit in a request message indicates that the client\nwants recursive service for this query.\n', + }, + { + name: 'RA', + type: 'boolean', + description: + 'The Recursion Available bit in a response message indicates that the name\nserver supports recursive queries.\n', + }, + { + name: 'answers', + type: 'keyword', + description: 'The set of resource descriptions in the query answer.\n', + }, + { + name: 'TTLs', + type: 'double', + description: + 'The caching intervals of the associated RRs described by the answers field.\n', + }, + { + name: 'rejected', + type: 'boolean', + description: 'Indicates whether the DNS query was rejected by the server.\n', + }, + { + name: 'total_answers', + type: 'integer', + description: 'The total number of resource records in the reply.\n', + }, + { + name: 'total_replies', + type: 'integer', + description: 'The total number of resource records in the reply message.\n', + }, + { + name: 'saw_query', + type: 'boolean', + description: 'Whether the full DNS query has been seen.\n', + }, + { + name: 'saw_reply', + type: 'boolean', + description: 'Whether the full DNS reply has been seen.\n', + }, + ], + }, + { + name: 'dpd', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek DPD log\n', + fields: [ + { + name: 'analyzer', + type: 'keyword', + description: 'The analyzer that generated the violation.\n', + }, + { + name: 'failure_reason', + type: 'keyword', + description: 'The textual reason for the analysis failure.\n', + }, + { + name: 'packet_segment', + type: 'keyword', + description: + '(present if policy/frameworks/dpd/packet-segment-logging.bro is loaded)\nA chunk of the payload that most likely resulted in the protocol violation.\n', + }, + ], + }, + { + name: 'files', + type: 'group', + description: 'Fields exported by the Zeek Files log.\n', + fields: [ + { + name: 'fuid', + type: 'keyword', + description: 'A file unique identifier.\n', + }, + { + name: 'tx_host', + type: 'ip', + description: 'The host that transferred the file.\n', + }, + { + name: 'rx_host', + type: 'ip', + description: 'The host that received the file.\n', + }, + { + name: 'session_ids', + type: 'keyword', + description: 'The sessions that have this file.\n', + }, + { + name: 'source', + type: 'keyword', + description: + 'An identification of the source of the file data. E.g. it may be a network protocol\nover which it was transferred, or a local file path which was read, or some other\ninput source.\n', + }, + { + name: 'depth', + type: 'long', + description: + 'A value to represent the depth of this file in relation to its source. In SMTP, it\nis the depth of the MIME attachment on the message. In HTTP, it is the depth of the\nrequest within the TCP connection.\n', + }, + { + name: 'analyzers', + type: 'keyword', + description: 'A set of analysis types done during the file analysis.\n', + }, + { + name: 'mime_type', + type: 'keyword', + description: 'Mime type of the file.\n', + }, + { + name: 'filename', + type: 'keyword', + description: 'Name of the file if available.\n', + }, + { + name: 'local_orig', + type: 'boolean', + description: + 'If the source of this file is a network connection, this field indicates if the data\noriginated from the local network or not.\n', + }, + { + name: 'is_orig', + type: 'boolean', + description: + 'If the source of this file is a network connection, this field indicates if the file is\nbeing sent by the originator of the connection or the responder.\n', + }, + { + name: 'duration', + type: 'double', + description: + 'The duration the file was analyzed for. Not the duration of the session.\n', + }, + { + name: 'seen_bytes', + type: 'long', + description: 'Number of bytes provided to the file analysis engine for the file.\n', + }, + { + name: 'total_bytes', + type: 'long', + description: 'Total number of bytes that are supposed to comprise the full file.\n', + }, + { + name: 'missing_bytes', + type: 'long', + description: + 'The number of bytes in the file stream that were completely missed during the process\nof analysis.\n', + }, + { + name: 'overflow_bytes', + type: 'long', + description: + "The number of bytes in the file stream that were not delivered to stream file analyzers.\nThis could be overlapping bytes or bytes that couldn't be reassembled.\n", + }, + { + name: 'timedout', + type: 'boolean', + description: 'Whether the file analysis timed out at least once for the file.\n', + }, + { + name: 'parent_fuid', + type: 'keyword', + description: + 'Identifier associated with a container file from which this one was extracted as part of\nthe file analysis.\n', + }, + { + name: 'md5', + type: 'keyword', + description: 'An MD5 digest of the file contents.\n', + }, + { + name: 'sha1', + type: 'keyword', + description: 'A SHA1 digest of the file contents.\n', + }, + { + name: 'sha256', + type: 'keyword', + description: 'A SHA256 digest of the file contents.\n', + }, + { + name: 'extracted', + type: 'keyword', + description: 'Local filename of extracted file.\n', + }, + { + name: 'extracted_cutoff', + type: 'boolean', + description: + 'Indicate whether the file being extracted was cut off hence not extracted completely.\n', + }, + { + name: 'extracted_size', + type: 'long', + description: 'The number of bytes extracted to disk.\n', + }, + { + name: 'entropy', + type: 'double', + description: 'The information density of the contents of the file.\n', + }, + ], + }, + { + name: 'ftp', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek FTP log\n', + fields: [ + { + name: 'user', + type: 'keyword', + description: 'User name for the current FTP session.\n', + }, + { + name: 'password', + type: 'keyword', + description: 'Password for the current FTP session if captured.\n', + }, + { + name: 'command', + type: 'keyword', + description: 'Command given by the client.\n', + }, + { + name: 'arg', + type: 'keyword', + description: 'Argument for the command if one is given.\n', + }, + { + name: 'file', + type: 'group', + fields: [ + { + name: 'size', + type: 'long', + description: 'Size of the file if the command indicates a file transfer.\n', + }, { - name: 'decoder', - type: 'group', - fields: [ - { - name: 'avg_pkt_size', - type: 'long', - }, - { - name: 'bytes', - type: 'long', - }, - { - name: 'tcp', - type: 'long', - }, - { - name: 'raw', - type: 'long', - }, - { - name: 'ppp', - type: 'long', - }, - { - name: 'vlan_qinq', - type: 'long', - }, - { - name: 'null', - type: 'long', - }, - { - name: 'ltnull', - type: 'group', - fields: [ - { - name: 'unsupported_type', - type: 'long', - }, - { - name: 'pkt_too_small', - type: 'long', - }, - ], - }, - { - name: 'invalid', - type: 'long', - }, - { - name: 'gre', - type: 'long', - }, - { - name: 'ipv4', - type: 'long', - }, - { - name: 'ipv6', - type: 'long', - }, - { - name: 'pkts', - type: 'long', - }, - { - name: 'ipv6_in_ipv6', - type: 'long', - }, - { - name: 'ipraw', - type: 'group', - fields: [ - { - name: 'invalid_ip_version', - type: 'long', - }, - ], - }, - { - name: 'pppoe', - type: 'long', - }, - { - name: 'udp', - type: 'long', - }, - { - name: 'dce', - type: 'group', - fields: [ - { - name: 'pkt_too_small', - type: 'long', - }, - ], - }, - { - name: 'vlan', - type: 'long', - }, - { - name: 'sctp', - type: 'long', - }, - { - name: 'max_pkt_size', - type: 'long', - }, - { - name: 'teredo', - type: 'long', - }, - { - name: 'mpls', - type: 'long', - }, - { - name: 'sll', - type: 'long', - }, - { - name: 'icmpv6', - type: 'long', - }, - { - name: 'icmpv4', - type: 'long', - }, - { - name: 'erspan', - type: 'long', - }, - { - name: 'ethernet', - type: 'long', - }, - { - name: 'ipv4_in_ipv6', - type: 'long', - }, - { - name: 'ieee8021ah', - type: 'long', - }, - ], + name: 'mime_type', + type: 'keyword', + description: 'Sniffed mime type of file.\n', + }, + { + name: 'fuid', + type: 'keyword', + description: + '(present if base/protocols/ftp/files.bro is loaded)\nFile unique ID.\n', + }, + ], + }, + { + name: 'reply', + type: 'group', + fields: [ + { + name: 'code', + type: 'integer', + description: 'Reply code from the server in response to the command.\n', }, { - name: 'dns', - type: 'group', - fields: [ - { - name: 'memcap_global', - type: 'long', - }, - { - name: 'memcap_state', - type: 'long', - }, - { - name: 'memuse', - type: 'long', - }, - ], + name: 'msg', + type: 'keyword', + description: 'Reply message from the server in response to the command.\n', }, + ], + }, + { + name: 'data_channel', + type: 'group', + description: 'Expected FTP data channel.\n', + fields: [ { - name: 'flow_mgr', - type: 'group', - fields: [ - { - name: 'rows_busy', - type: 'long', - }, - { - name: 'flows_timeout', - type: 'long', - }, - { - name: 'flows_notimeout', - type: 'long', - }, - { - name: 'rows_skipped', - type: 'long', - }, - { - name: 'closed_pruned', - type: 'long', - }, - { - name: 'new_pruned', - type: 'long', - }, - { - name: 'flows_removed', - type: 'long', - }, - { - name: 'bypassed_pruned', - type: 'long', - }, - { - name: 'est_pruned', - type: 'long', - }, - { - name: 'flows_timeout_inuse', - type: 'long', - }, - { - name: 'flows_checked', - type: 'long', - }, - { - name: 'rows_maxlen', - type: 'long', - }, - { - name: 'rows_checked', - type: 'long', - }, - { - name: 'rows_empty', - type: 'long', - }, - ], + name: 'passive', + type: 'boolean', + description: 'Whether PASV mode is toggled for control channel.\n', }, { - name: 'app_layer', - type: 'group', - fields: [ - { - name: 'flow', - type: 'group', - fields: [ - { - name: 'tls', - type: 'long', - }, - { - name: 'ftp', - type: 'long', - }, - { - name: 'http', - type: 'long', - }, - { - name: 'failed_udp', - type: 'long', - }, - { - name: 'dns_udp', - type: 'long', - }, - { - name: 'dns_tcp', - type: 'long', - }, - { - name: 'smtp', - type: 'long', - }, - { - name: 'failed_tcp', - type: 'long', - }, - { - name: 'msn', - type: 'long', - }, - { - name: 'ssh', - type: 'long', - }, - { - name: 'imap', - type: 'long', - }, - { - name: 'dcerpc_udp', - type: 'long', - }, - { - name: 'dcerpc_tcp', - type: 'long', - }, - { - name: 'smb', - type: 'long', - }, - ], - }, - { - name: 'tx', - type: 'group', - fields: [ - { - name: 'tls', - type: 'long', - }, - { - name: 'ftp', - type: 'long', - }, - { - name: 'http', - type: 'long', - }, - { - name: 'dns_udp', - type: 'long', - }, - { - name: 'dns_tcp', - type: 'long', - }, - { - name: 'smtp', - type: 'long', - }, - { - name: 'ssh', - type: 'long', - }, - { - name: 'dcerpc_udp', - type: 'long', - }, - { - name: 'dcerpc_tcp', - type: 'long', - }, - { - name: 'smb', - type: 'long', - }, - ], - }, - ], + name: 'originating_host', + type: 'ip', + description: 'The host that will be initiating the data connection.\n', + }, + { + name: 'response_host', + type: 'ip', + description: 'The host that will be accepting the data connection.\n', + }, + { + name: 'response_port', + type: 'integer', + description: + 'The port at which the acceptor is listening for the data connection.\n', + }, + ], + }, + { + name: 'cwd', + type: 'keyword', + description: + "Current working directory that this session is in. By making the default value '.', we can indicate that unless something more concrete is discovered that the existing but unknown directory is ok to use.\n", + }, + { + name: 'cmdarg', + type: 'group', + description: 'Command that is currently waiting for a response.\n', + fields: [ + { + name: 'cmd', + type: 'keyword', + description: 'Command.\n', + }, + { + name: 'arg', + type: 'keyword', + description: 'Argument for the command if one was given.\n', + }, + { + name: 'seq', + type: 'integer', + description: 'Counter to track how many commands have been executed.\n', }, ], }, { - name: 'tls', + name: 'pending_commands', + type: 'integer', + description: + 'Queue for commands that have been sent but not yet responded to are tracked here.\n', + }, + { + name: 'passive', + type: 'boolean', + description: 'Indicates if the session is in active or passive mode.\n', + }, + { + name: 'capture_password', + type: 'boolean', + description: 'Determines if the password will be captured for this request.\n', + }, + { + name: 'last_auth_requested', + type: 'keyword', + description: + 'present if base/protocols/ftp/gridftp.bro is loaded.\nLast authentication/security mechanism that was used.\n', + }, + ], + }, + { + name: 'http', + type: 'group', + description: 'Fields exported by the Zeek HTTP log\n', + fields: [ + { + name: 'trans_depth', + type: 'integer', + description: + 'Represents the pipelined depth into the connection of this request/response transaction.\n', + }, + { + name: 'status_msg', + type: 'keyword', + description: 'Status message returned by the server.\n', + }, + { + name: 'info_code', + type: 'integer', + description: 'Last seen 1xx informational reply code returned by the server.\n', + }, + { + name: 'info_msg', + type: 'keyword', + description: 'Last seen 1xx informational reply message returned by the server.\n', + }, + { + name: 'tags', + type: 'keyword', + description: + 'A set of indicators of various attributes discovered and related to a particular\nrequest/response pair.\n', + }, + { + name: 'password', + type: 'keyword', + description: 'Password if basic-auth is performed for the request.\n', + }, + { + name: 'captured_password', + type: 'boolean', + description: 'Determines if the password will be captured for this request.\n', + }, + { + name: 'proxied', + type: 'keyword', + description: + 'All of the headers that may indicate if the HTTP request was proxied.\n', + }, + { + name: 'range_request', + type: 'boolean', + description: + 'Indicates if this request can assume 206 partial content in response.\n', + }, + { + name: 'client_header_names', + type: 'keyword', + description: + 'The vector of HTTP header names sent by the client. No header values\nare included here, just the header names.\n', + }, + { + name: 'server_header_names', + type: 'keyword', + description: + 'The vector of HTTP header names sent by the server. No header values\nare included here, just the header names.\n', + }, + { + name: 'orig_fuids', + type: 'keyword', + description: 'An ordered vector of file unique IDs from the originator.\n', + }, + { + name: 'orig_mime_types', + type: 'keyword', + description: 'An ordered vector of mime types from the originator.\n', + }, + { + name: 'orig_filenames', + type: 'keyword', + description: 'An ordered vector of filenames from the originator.\n', + }, + { + name: 'resp_fuids', + type: 'keyword', + description: 'An ordered vector of file unique IDs from the responder.\n', + }, + { + name: 'resp_mime_types', + type: 'keyword', + description: 'An ordered vector of mime types from the responder.\n', + }, + { + name: 'resp_filenames', + type: 'keyword', + description: 'An ordered vector of filenames from the responder.\n', + }, + { + name: 'orig_mime_depth', + type: 'integer', + description: 'Current number of MIME entities in the HTTP request message body.\n', + }, + { + name: 'resp_mime_depth', + type: 'integer', + description: 'Current number of MIME entities in the HTTP response message body.\n', + }, + ], + }, + { + name: 'intel', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek Intel log.\n', + fields: [ + { + name: 'seen', type: 'group', fields: [ { - name: 'notbefore', - type: 'date', + name: 'indicator', + type: 'keyword', + description: 'The intelligence indicator.\n', }, { - name: 'issuerdn', + name: 'indicator_type', type: 'keyword', + description: 'The type of data the indicator represents.\n', }, { - name: 'sni', + name: 'host', type: 'keyword', + description: + 'If the indicator type was Intel::ADDR, then this field will be present.\n', }, { - name: 'version', + name: 'conn', type: 'keyword', + description: + 'If the data was discovered within a connection, the connection record should go here to give context to the data.\n', }, { - name: 'session_resumed', - type: 'boolean', + name: 'where', + type: 'keyword', + description: 'Where the data was discovered.\n', }, { - name: 'fingerprint', + name: 'node', type: 'keyword', + description: 'The name of the node where the match was discovered.\n', }, { - name: 'serial', + name: 'uid', type: 'keyword', + description: + 'If the data was discovered within a connection, the connection uid should go here to give context to the data. If the conn field is provided, this will be automatically filled out.\n', }, { - name: 'notafter', - type: 'date', + name: 'f', + type: 'object', + description: + 'If the data was discovered within a file, the file record should go here to provide context to the data.\n', }, { - name: 'subject', + name: 'fuid', type: 'keyword', + description: + 'If the data was discovered within a file, the file uid should go here to provide context to the data. If the file record f is provided, this will be automatically filled out.\n', }, ], }, { - name: 'app_proto_ts', + name: 'matched', type: 'keyword', + description: + 'Event to represent a match in the intelligence data from data that was seen.\n', }, { - name: 'flow', + name: 'sources', + type: 'keyword', + description: 'Sources which supplied data for this match.\n', + }, + { + name: 'fuid', + type: 'keyword', + description: + 'If a file was associated with this intelligence hit, this is the uid for the file.\n', + }, + { + name: 'file_mime_type', + type: 'keyword', + description: + 'A mime type if the intelligence hit is related to a file. If the $f field is provided this will be automatically filled out.\n', + }, + { + name: 'file_desc', + type: 'keyword', + description: + 'Frequently files can be described to give a bit more context. If the $f field is provided this field will be automatically filled out.\n', + }, + ], + }, + { + name: 'irc', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek IRC log\n', + fields: [ + { + name: 'nick', + type: 'keyword', + description: 'Nickname given for the connection.\n', + }, + { + name: 'user', + type: 'keyword', + description: 'Username given for the connection.\n', + }, + { + name: 'command', + type: 'keyword', + description: 'Command given by the client.\n', + }, + { + name: 'value', + type: 'keyword', + description: 'Value for the command given by the client.\n', + }, + { + name: 'addl', + type: 'keyword', + description: 'Any additional data for the command.\n', + }, + { + name: 'dcc', type: 'group', fields: [ { - name: 'bytes_toclient', - type: 'alias', - path: 'destination.bytes', + name: 'file', + type: 'group', + fields: [ + { + name: 'name', + type: 'keyword', + description: + 'Present if base/protocols/irc/dcc-send.bro is loaded.\nDCC filename requested.\n', + }, + { + name: 'size', + type: 'long', + description: + 'Present if base/protocols/irc/dcc-send.bro is loaded.\nSize of the DCC transfer as indicated by the sender.\n', + }, + ], }, { - name: 'start', - type: 'alias', - path: 'event.start', + name: 'mime_type', + type: 'keyword', + description: + 'present if base/protocols/irc/dcc-send.bro is loaded.\nSniffed mime type of the file.\n', }, + ], + }, + { + name: 'fuid', + type: 'keyword', + description: + 'present if base/protocols/irc/files.bro is loaded.\nFile unique ID.\n', + }, + ], + }, + { + name: 'kerberos', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek Kerberos log\n', + fields: [ + { + name: 'request_type', + type: 'keyword', + description: + 'Request type - Authentication Service (AS) or Ticket Granting Service (TGS).\n', + }, + { + name: 'client', + type: 'keyword', + description: 'Client name.\n', + }, + { + name: 'service', + type: 'keyword', + description: 'Service name.\n', + }, + { + name: 'success', + type: 'boolean', + description: 'Request result.\n', + }, + { + name: 'error', + type: 'group', + fields: [ { - name: 'pkts_toclient', - type: 'alias', - path: 'destination.packets', + name: 'code', + type: 'integer', + description: 'Error code.\n', }, { - name: 'age', - type: 'long', + name: 'msg', + type: 'keyword', + description: 'Error message.\n', }, + ], + }, + { + name: 'valid', + type: 'group', + fields: [ { - name: 'state', - type: 'keyword', + name: 'from', + type: 'date', + description: 'Ticket valid from.\n', }, { - name: 'bytes_toserver', - type: 'alias', - path: 'source.bytes', + name: 'until', + type: 'date', + description: 'Ticket valid until.\n', }, { - name: 'reason', + name: 'days', + type: 'integer', + description: 'Number of days the ticket is valid for.\n', + }, + ], + }, + { + name: 'cipher', + type: 'keyword', + description: 'Ticket encryption type.\n', + }, + { + name: 'forwardable', + type: 'boolean', + description: 'Forwardable ticket requested.\n', + }, + { + name: 'renewable', + type: 'boolean', + description: 'Renewable ticket requested.\n', + }, + { + name: 'ticket', + type: 'group', + fields: [ + { + name: 'auth', type: 'keyword', + description: 'Hash of ticket used to authorize request/transaction.\n', }, { - name: 'pkts_toserver', - type: 'alias', - path: 'source.packets', + name: 'new', + type: 'keyword', + description: 'Hash of ticket returned by the KDC.\n', }, + ], + }, + { + name: 'cert', + type: 'group', + fields: [ { - name: 'end', - type: 'date', + name: 'client', + type: 'group', + fields: [ + { + name: 'value', + type: 'keyword', + description: 'Client certificate.\n', + }, + { + name: 'fuid', + type: 'keyword', + description: 'File unique ID of client cert.\n', + }, + { + name: 'subject', + type: 'keyword', + description: 'Subject of client certificate.\n', + }, + ], }, { - name: 'alerted', - type: 'boolean', + name: 'server', + type: 'group', + fields: [ + { + name: 'value', + type: 'keyword', + description: 'Server certificate.\n', + }, + { + name: 'fuid', + type: 'keyword', + description: 'File unique ID of server certificate.\n', + }, + { + name: 'subject', + type: 'keyword', + description: 'Subject of server certificate.\n', + }, + ], }, ], }, + ], + }, + { + name: 'modbus', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek modbus log.\n', + fields: [ { - name: 'app_proto', - type: 'alias', - path: 'network.protocol', + name: 'function', + type: 'keyword', + description: 'The name of the function message that was sent.\n', }, { - name: 'tx_id', - type: 'long', + name: 'exception', + type: 'keyword', + description: 'The exception if the response was a failure.\n', + }, + { + name: 'track_address', + type: 'integer', + description: + 'Present if policy/protocols/modbus/track-memmap.bro is loaded.\nModbus track address.\n', + }, + ], + }, + { + name: 'mysql', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek MySQL log.\n', + fields: [ + { + name: 'cmd', + type: 'keyword', + description: 'The command that was issued.\n', }, { - name: 'app_proto_tc', + name: 'arg', type: 'keyword', + description: 'The argument issued to the command.\n', }, { - name: 'smtp', - type: 'group', - fields: [ - { - name: 'rcpt_to', - type: 'keyword', - }, - { - name: 'mail_from', - type: 'keyword', - }, - { - name: 'helo', - type: 'keyword', - }, - ], + name: 'success', + type: 'boolean', + description: 'Whether the command succeeded.\n', }, { - name: 'app_proto_expected', - type: 'keyword', + name: 'rows', + type: 'integer', + description: 'The number of affected rows, if any.\n', }, { - name: 'flags', - type: 'group', + name: 'response', + type: 'keyword', + description: 'Server message, if any.\n', }, ], }, - ], - }, - ], - }, - { - key: 'zeek', - title: 'Zeek', - description: 'Module for handling logs produced by Zeek/Bro', - fields: [ - { - name: 'zeek', - type: 'group', - description: 'Fields from Zeek/Bro logs after normalization', - fields: [ - { - name: 'session_id', - type: 'keyword', - }, - { - name: 'connection.local_orig', - type: 'boolean', - }, - { - name: 'connection.local_resp', - type: 'boolean', - }, - { - name: 'connection.missed_bytes', - type: 'long', - }, - { - name: 'connection.state', - type: 'keyword', - }, - { - name: 'connection.history', - type: 'keyword', - }, - { - name: 'connection.orig_l2_addr', - type: 'keyword', - }, - { - name: 'resp_l2_addr', - type: 'keyword', - }, - { - name: 'vlan', - type: 'keyword', - }, - { - name: 'inner_vlan', - type: 'keyword', - }, - { - name: 'dns.trans_id', - type: 'integer', - }, - { - name: 'dns.rtt', - type: 'double', - }, - { - name: 'dns.query', - type: 'keyword', - }, - { - name: 'dns.qclass', - type: 'long', - }, - { - name: 'dns.qclass_name', - type: 'keyword', - }, - { - name: 'dns.qtype', - type: 'long', - }, - { - name: 'dns.qtype_name', - type: 'keyword', - }, - { - name: 'dns.rcode', - type: 'long', - }, - { - name: 'dns.rcode_name', - type: 'keyword', - }, - { - name: 'dns.AA', - type: 'boolean', - }, - { - name: 'dns.TC', - type: 'boolean', - }, - { - name: 'dns.RD', - type: 'boolean', - }, - { - name: 'dns.RA', - type: 'boolean', - }, - { - name: 'dns.answers', - type: 'keyword', - }, - { - name: 'dns.TTLs', - type: 'double', - }, - { - name: 'dns.rejected', - type: 'boolean', - }, - { - name: 'dns.total_answers', - type: 'integer', - }, - { - name: 'dns.total_replies', - type: 'integer', - }, - { - name: 'dns.saw_query', - type: 'boolean', - }, - { - name: 'dns.saw_reply', - type: 'boolean', - }, { - name: 'http.trans_depth', - type: 'integer', - }, - { - name: 'http.status_msg', - type: 'keyword', - }, - { - name: 'http.info_code', - type: 'integer', - }, - { - name: 'http.info_msg', - type: 'keyword', - }, - { - name: 'http.filename', - type: 'keyword', - }, - { - name: 'http.tags', - type: 'keyword', - }, - { - name: 'http.captured_password', - type: 'boolean', - }, - { - name: 'http.proxied', - type: 'keyword', - }, - { - name: 'http.range_request', - type: 'boolean', - }, - { - name: 'http.client_header_names', - type: 'keyword', - }, - { - name: 'http.server_header_names', - type: 'keyword', - }, - { - name: 'http.orig_fuids', - type: 'keyword', - }, - { - name: 'http.orig_mime_types', - type: 'keyword', - }, - { - name: 'http.orig_filenames', - type: 'keyword', - }, - { - name: 'http.resp_fuids', - type: 'keyword', - }, - { - name: 'http.resp_mime_types', - type: 'keyword', - }, - { - name: 'http.resp_filenames', - type: 'keyword', - }, - { - name: 'http.orig_mime_depth', - type: 'integer', - }, - { - name: 'http.resp_mime_depth', - type: 'integer', - }, - { - name: 'files.fuid', - type: 'keyword', - }, - { - name: 'files.tx_host', - type: 'ip', - }, - { - name: 'files.rx_host', - type: 'ip', - }, - { - name: 'files.session_ids', - type: 'keyword', - }, - { - name: 'files.source', - type: 'keyword', - }, - { - name: 'files.depth', - type: 'long', - }, - { - name: 'files.direction', - type: 'keyword', - }, - { - name: 'files.analyzers', - type: 'keyword', - }, - { - name: 'files.mime_type', - type: 'keyword', - }, - { - name: 'files.filename', - type: 'keyword', - }, - { - name: 'files.local_orig', - type: 'boolean', - }, - { - name: 'files.is_orig', - type: 'boolean', - }, - { - name: 'files.duration', - type: 'double', - }, - { - name: 'files.seen_bytes', - type: 'long', - }, - { - name: 'files.total_bytes', - type: 'long', - }, - { - name: 'files.missing_bytes', - type: 'long', - }, - { - name: 'files.overflow_bytes', - type: 'long', - }, - { - name: 'files.timedout', - type: 'boolean', - }, - { - name: 'files.parent_fuid', - type: 'keyword', - }, - { - name: 'files.md5', - type: 'keyword', - }, - { - name: 'files.sha1', - type: 'keyword', - }, - { - name: 'files.sha256', - type: 'keyword', - }, - { - name: 'files.extracted', - type: 'keyword', + name: 'notice', + type: 'group', + description: 'Fields exported by the Zeek Notice log.\n', + fields: [ + { + name: 'connection_id', + type: 'keyword', + description: 'Identifier of the related connection session.\n', + }, + { + name: 'icmp_id', + type: 'keyword', + description: 'Identifier of the related ICMP session.\n', + }, + { + name: 'file.id', + type: 'keyword', + description: + 'An identifier associated with a single file that is related to this notice.\n', + }, + { + name: 'file.parent_id', + type: 'keyword', + description: + 'Identifier associated with a container file from which this one was extracted.\n', + }, + { + name: 'file.source', + type: 'keyword', + description: + 'An identification of the source of the file data. E.g. it may be a network protocol\nover which it was transferred, or a local file path which was read, or some other\ninput source.\n', + }, + { + name: 'file.mime_type', + type: 'keyword', + description: 'A mime type if the notice is related to a file.\n', + }, + { + name: 'file.is_orig', + type: 'boolean', + description: + 'If the source of this file is a network connection, this field indicates if the file is\nbeing sent by the originator of the connection or the responder.\n', + }, + { + name: 'file.seen_bytes', + type: 'long', + description: 'Number of bytes provided to the file analysis engine for the file.\n', + }, + { + name: 'ffile.total_bytes', + type: 'long', + description: 'Total number of bytes that are supposed to comprise the full file.\n', + }, + { + name: 'file.missing_bytes', + type: 'long', + description: + 'The number of bytes in the file stream that were completely missed during the process\nof analysis.\n', + }, + { + name: 'file.overflow_bytes', + type: 'long', + description: + "The number of bytes in the file stream that were not delivered to stream file analyzers.\nThis could be overlapping bytes or bytes that couldn't be reassembled.\n", + }, + { + name: 'fuid', + type: 'keyword', + description: 'A file unique ID if this notice is related to a file.\n', + }, + { + name: 'note', + type: 'keyword', + description: 'The type of the notice.\n', + }, + { + name: 'msg', + type: 'keyword', + description: 'The human readable message for the notice.\n', + }, + { + name: 'sub', + type: 'keyword', + description: 'The human readable sub-message.\n', + }, + { + name: 'n', + type: 'long', + description: 'Associated count, or a status code.\n', + }, + { + name: 'peer_name', + type: 'keyword', + description: 'Name of remote peer that raised this notice.\n', + }, + { + name: 'peer_descr', + type: 'text', + description: 'Textual description for the peer that raised this notice.\n', + }, + { + name: 'actions', + type: 'keyword', + description: 'The actions which have been applied to this notice.\n', + }, + { + name: 'email_body_sections', + type: 'text', + description: + 'By adding chunks of text into this element, other scripts can expand on notices\nthat are being emailed.\n', + }, + { + name: 'email_delay_tokens', + type: 'keyword', + description: + 'Adding a string token to this set will cause the built-in emailing functionality\nto delay sending the email either the token has been removed or the email\nhas been delayed for the specified time duration.\n', + }, + { + name: 'identifier', + type: 'keyword', + description: + 'This field is provided when a notice is generated for the purpose of deduplicating notices.\n', + }, + { + name: 'suppress_for', + type: 'double', + description: + 'This field indicates the length of time that this unique notice should be suppressed.\n', + }, + { + name: 'dropped', + type: 'boolean', + description: + 'Indicate if the source IP address was dropped and denied network access.\n', + }, + ], }, { - name: 'files.extracted_cutoff', - type: 'boolean', + name: 'ntlm', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek NTLM log.\n', + fields: [ + { + name: 'domain', + type: 'keyword', + description: 'Domain name given by the client.\n', + }, + { + name: 'hostname', + type: 'keyword', + description: 'Hostname given by the client.\n', + }, + { + name: 'success', + type: 'boolean', + description: 'Indicate whether or not the authentication was successful.\n', + }, + { + name: 'username', + type: 'keyword', + description: 'Username given by the client.\n', + }, + { + name: 'server', + type: 'group', + fields: [ + { + name: 'name', + type: 'group', + fields: [ + { + name: 'dns', + type: 'keyword', + description: 'DNS name given by the server in a CHALLENGE.\n', + }, + { + name: 'netbios', + type: 'keyword', + description: 'NetBIOS name given by the server in a CHALLENGE.\n', + }, + { + name: 'tree', + type: 'keyword', + description: 'Tree name given by the server in a CHALLENGE.\n', + }, + ], + }, + ], + }, + ], }, { - name: 'files.extracted_size', - type: 'long', + name: 'ocsp', + type: 'group', + default_field: false, + description: + 'Fields exported by the Zeek OCSP log\nOnline Certificate Status Protocol (OCSP). Only created if policy script is loaded.\n', + fields: [ + { + name: 'file_id', + type: 'keyword', + description: 'File id of the OCSP reply.\n', + }, + { + name: 'hash', + type: 'group', + fields: [ + { + name: 'algorithm', + type: 'keyword', + description: + 'Hash algorithm used to generate issuerNameHash and issuerKeyHash.\n', + }, + { + name: 'issuer', + type: 'group', + fields: [ + { + name: 'name', + type: 'keyword', + description: "Hash of the issuer's distingueshed name.\n", + }, + { + name: 'key', + type: 'keyword', + description: "Hash of the issuer's public key.\n", + }, + ], + }, + ], + }, + { + name: 'serial_number', + type: 'keyword', + description: 'Serial number of the affected certificate.\n', + }, + { + name: 'status', + type: 'keyword', + description: 'Status of the affected certificate.\n', + }, + { + name: 'revoke', + type: 'group', + fields: [ + { + name: 'time', + type: 'date', + description: 'Time at which the certificate was revoked.\n', + }, + { + name: 'reason', + type: 'keyword', + description: 'Reason for which the certificate was revoked.\n', + }, + ], + }, + { + name: 'update', + type: 'group', + fields: [ + { + name: 'this', + type: 'date', + description: + 'The time at which the status being shows is known to have been correct.\n', + }, + { + name: 'next', + type: 'date', + description: + 'The latest time at which new information about the status of the certificate will be available.\n', + }, + ], + }, + ], }, { - name: 'files.entropy', - type: 'double', + name: 'pe', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek pe log.\n', + fields: [ + { + name: 'client', + type: 'keyword', + description: "The client's version string.\n", + }, + { + name: 'id', + type: 'keyword', + description: 'File id of this portable executable file.\n', + }, + { + name: 'machine', + type: 'keyword', + description: 'The target machine that the file was compiled for.\n', + }, + { + name: 'compile_time', + type: 'date', + description: 'The time that the file was created at.\n', + }, + { + name: 'os', + type: 'keyword', + description: 'The required operating system.\n', + }, + { + name: 'subsystem', + type: 'keyword', + description: 'The subsystem that is required to run this file.\n', + }, + { + name: 'is_exe', + type: 'boolean', + description: 'Is the file an executable, or just an object file?\n', + }, + { + name: 'is_64bit', + type: 'boolean', + description: 'Is the file a 64-bit executable?\n', + }, + { + name: 'uses_aslr', + type: 'boolean', + description: 'Does the file support Address Space Layout Randomization?\n', + }, + { + name: 'uses_dep', + type: 'boolean', + description: 'Does the file support Data Execution Prevention?\n', + }, + { + name: 'uses_code_integrity', + type: 'boolean', + description: 'Does the file enforce code integrity checks?\n', + }, + { + name: 'uses_seh', + type: 'boolean', + description: 'Does the file use structured exception handing?\n', + }, + { + name: 'has_import_table', + type: 'boolean', + description: 'Does the file have an import table?\n', + }, + { + name: 'has_export_table', + type: 'boolean', + description: 'Does the file have an export table?\n', + }, + { + name: 'has_cert_table', + type: 'boolean', + description: 'Does the file have an attribute certificate table?\n', + }, + { + name: 'has_debug_data', + type: 'boolean', + description: 'Does the file have a debug table?\n', + }, + { + name: 'section_names', + type: 'keyword', + description: 'The names of the sections, in order.\n', + }, + ], }, { - name: 'ssl.version', - type: 'keyword', + name: 'radius', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek Radius log.\n', + fields: [ + { + name: 'username', + type: 'keyword', + description: 'The username, if present.\n', + }, + { + name: 'mac', + type: 'keyword', + description: 'MAC address, if present.\n', + }, + { + name: 'framed_addr', + type: 'ip', + description: + 'The address given to the network access server, if present. This is only a hint from the RADIUS server and the network access server is not required to honor the address.\n', + }, + { + name: 'remote_ip', + type: 'ip', + description: + 'Remote IP address, if present. This is collected from the Tunnel-Client-Endpoint attribute.\n', + }, + { + name: 'connect_info', + type: 'keyword', + description: 'Connect info, if present.\n', + }, + { + name: 'reply_msg', + type: 'keyword', + description: + 'Reply message from the server challenge. This is frequently shown to the user authenticating.\n', + }, + { + name: 'result', + type: 'keyword', + description: 'Successful or failed authentication.\n', + }, + { + name: 'ttl', + type: 'integer', + description: + 'The duration between the first request and either the "Access-Accept" message or an error. If the field is empty, it means that either the request or response was not seen.\n', + }, + { + name: 'logged', + type: 'boolean', + description: 'Whether this has already been logged and can be ignored.\n', + }, + ], }, { - name: 'ssl.cipher', - type: 'keyword', + name: 'rdp', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek RDP log.\n', + fields: [ + { + name: 'cookie', + type: 'keyword', + description: + 'Cookie value used by the client machine. This is typically a username.\n', + }, + { + name: 'result', + type: 'keyword', + description: + "Status result for the connection. It's a mix between RDP negotation failure messages and GCC server create response messages.\n", + }, + { + name: 'security_protocol', + type: 'keyword', + description: 'Security protocol chosen by the server.\n', + }, + { + name: 'keyboard_layout', + type: 'keyword', + description: 'Keyboard layout (language) of the client machine.\n', + }, + { + name: 'client', + type: 'group', + fields: [ + { + name: 'build', + type: 'keyword', + description: 'RDP client version used by the client machine.\n', + }, + { + name: 'client_name', + type: 'keyword', + description: 'Name of the client machine.\n', + }, + { + name: 'product_id', + type: 'keyword', + description: 'Product ID of the client machine.\n', + }, + ], + }, + { + name: 'desktop', + type: 'group', + fields: [ + { + name: 'width', + type: 'integer', + description: 'Desktop width of the client machine.\n', + }, + { + name: 'height', + type: 'integer', + description: 'Desktop height of the client machine.\n', + }, + { + name: 'color_depth', + type: 'keyword', + description: + 'The color depth requested by the client in the high_color_depth field.\n', + }, + ], + }, + { + name: 'cert', + type: 'group', + fields: [ + { + name: 'type', + type: 'keyword', + description: + 'If the connection is being encrypted with native RDP encryption, this is the type of cert being used.\n', + }, + { + name: 'count', + type: 'integer', + description: + 'The number of certs seen. X.509 can transfer an entire certificate chain.\n', + }, + { + name: 'permanent', + type: 'boolean', + description: + 'Indicates if the provided certificate or certificate chain is permanent or temporary.\n', + }, + ], + }, + { + name: 'encryption', + type: 'group', + fields: [ + { + name: 'level', + type: 'keyword', + description: 'Encryption level of the connection.\n', + }, + { + name: 'method', + type: 'keyword', + description: 'Encryption method of the connection.\n', + }, + ], + }, + { + name: 'done', + type: 'boolean', + description: 'Track status of logging RDP connections.\n', + }, + { + name: 'ssl', + type: 'boolean', + description: + '(present if policy/protocols/rdp/indicate_ssl.bro is loaded)\nFlag the connection if it was seen over SSL.\n', + }, + ], }, { - name: 'ssl.curve', - type: 'keyword', + name: 'rfb', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek RFB log.\n', + fields: [ + { + name: 'version', + type: 'group', + fields: [ + { + name: 'client', + type: 'group', + fields: [ + { + name: 'major', + type: 'keyword', + description: 'Major version of the client.\n', + }, + { + name: 'minor', + type: 'keyword', + description: 'Minor version of the client.\n', + }, + ], + }, + { + name: 'server', + type: 'group', + fields: [ + { + name: 'major', + type: 'keyword', + description: 'Major version of the server.\n', + }, + { + name: 'minor', + type: 'keyword', + description: 'Minor version of the server.\n', + }, + ], + }, + ], + }, + { + name: 'auth', + type: 'group', + fields: [ + { + name: 'success', + type: 'boolean', + description: 'Whether or not authentication was successful.\n', + }, + { + name: 'method', + type: 'keyword', + description: 'Identifier of authentication method used.\n', + }, + ], + }, + { + name: 'share_flag', + type: 'boolean', + description: 'Whether the client has an exclusive or a shared session.\n', + }, + { + name: 'desktop_name', + type: 'keyword', + description: 'Name of the screen that is being shared.\n', + }, + { + name: 'width', + type: 'integer', + description: 'Width of the screen that is being shared.\n', + }, + { + name: 'height', + type: 'integer', + description: 'Height of the screen that is being shared.\n', + }, + ], }, { - name: 'ssl.server_name', - type: 'keyword', + name: 'sip', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SIP log.\n', + fields: [ + { + name: 'transaction_depth', + type: 'integer', + description: + 'Represents the pipelined depth into the connection of this request/response transaction.\n', + }, + { + name: 'sequence', + type: 'group', + fields: [ + { + name: 'method', + type: 'keyword', + description: 'Verb used in the SIP request (INVITE, REGISTER etc.).\n', + }, + { + name: 'number', + type: 'keyword', + description: 'Contents of the CSeq: header from the client.\n', + }, + ], + }, + { + name: 'uri', + type: 'keyword', + description: 'URI used in the request.\n', + }, + { + name: 'date', + type: 'keyword', + description: 'Contents of the Date: header from the client.\n', + }, + { + name: 'request', + type: 'group', + fields: [ + { + name: 'from', + type: 'keyword', + description: + "Contents of the request From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged.\n", + }, + { + name: 'to', + type: 'keyword', + description: 'Contents of the To: header.\n', + }, + { + name: 'path', + type: 'keyword', + description: + 'The client message transmission path, as extracted from the headers.\n', + }, + { + name: 'body_length', + type: 'long', + description: 'Contents of the Content-Length: header from the client.\n', + }, + ], + }, + { + name: 'response', + type: 'group', + fields: [ + { + name: 'from', + type: 'keyword', + description: + "Contents of the response From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged.\n", + }, + { + name: 'to', + type: 'keyword', + description: 'Contents of the response To: header.\n', + }, + { + name: 'path', + type: 'keyword', + description: + 'The server message transmission path, as extracted from the headers.\n', + }, + { + name: 'body_length', + type: 'long', + description: 'Contents of the Content-Length: header from the server.\n', + }, + ], + }, + { + name: 'reply_to', + type: 'keyword', + description: 'Contents of the Reply-To: header.\n', + }, + { + name: 'call_id', + type: 'keyword', + description: 'Contents of the Call-ID: header from the client.\n', + }, + { + name: 'subject', + type: 'keyword', + description: 'Contents of the Subject: header from the client.\n', + }, + { + name: 'user_agent', + type: 'keyword', + description: 'Contents of the User-Agent: header from the client.\n', + }, + { + name: 'status', + type: 'group', + fields: [ + { + name: 'code', + type: 'integer', + description: 'Status code returned by the server.\n', + }, + { + name: 'msg', + type: 'keyword', + description: 'Status message returned by the server.\n', + }, + ], + }, + { + name: 'warning', + type: 'keyword', + description: 'Contents of the Warning: header.\n', + }, + { + name: 'content_type', + type: 'keyword', + description: 'Contents of the Content-Type: header from the server.\n', + }, + ], }, { - name: 'ssl.resumed', - type: 'boolean', + name: 'smb_cmd', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek smb_cmd log.\n', + fields: [ + { + name: 'command', + type: 'keyword', + description: 'The command sent by the client.\n', + }, + { + name: 'sub_command', + type: 'keyword', + description: 'The subcommand sent by the client, if present.\n', + }, + { + name: 'argument', + type: 'keyword', + description: 'Command argument sent by the client, if any.\n', + }, + { + name: 'status', + type: 'keyword', + description: "Server reply to the client's command.\n", + }, + { + name: 'rtt', + type: 'double', + description: 'Round trip time from the request to the response.\n', + }, + { + name: 'version', + type: 'keyword', + description: 'Version of SMB for the command.\n', + }, + { + name: 'username', + type: 'keyword', + description: 'Authenticated username, if available.\n', + }, + { + name: 'tree', + type: 'keyword', + description: + 'If this is related to a tree, this is the tree that was used for the current command.\n', + }, + { + name: 'tree_service', + type: 'keyword', + description: 'The type of tree (disk share, printer share, named pipe, etc.).\n', + }, + { + name: 'file', + type: 'group', + description: 'If the command referenced a file, store it here.\n', + fields: [ + { + name: 'name', + type: 'keyword', + description: 'Filename if one was seen.\n', + }, + { + name: 'action', + type: 'keyword', + description: 'Action this log record represents.\n', + }, + { + name: 'uid', + type: 'keyword', + description: 'UID of the referenced file.\n', + }, + { + name: 'host', + type: 'group', + fields: [ + { + name: 'tx', + type: 'ip', + description: 'Address of the transmitting host.\n', + }, + { + name: 'rx', + type: 'ip', + description: 'Address of the receiving host.\n', + }, + ], + }, + ], + }, + { + name: 'smb1_offered_dialects', + type: 'keyword', + description: + 'Present if base/protocols/smb/smb1-main.bro is loaded.\nDialects offered by the client.\n', + }, + { + name: 'smb2_offered_dialects', + type: 'integer', + description: + 'Present if base/protocols/smb/smb2-main.bro is loaded.\nDialects offered by the client.\n', + }, + ], }, { - name: 'ssl.next_protocol', - type: 'keyword', + name: 'smb_files', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SMB Files log.\n', + fields: [ + { + name: 'action', + type: 'keyword', + description: 'Action this log record represents.\n', + }, + { + name: 'fid', + type: 'integer', + description: 'ID referencing this file.\n', + }, + { + name: 'name', + type: 'keyword', + description: 'Filename if one was seen.\n', + }, + { + name: 'path', + type: 'keyword', + description: 'Path pulled from the tree this file was transferred to or from.\n', + }, + { + name: 'previous_name', + type: 'keyword', + description: + "If the rename action was seen, this will be the file's previous name.\n", + }, + { + name: 'size', + type: 'long', + description: 'Byte size of the file.\n', + }, + { + name: 'times', + type: 'group', + description: 'Timestamps of the file.\n', + fields: [ + { + name: 'accessed', + type: 'date', + description: "The file's access time.\n", + }, + { + name: 'changed', + type: 'date', + description: "The file's change time.\n", + }, + { + name: 'created', + type: 'date', + description: "The file's create time.\n", + }, + { + name: 'modified', + type: 'date', + description: "The file's modify time.\n", + }, + ], + }, + { + name: 'uuid', + type: 'keyword', + description: 'UUID referencing this file if DCE/RPC.\n', + }, + ], }, { - name: 'ssl.established', - type: 'boolean', + name: 'smb_mapping', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SMB_Mapping log.\n', + fields: [ + { + name: 'path', + type: 'keyword', + description: 'Name of the tree path.\n', + }, + { + name: 'service', + type: 'keyword', + description: + 'The type of resource of the tree (disk share, printer share, named pipe, etc.).\n', + }, + { + name: 'native_file_system', + type: 'keyword', + description: 'File system of the tree.\n', + }, + { + name: 'share_type', + type: 'keyword', + description: + 'If this is SMB2, a share type will be included. For SMB1, the type of share\nwill be deduced and included as well.\n', + }, + ], }, { - name: 'ssl.cert_chain', - type: 'keyword', + name: 'smtp', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SMTP log.\n', + fields: [ + { + name: 'transaction_depth', + type: 'integer', + description: + 'A count to represent the depth of this message transaction in a single connection where multiple messages were transferred.\n', + }, + { + name: 'helo', + type: 'keyword', + description: 'Contents of the Helo header.\n', + }, + { + name: 'mail_from', + type: 'keyword', + description: 'Email addresses found in the MAIL FROM header.\n', + }, + { + name: 'rcpt_to', + type: 'keyword', + description: 'Email addresses found in the RCPT TO header.\n', + }, + { + name: 'date', + type: 'date', + description: 'Contents of the Date header.\n', + }, + { + name: 'from', + type: 'keyword', + description: 'Contents of the From header.\n', + }, + { + name: 'to', + type: 'keyword', + description: 'Contents of the To header.\n', + }, + { + name: 'cc', + type: 'keyword', + description: 'Contents of the CC header.\n', + }, + { + name: 'reply_to', + type: 'keyword', + description: 'Contents of the ReplyTo header.\n', + }, + { + name: 'msg_id', + type: 'keyword', + description: 'Contents of the MsgID header.\n', + }, + { + name: 'in_reply_to', + type: 'keyword', + description: 'Contents of the In-Reply-To header.\n', + }, + { + name: 'subject', + type: 'keyword', + description: 'Contents of the Subject header.\n', + }, + { + name: 'x_originating_ip', + type: 'keyword', + description: 'Contents of the X-Originating-IP header.\n', + }, + { + name: 'first_received', + type: 'keyword', + description: 'Contents of the first Received header.\n', + }, + { + name: 'second_received', + type: 'keyword', + description: 'Contents of the second Received header.\n', + }, + { + name: 'last_reply', + type: 'keyword', + description: 'The last message that the server sent to the client.\n', + }, + { + name: 'path', + type: 'ip', + description: 'The message transmission path, as extracted from the headers.\n', + }, + { + name: 'user_agent', + type: 'keyword', + description: 'Value of the User-Agent header from the client.\n', + }, + { + name: 'tls', + type: 'boolean', + description: 'Indicates that the connection has switched to using TLS.\n', + }, + { + name: 'process_received_from', + type: 'boolean', + description: + 'Indicates if the "Received: from" headers should still be processed.\n', + }, + { + name: 'has_client_activity', + type: 'boolean', + description: 'Indicates if client activity has been seen, but not yet logged.\n', + }, + { + name: 'fuids', + type: 'keyword', + description: + '(present if base/protocols/smtp/files.bro is loaded)\nAn ordered vector of file unique IDs seen attached to the message.\n', + }, + { + name: 'is_webmail', + type: 'boolean', + description: 'Indicates if the message was sent through a webmail interface.\n', + }, + ], }, { - name: 'ssl.cert_chain_fuids', - type: 'keyword', + name: 'snmp', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SNMP log.\n', + fields: [ + { + name: 'duration', + type: 'double', + description: + 'The amount of time between the first packet beloning to the SNMP session and the latest one seen.\n', + }, + { + name: 'version', + type: 'keyword', + description: 'The version of SNMP being used.\n', + }, + { + name: 'community', + type: 'keyword', + description: + "The community string of the first SNMP packet associated with the session. This is used as part of SNMP's (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901.\n", + }, + { + name: 'get', + type: 'group', + fields: [ + { + name: 'requests', + type: 'integer', + description: + 'The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session.\n', + }, + { + name: 'bulk_requests', + type: 'integer', + description: + 'The number of variable bindings in GetBulkRequest PDUs seen for the session.\n', + }, + { + name: 'responses', + type: 'integer', + description: + 'The number of variable bindings in GetResponse/Response PDUs seen for the session.\n', + }, + ], + }, + { + name: 'set', + type: 'group', + fields: [ + { + name: 'requests', + type: 'integer', + description: + 'The number of variable bindings in SetRequest PDUs seen for the session.\n', + }, + ], + }, + { + name: 'display_string', + type: 'keyword', + description: 'A system description of the SNMP responder endpoint.\n', + }, + { + name: 'up_since', + type: 'date', + description: + "The time at which the SNMP responder endpoint claims it's been up since.\n", + }, + ], }, { - name: 'ssl.client_cert_chain', - type: 'keyword', + name: 'socks', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SOCKS log.\n', + fields: [ + { + name: 'version', + type: 'integer', + description: 'Protocol version of SOCKS.\n', + }, + { + name: 'user', + type: 'keyword', + description: 'Username used to request a login to the proxy.\n', + }, + { + name: 'password', + type: 'keyword', + description: 'Password used to request a login to the proxy.\n', + }, + { + name: 'status', + type: 'keyword', + description: 'Server status for the attempt at using the proxy.\n', + }, + { + name: 'request', + type: 'group', + fields: [ + { + name: 'host', + type: 'keyword', + description: + 'Client requested SOCKS address. Could be an address, a name or both.\n', + }, + { + name: 'port', + type: 'integer', + description: 'Client requested port.\n', + }, + ], + }, + { + name: 'bound', + type: 'group', + fields: [ + { + name: 'host', + type: 'keyword', + description: 'Server bound address. Could be an address, a name or both.\n', + }, + { + name: 'port', + type: 'integer', + description: 'Server bound port.\n', + }, + ], + }, + { + name: 'capture_password', + type: 'boolean', + description: 'Determines if the password will be captured for this request.\n', + }, + ], }, { - name: 'ssl.client_cert_chain_fuids', - type: 'keyword', + name: 'ssh', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SSH log.\n', + fields: [ + { + name: 'client', + type: 'keyword', + description: "The client's version string.\n", + }, + { + name: 'direction', + type: 'keyword', + description: + 'Direction of the connection. If the client was a local host logging into\nan external host, this would be OUTBOUND. INBOUND would be set for the\nopposite situation.\n', + }, + { + name: 'host_key', + type: 'keyword', + description: "The server's key thumbprint.\n", + }, + { + name: 'server', + type: 'keyword', + description: "The server's version string.\n", + }, + { + name: 'version', + type: 'integer', + description: 'SSH major version (1 or 2).\n', + }, + { + name: 'algorithm', + type: 'group', + description: 'Cipher algorithms used in this session.\n', + fields: [ + { + name: 'cipher', + type: 'keyword', + description: 'The encryption algorithm in use.\n', + }, + { + name: 'compression', + type: 'keyword', + description: 'The compression algorithm in use.\n', + }, + { + name: 'host_key', + type: 'keyword', + description: "The server host key's algorithm.\n", + }, + { + name: 'key_exchange', + type: 'keyword', + description: 'The key exchange algorithm in use.\n', + }, + { + name: 'mac', + type: 'keyword', + description: 'The signing (MAC) algorithm in use.\n', + }, + ], + }, + { + name: 'auth', + type: 'group', + fields: [ + { + name: 'attempts', + type: 'integer', + description: + "The number of authentication attemps we observed. There's always at\nleast one, since some servers might support no authentication at all.\nIt's important to note that not all of these are failures, since some\nservers require two-factor auth (e.g. password AND pubkey).\n", + }, + { + name: 'success', + type: 'boolean', + description: 'Authentication result.\n', + }, + ], + }, + ], }, { - name: 'ssl.issuer', - type: 'keyword', + name: 'ssl', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SSL log.\n', + fields: [ + { + name: 'version', + type: 'keyword', + description: 'SSL/TLS version that was logged.\n', + }, + { + name: 'cipher', + type: 'keyword', + description: 'SSL/TLS cipher suite that was logged.\n', + }, + { + name: 'curve', + type: 'keyword', + description: 'Elliptic curve that was logged when using ECDH/ECDHE.\n', + }, + { + name: 'resumed', + type: 'boolean', + description: + 'Flag to indicate if the session was resumed reusing the key material exchanged in an\nearlier connection.\n', + }, + { + name: 'next_protocol', + type: 'keyword', + description: + 'Next protocol the server chose using the application layer next protocol extension.\n', + }, + { + name: 'established', + type: 'boolean', + description: + 'Flag to indicate if this ssl session has been established successfully.\n', + }, + { + name: 'validation', + type: 'group', + fields: [ + { + name: 'status', + type: 'keyword', + description: 'Result of certificate validation for this connection.\n', + }, + { + name: 'code', + type: 'keyword', + description: + 'Result of certificate validation for this connection, given as OpenSSL validation code.\n', + }, + ], + }, + { + name: 'last_alert', + type: 'keyword', + description: 'Last alert that was seen during the connection.\n', + }, + { + name: 'server', + type: 'group', + fields: [ + { + name: 'name', + type: 'keyword', + description: + 'Value of the Server Name Indicator SSL/TLS extension. It indicates the server name\nthat the client was requesting.\n', + }, + { + name: 'cert_chain', + type: 'keyword', + description: + 'Chain of certificates offered by the server to validate its complete signing chain.\n', + }, + { + name: 'cert_chain_fuids', + type: 'keyword', + description: + 'An ordered vector of certificate file identifiers for the certificates offered by the server.\n', + }, + { + name: 'issuer', + type: 'group', + description: + 'Subject of the signer of the X.509 certificate offered by the server.\n', + fields: [ + { + name: 'common_name', + type: 'keyword', + description: + 'Common name of the signer of the X.509 certificate offered by the server.\n', + }, + { + name: 'country', + type: 'keyword', + description: + 'Country code of the signer of the X.509 certificate offered by the server.\n', + }, + { + name: 'locality', + type: 'keyword', + description: + 'Locality of the signer of the X.509 certificate offered by the server.\n', + }, + { + name: 'organization', + type: 'keyword', + description: + 'Organization of the signer of the X.509 certificate offered by the server.\n', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: + 'Organizational unit of the signer of the X.509 certificate offered by the server.\n', + }, + { + name: 'state', + type: 'keyword', + description: + 'State or province name of the signer of the X.509 certificate offered by the server.\n', + }, + ], + }, + { + name: 'subject', + type: 'group', + description: 'Subject of the X.509 certificate offered by the server.\n', + fields: [ + { + name: 'common_name', + type: 'keyword', + description: + 'Common name of the X.509 certificate offered by the server.\n', + }, + { + name: 'country', + type: 'keyword', + description: + 'Country code of the X.509 certificate offered by the server.\n', + }, + { + name: 'locality', + type: 'keyword', + description: 'Locality of the X.509 certificate offered by the server.\n', + }, + { + name: 'organization', + type: 'keyword', + description: + 'Organization of the X.509 certificate offered by the server.\n', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: + 'Organizational unit of the X.509 certificate offered by the server.\n', + }, + { + name: 'state', + type: 'keyword', + description: + 'State or province name of the X.509 certificate offered by the server.\n', + }, + ], + }, + ], + }, + { + name: 'client', + type: 'group', + fields: [ + { + name: 'cert_chain', + type: 'keyword', + description: + 'Chain of certificates offered by the client to validate its complete signing chain.\n', + }, + { + name: 'cert_chain_fuids', + type: 'keyword', + description: + 'An ordered vector of certificate file identifiers for the certificates offered by the client.\n', + }, + { + name: 'issuer', + type: 'group', + description: + 'Subject of the signer of the X.509 certificate offered by the client.\n', + fields: [ + { + name: 'common_name', + type: 'keyword', + description: + 'Common name of the signer of the X.509 certificate offered by the client.\n', + }, + { + name: 'country', + type: 'keyword', + description: + 'Country code of the signer of the X.509 certificate offered by the client.\n', + }, + { + name: 'locality', + type: 'keyword', + description: + 'Locality of the signer of the X.509 certificate offered by the client.\n', + }, + { + name: 'organization', + type: 'keyword', + description: + 'Organization of the signer of the X.509 certificate offered by the client.\n', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: + 'Organizational unit of the signer of the X.509 certificate offered by the client.\n', + }, + { + name: 'state', + type: 'keyword', + description: + 'State or province name of the signer of the X.509 certificate offered by the client.\n', + }, + ], + }, + { + name: 'subject', + type: 'group', + description: 'Subject of the X.509 certificate offered by the client.\n', + fields: [ + { + name: 'common_name', + type: 'keyword', + description: + 'Common name of the X.509 certificate offered by the client.\n', + }, + { + name: 'country', + type: 'keyword', + description: + 'Country code of the X.509 certificate offered by the client.\n', + }, + { + name: 'locality', + type: 'keyword', + description: 'Locality of the X.509 certificate offered by the client.\n', + }, + { + name: 'organization', + type: 'keyword', + description: + 'Organization of the X.509 certificate offered by the client.\n', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: + 'Organizational unit of the X.509 certificate offered by the client.\n', + }, + { + name: 'state', + type: 'keyword', + description: + 'State or province name of the X.509 certificate offered by the client.\n', + }, + ], + }, + ], + }, + ], }, { - name: 'ssl.client_issuer', - type: 'keyword', + name: 'stats', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek stats log.\n', + fields: [ + { + name: 'peer', + type: 'keyword', + description: 'Peer that generated this log. Mostly for clusters.\n', + }, + { + name: 'memory', + type: 'integer', + description: 'Amount of memory currently in use in MB.\n', + }, + { + name: 'packets', + type: 'group', + fields: [ + { + name: 'processed', + type: 'long', + description: 'Number of packets processed since the last stats interval.\n', + }, + { + name: 'dropped', + type: 'long', + description: + 'Number of packets dropped since the last stats interval if reading live traffic.\n', + }, + { + name: 'received', + type: 'long', + description: + 'Number of packets seen on the link since the last stats interval if reading live traffic.\n', + }, + ], + }, + { + name: 'bytes', + type: 'group', + fields: [ + { + name: 'received', + type: 'long', + description: + 'Number of bytes received since the last stats interval if reading live traffic.\n', + }, + ], + }, + { + name: 'connections', + type: 'group', + fields: [ + { + name: 'tcp', + type: 'group', + fields: [ + { + name: 'active', + type: 'integer', + description: 'TCP connections currently in memory.\n', + }, + { + name: 'count', + type: 'integer', + description: 'TCP connections seen since last stats interval.\n', + }, + ], + }, + { + name: 'udp', + type: 'group', + fields: [ + { + name: 'active', + type: 'integer', + description: 'UDP connections currently in memory.\n', + }, + { + name: 'count', + type: 'integer', + description: 'UDP connections seen since last stats interval.\n', + }, + ], + }, + { + name: 'icmp', + type: 'group', + fields: [ + { + name: 'active', + type: 'integer', + description: 'ICMP connections currently in memory.\n', + }, + { + name: 'count', + type: 'integer', + description: 'ICMP connections seen since last stats interval.\n', + }, + ], + }, + ], + }, + { + name: 'events', + type: 'group', + fields: [ + { + name: 'processed', + type: 'integer', + description: 'Number of events processed since the last stats interval.\n', + }, + { + name: 'queued', + type: 'integer', + description: + 'Number of events that have been queued since the last stats interval.\n', + }, + ], + }, + { + name: 'timers', + type: 'group', + fields: [ + { + name: 'count', + type: 'integer', + description: 'Number of timers scheduled since last stats interval.\n', + }, + { + name: 'active', + type: 'integer', + description: 'Current number of scheduled timers.\n', + }, + ], + }, + { + name: 'files', + type: 'group', + fields: [ + { + name: 'count', + type: 'integer', + description: 'Number of files seen since last stats interval.\n', + }, + { + name: 'active', + type: 'integer', + description: 'Current number of files actively being seen.\n', + }, + ], + }, + { + name: 'dns_requests', + type: 'group', + fields: [ + { + name: 'count', + type: 'integer', + description: 'Number of DNS requests seen since last stats interval.\n', + }, + { + name: 'active', + type: 'integer', + description: 'Current number of DNS requests awaiting a reply.\n', + }, + ], + }, + { + name: 'reassembly_size', + type: 'group', + fields: [ + { + name: 'tcp', + type: 'integer', + description: 'Current size of TCP data in reassembly.\n', + }, + { + name: 'file', + type: 'integer', + description: 'Current size of File data in reassembly.\n', + }, + { + name: 'frag', + type: 'integer', + description: 'Current size of packet fragment data in reassembly.\n', + }, + { + name: 'unknown', + type: 'integer', + description: + 'Current size of unknown data in reassembly (this is only PIA buffer right now).\n', + }, + ], + }, + { + name: 'timestamp_lag', + type: 'integer', + description: + 'Lag between the wall clock and packet timestamps if reading live traffic.\n', + }, + ], }, { - name: 'ssl.validation_status', - type: 'keyword', + name: 'syslog', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek syslog log.\n', + fields: [ + { + name: 'facility', + type: 'keyword', + description: 'Syslog facility for the message.\n', + }, + { + name: 'severity', + type: 'keyword', + description: 'Syslog severity for the message.\n', + }, + { + name: 'message', + type: 'keyword', + description: 'The plain text message.\n', + }, + ], }, { - name: 'ssl.subject', - type: 'keyword', + name: 'tunnel', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek SSH log.\n', + fields: [ + { + name: 'type', + type: 'keyword', + description: 'The type of tunnel.\n', + }, + { + name: 'action', + type: 'keyword', + description: 'The type of activity that occurred.\n', + }, + ], }, { - name: 'ssl.client_subject', - type: 'keyword', + name: 'weird', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek Weird log.\n', + fields: [ + { + name: 'name', + type: 'keyword', + description: 'The name of the weird that occurred.\n', + }, + { + name: 'additional_info', + type: 'keyword', + description: 'Additional information accompanying the weird if any.\n', + }, + { + name: 'notice', + type: 'boolean', + description: 'Indicate if this weird was also turned into a notice.\n', + }, + { + name: 'peer', + type: 'keyword', + description: + 'The peer that originated this weird. This is helpful in cluster deployments if a particular cluster node is having trouble to help identify which node is having trouble.\n', + }, + { + name: 'identifier', + type: 'keyword', + description: + 'This field is to be provided when a weird is generated for the purpose of deduplicating weirds. The identifier string should be unique for a single instance of the weird. This field is used to define when a weird is conceptually a duplicate of a previous weird.\n', + }, + ], }, { - name: 'ssl.last_alert', - type: 'keyword', + name: 'x509', + type: 'group', + default_field: false, + description: 'Fields exported by the Zeek x509 log.\n', + fields: [ + { + name: 'id', + type: 'keyword', + description: 'File id of this certificate.\n', + }, + { + name: 'certificate', + type: 'group', + description: 'Basic information about the certificate.\n', + fields: [ + { + name: 'version', + type: 'integer', + description: 'Version number.\n', + }, + { + name: 'serial', + type: 'keyword', + description: 'Serial number.\n', + }, + { + name: 'subject', + type: 'group', + description: 'Subject.\n', + fields: [ + { + name: 'country', + type: 'keyword', + description: 'Country provided in the certificate subject.\n', + }, + { + name: 'common_name', + type: 'keyword', + description: 'Common name provided in the certificate subject.\n', + }, + { + name: 'locality', + type: 'keyword', + description: 'Locality provided in the certificate subject.\n', + }, + { + name: 'organization', + type: 'keyword', + description: 'Organization provided in the certificate subject.\n', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: 'Organizational unit provided in the certificate subject.\n', + }, + { + name: 'state', + type: 'keyword', + description: 'State or province provided in the certificate subject.\n', + }, + ], + }, + { + name: 'issuer', + type: 'group', + description: 'Issuer.\n', + fields: [ + { + name: 'country', + type: 'keyword', + description: 'Country provided in the certificate issuer field.\n', + }, + { + name: 'common_name', + type: 'keyword', + description: 'Common name provided in the certificate issuer field.\n', + }, + { + name: 'locality', + type: 'keyword', + description: 'Locality provided in the certificate issuer field.\n', + }, + { + name: 'organization', + type: 'keyword', + description: 'Organization provided in the certificate issuer field.\n', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: + 'Organizational unit provided in the certificate issuer field.\n', + }, + { + name: 'state', + type: 'keyword', + description: + 'State or province provided in the certificate issuer field.\n', + }, + ], + }, + { + name: 'common_name', + type: 'keyword', + description: 'Last (most specific) common name.\n', + }, + { + name: 'valid', + type: 'group', + description: 'Certificate validity timestamps\n', + fields: [ + { + name: 'from', + type: 'date', + description: 'Timestamp before when certificate is not valid.\n', + }, + { + name: 'until', + type: 'date', + description: 'Timestamp after when certificate is not valid.\n', + }, + ], + }, + { + name: 'key', + type: 'group', + fields: [ + { + name: 'algorithm', + type: 'keyword', + description: 'Name of the key algorithm.\n', + }, + { + name: 'type', + type: 'keyword', + description: + 'Key type, if key parseable by openssl (either rsa, dsa or ec).\n', + }, + { + name: 'length', + type: 'integer', + description: 'Key length in bits.\n', + }, + ], + }, + { + name: 'signature_algorithm', + type: 'keyword', + description: 'Name of the signature algorithm.\n', + }, + { + name: 'exponent', + type: 'keyword', + description: 'Exponent, if RSA-certificate.\n', + }, + { + name: 'curve', + type: 'keyword', + description: 'Curve, if EC-certificate.\n', + }, + ], + }, + { + name: 'san', + type: 'group', + description: 'Subject alternative name extension of the certificate.\n', + fields: [ + { + name: 'dns', + type: 'keyword', + description: 'List of DNS entries in SAN.\n', + }, + { + name: 'uri', + type: 'keyword', + description: 'List of URI entries in SAN.\n', + }, + { + name: 'email', + type: 'keyword', + description: 'List of email entries in SAN.\n', + }, + { + name: 'ip', + type: 'ip', + description: 'List of IP entries in SAN.\n', + }, + { + name: 'other_fields', + type: 'boolean', + description: + 'True if the certificate contained other, not recognized or parsed name fields.\n', + }, + ], + }, + { + name: 'basic_constraints', + type: 'group', + description: 'Basic constraints extension of the certificate.\n', + fields: [ + { + name: 'certificate_authority', + type: 'boolean', + description: 'CA flag set or not.\n', + }, + { + name: 'path_length', + type: 'integer', + description: 'Maximum path length.\n', + }, + ], + }, + { + name: 'log_cert', + type: 'boolean', + description: + 'Present if policy/protocols/ssl/log-hostcerts-only.bro is loaded\nLogging of certificate is suppressed if set to F.\n', + }, + ], }, ], }, @@ -7293,47 +18360,47 @@ export const filebeatSchema: Schema = [ { key: 'netflow', title: 'NetFlow', - description: 'Fields from NetFlow and IPFIX flows.', + description: 'Fields from NetFlow and IPFIX flows.\n', fields: [ { name: 'netflow', type: 'group', - description: 'Fields from NetFlow and IPFIX.', + description: 'Fields from NetFlow and IPFIX.\n', fields: [ { name: 'type', type: 'keyword', - description: 'The type of NetFlow record described by this event.', + description: 'The type of NetFlow record described by this event.\n', }, { name: 'exporter', type: 'group', - description: 'Metadata related to the exporter device that generated this record.', + description: 'Metadata related to the exporter device that generated this record.\n', fields: [ { name: 'address', type: 'keyword', - description: "Exporter's network address in IP:port format. ", + description: "Exporter's network address in IP:port format.\n", }, { name: 'source_id', type: 'long', - description: 'Observation domain ID to which this record belongs.', + description: 'Observation domain ID to which this record belongs.\n', }, { name: 'timestamp', type: 'date', - description: 'Time and date of export.', + description: 'Time and date of export.\n', }, { name: 'uptime_millis', type: 'long', - description: 'How long the exporter process has been running, in milliseconds.', + description: 'How long the exporter process has been running, in milliseconds.\n', }, { name: 'version', - type: 'long', - description: 'NetFlow version used.', + type: 'integer', + description: 'NetFlow version used.\n', }, ], }, @@ -7539,7 +18606,7 @@ export const filebeatSchema: Schema = [ }, { name: 'class_id', - type: 'short', + type: 'long', }, { name: 'minimum_ttl', @@ -8118,19 +19185,19 @@ export const filebeatSchema: Schema = [ type: 'long', }, { - name: 'post_nast_ource_ipv4_address', + name: 'post_nat_source_ipv4_address', type: 'ip', }, { - name: 'post_nadt_estination_ipv4_address', + name: 'post_nat_destination_ipv4_address', type: 'ip', }, { - name: 'post_napst_ource_transport_port', + name: 'post_napt_source_transport_port', type: 'integer', }, { - name: 'post_napdt_estination_transport_port', + name: 'post_napt_destination_transport_port', type: 'integer', }, { @@ -8342,11 +19409,11 @@ export const filebeatSchema: Schema = [ type: 'long', }, { - name: 'post_nast_ource_ipv6_address', + name: 'post_nat_source_ipv6_address', type: 'ip', }, { - name: 'post_nadt_estination_ipv6_address', + name: 'post_nat_destination_ipv6_address', type: 'ip', }, { @@ -8514,11 +19581,11 @@ export const filebeatSchema: Schema = [ type: 'long', }, { - name: 'hash_ipp_ayload_offset', + name: 'hash_ip_payload_offset', type: 'long', }, { - name: 'hash_ipp_ayload_size', + name: 'hash_ip_payload_size', type: 'long', }, { @@ -8550,11 +19617,11 @@ export const filebeatSchema: Schema = [ type: 'keyword', }, { - name: 'upper_cli_imit', + name: 'upper_ci_limit', type: 'double', }, { - name: 'lower_cli_imit', + name: 'lower_ci_limit', type: 'double', }, { @@ -8718,11 +19785,11 @@ export const filebeatSchema: Schema = [ type: 'long', }, { - name: 'distinct_count_of_sourc_eipa_ddress', + name: 'distinct_count_of_source_ip_address', type: 'long', }, { - name: 'distinct_count_of_destinatio_nipa_ddress', + name: 'distinct_count_of_destination_ip_address', type: 'long', }, { @@ -8782,11 +19849,11 @@ export const filebeatSchema: Schema = [ type: 'long', }, { - name: 'selector_itd_otal_flows_observed', + name: 'selector_id_total_flows_observed', type: 'long', }, { - name: 'selector_itd_otal_flows_selected', + name: 'selector_id_total_flows_selected', type: 'long', }, { @@ -8950,7 +20017,7 @@ export const filebeatSchema: Schema = [ type: 'short', }, { - name: 'mib_object_valuei_pa_ddress', + name: 'mib_object_value_ip_address', type: 'ip', }, { @@ -9078,7 +20145,7 @@ export const filebeatSchema: Schema = [ type: 'long', }, { - name: 'max_bieb_ntries', + name: 'max_bib_entries', type: 'long', }, { @@ -9125,4 +20192,1052 @@ export const filebeatSchema: Schema = [ }, ], }, + { + key: 's3', + title: 's3', + description: 'S3 fields from s3 input.\n', + release: 'beta', + fields: [ + { + name: 'bucket_name', + type: 'keyword', + description: 'Name of the S3 bucket that this log retrieved from.\n', + }, + { + name: 'object_key', + type: 'keyword', + description: 'Name of the S3 object that this log retrieved from.\n', + }, + ], + }, + { + key: 'cef', + title: 'Decode CEF processor fields', + description: 'Common Event Format (CEF) data.\n', + fields: [ + { + name: 'cef', + type: 'group', + description: + 'By default the `decode_cef` processor writes all data from the CEF message to this `cef` object. It contains the CEF header fields and the extension data.\n', + fields: [ + { + name: 'version', + type: 'keyword', + description: 'Version of the CEF specification used by the message.\n', + }, + { + name: 'device.vendor', + type: 'keyword', + description: 'Vendor of the device that produced the message.\n', + }, + { + name: 'device.product', + type: 'keyword', + description: 'Product of the device that produced the message.\n', + }, + { + name: 'device.version', + type: 'keyword', + description: 'Version of the product that produced the message.\n', + }, + { + name: 'device.event_class_id', + type: 'keyword', + description: 'Unique identifier of the event type.\n', + }, + { + name: 'severity', + type: 'keyword', + example: 'Very-High', + description: + 'Importance of the event. The valid string values are Unknown, Low, Medium, High, and Very-High. The valid integer values are 0-3=Low, 4-6=Medium, 7- 8=High, and 9-10=Very-High.\n', + }, + { + name: 'name', + type: 'keyword', + description: 'Short description of the event.\n', + }, + { + name: 'extensions', + type: 'group', + description: 'Collection of key-value pairs carried in the CEF extension field.\n', + default_field: false, + fields: [ + { + name: 'agentAddress', + type: 'ip', + description: 'The IP address of the ArcSight connector that processed the event.', + }, + { + name: 'agentDnsDomain', + type: 'keyword', + description: + 'The DNS domain name of the ArcSight connector that processed the event.', + }, + { + name: 'agentHostName', + type: 'keyword', + description: 'The hostname of the ArcSight connector that processed the event.', + }, + { + name: 'agentId', + type: 'keyword', + description: 'The agent ID of the ArcSight connector that processed the event.', + }, + { + name: 'agentMacAddress', + type: 'keyword', + description: 'The MAC address of the ArcSight connector that processed the event.', + }, + { + name: 'agentNtDomain', + type: 'keyword', + description: '', + }, + { + name: 'agentReceiptTime', + type: 'date', + description: + 'The time at which information about the event was received by the ArcSight connector.', + }, + { + name: 'agentTimeZone', + type: 'keyword', + description: + 'The agent time zone of the ArcSight connector that processed the event.', + }, + { + name: 'agentTranslatedAddress', + type: 'ip', + description: '', + }, + { + name: 'agentTranslatedZoneExternalID', + type: 'keyword', + description: '', + }, + { + name: 'agentTranslatedZoneURI', + type: 'keyword', + description: '', + }, + { + name: 'agentType', + type: 'keyword', + description: 'The agent type of the ArcSight connector that processed the event', + }, + { + name: 'agentVersion', + type: 'keyword', + description: 'The version of the ArcSight connector that processed the event.', + }, + { + name: 'agentZoneExternalID', + type: 'keyword', + description: '', + }, + { + name: 'agentZoneURI', + type: 'keyword', + description: '', + }, + { + name: 'applicationProtocol', + type: 'keyword', + description: + 'Application level protocol, example values are HTTP, HTTPS, SSHv2, Telnet, POP, IMPA, IMAPS, and so on.', + }, + { + name: 'baseEventCount', + type: 'long', + description: + 'A count associated with this event. How many times was this same event observed? Count can be omitted if it is 1.', + }, + { + name: 'bytesIn', + type: 'long', + description: + 'Number of bytes transferred inbound, relative to the source to destination relationship, meaning that data was flowing from source to destination.', + }, + { + name: 'bytesOut', + type: 'long', + description: + 'Number of bytes transferred outbound relative to the source to destination relationship. For example, the byte number of data flowing from the destination to the source.', + }, + { + name: 'customerExternalID', + type: 'keyword', + description: '', + }, + { + name: 'customerURI', + type: 'keyword', + description: '', + }, + { + name: 'destinationAddress', + type: 'ip', + description: + 'Identifies the destination address that the event refers to in an IP network. The format is an IPv4 address.', + }, + { + name: 'destinationDnsDomain', + type: 'keyword', + description: + 'The DNS domain part of the complete fully qualified domain name (FQDN).', + }, + { + name: 'destinationGeoLatitude', + type: 'double', + description: + "The latitudinal value from which the destination's IP address belongs.", + }, + { + name: 'destinationGeoLongitude', + type: 'double', + description: + "The longitudinal value from which the destination's IP address belongs.", + }, + { + name: 'destinationHostName', + type: 'keyword', + description: + 'Identifies the destination that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the destination node, when a node is available.', + }, + { + name: 'destinationMacAddress', + type: 'keyword', + description: 'Six colon-seperated hexadecimal numbers.', + }, + { + name: 'destinationNtDomain', + type: 'keyword', + description: 'The Windows domain name of the destination address.', + }, + { + name: 'destinationPort', + type: 'long', + description: 'The valid port numbers are between 0 and 65535.', + }, + { + name: 'destinationProcessId', + type: 'long', + description: + 'Provides the ID of the destination process associated with the event. For example, if an event contains process ID 105, "105" is the process ID.', + }, + { + name: 'destinationProcessName', + type: 'keyword', + description: "The name of the event's destination process.", + }, + { + name: 'destinationServiceName', + type: 'keyword', + description: 'The service targeted by this event.', + }, + { + name: 'destinationTranslatedAddress', + type: 'ip', + description: + 'Identifies the translated destination that the event refers to in an IP network.', + }, + { + name: 'destinationTranslatedPort', + type: 'long', + description: + 'Port after it was translated; for example, a firewall. Valid port numbers are 0 to 65535.', + }, + { + name: 'destinationTranslatedZoneExternalID', + type: 'keyword', + description: '', + }, + { + name: 'destinationTranslatedZoneURI', + type: 'keyword', + description: + 'The URI for the Translated Zone that the destination asset has been assigned to in ArcSight.', + }, + { + name: 'destinationUserId', + type: 'keyword', + description: + 'Identifies the destination user by ID. For example, in UNIX, the root user is generally associated with user ID 0.', + }, + { + name: 'destinationUserName', + type: 'keyword', + description: + "Identifies the destination user by name. This is the user associated with the event's destination. Email addresses are often mapped into the UserName fields. The recipient is a candidate to put into this field.", + }, + { + name: 'destinationUserPrivileges', + type: 'keyword', + description: + 'The typical values are "Administrator", "User", and "Guest". This identifies the destination user\'s privileges. In UNIX, for example, activity executed on the root user would be identified with destinationUser Privileges of "Administrator".', + }, + { + name: 'destinationZoneExternalID', + type: 'keyword', + description: '', + }, + { + name: 'destinationZoneURI', + type: 'keyword', + description: + 'The URI for the Zone that the destination asset has been assigned to in ArcSight.', + }, + { + name: 'deviceAction', + type: 'keyword', + description: 'Action taken by the device.', + }, + { + name: 'deviceAddress', + type: 'ip', + description: + 'Identifies the device address that an event refers to in an IP network.', + }, + { + name: 'deviceCustomFloatingPoint1Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomFloatingPoint3Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomFloatingPoint4Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomDate1', + type: 'date', + description: + 'One of two timestamp fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomDate1Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomDate2', + type: 'date', + description: + 'One of two timestamp fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomDate2Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomFloatingPoint1', + type: 'double', + description: + 'One of four floating point fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomFloatingPoint2', + type: 'double', + description: + 'One of four floating point fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomFloatingPoint2Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomFloatingPoint3', + type: 'double', + description: + 'One of four floating point fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomFloatingPoint4', + type: 'double', + description: + 'One of four floating point fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomIPv6Address1', + type: 'ip', + description: + 'One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomIPv6Address1Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomIPv6Address2', + type: 'ip', + description: + 'One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomIPv6Address2Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomIPv6Address3', + type: 'ip', + description: + 'One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomIPv6Address3Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomIPv6Address4', + type: 'ip', + description: + 'One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary.', + }, + { + name: 'deviceCustomIPv6Address4Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomNumber1', + type: 'long', + description: + 'One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomNumber1Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomNumber2', + type: 'long', + description: + 'One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomNumber2Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomNumber3', + type: 'long', + description: + 'One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomNumber3Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomString1', + type: 'keyword', + description: + 'One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomString1Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomString2', + type: 'keyword', + description: + 'One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomString2Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomString3', + type: 'keyword', + description: + 'One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomString3Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomString4', + type: 'keyword', + description: + 'One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomString4Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomString5', + type: 'keyword', + description: + 'One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomString5Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceCustomString6', + type: 'keyword', + description: + 'One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceCustomString6Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceDirection', + type: 'long', + description: + 'Any information about what direction the observed communication has taken. The following values are supported - "0" for inbound or "1" for outbound.', + }, + { + name: 'deviceDnsDomain', + type: 'keyword', + description: + 'The DNS domain part of the complete fully qualified domain name (FQDN).', + }, + { + name: 'deviceEventCategory', + type: 'keyword', + description: + 'Represents the category assigned by the originating device. Devices often use their own categorization schema to classify event. Example "/Monitor/Disk/Read".', + }, + { + name: 'deviceExternalId', + type: 'keyword', + description: 'A name that uniquely identifies the device generating this event.', + }, + { + name: 'deviceFacility', + type: 'keyword', + description: + 'The facility generating this event. For example, Syslog has an explicit facility associated with every event.', + }, + { + name: 'deviceFlexNumber1', + type: 'long', + description: + 'One of two alternative number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceFlexNumber1Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceFlexNumber2', + type: 'long', + description: + 'One of two alternative number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.', + }, + { + name: 'deviceFlexNumber2Label', + type: 'keyword', + description: + 'All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.', + }, + { + name: 'deviceHostName', + type: 'keyword', + description: + 'The format should be a fully qualified domain name (FQDN) associated with the device node, when a node is available.', + }, + { + name: 'deviceInboundInterface', + type: 'keyword', + description: 'Interface on which the packet or data entered the device.', + }, + { + name: 'deviceMacAddress', + type: 'keyword', + description: 'Six colon-separated hexadecimal numbers.', + }, + { + name: 'deviceNtDomain', + type: 'keyword', + description: 'The Windows domain name of the device address.', + }, + { + name: 'deviceOutboundInterface', + type: 'keyword', + description: 'Interface on which the packet or data left the device.', + }, + { + name: 'devicePayloadId', + type: 'keyword', + description: 'Unique identifier for the payload associated with the event.', + }, + { + name: 'deviceProcessId', + type: 'long', + description: 'Provides the ID of the process on the device generating the event.', + }, + { + name: 'deviceProcessName', + type: 'keyword', + description: + 'Process name associated with the event. An example might be the process generating the syslog entry in UNIX.', + }, + { + name: 'deviceReceiptTime', + type: 'date', + description: + 'The time at which the event related to the activity was received. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970)', + }, + { + name: 'deviceTimeZone', + type: 'keyword', + description: 'The timezone for the device generating the event.', + }, + { + name: 'deviceTranslatedAddress', + type: 'ip', + description: + 'Identifies the translated device address that the event refers to in an IP network.', + }, + { + name: 'deviceTranslatedZoneExternalID', + type: 'keyword', + description: '', + }, + { + name: 'deviceTranslatedZoneURI', + type: 'keyword', + description: + 'The URI for the Translated Zone that the device asset has been assigned to in ArcSight.', + }, + { + name: 'deviceZoneExternalID', + type: 'keyword', + description: '', + }, + { + name: 'deviceZoneURI', + type: 'keyword', + description: + 'Thee URI for the Zone that the device asset has been assigned to in ArcSight.', + }, + { + name: 'endTime', + type: 'date', + description: + 'The time at which the activity related to the event ended. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st1970). An example would be reporting the end of a session.', + }, + { + name: 'eventId', + type: 'long', + description: 'This is a unique ID that ArcSight assigns to each event.', + }, + { + name: 'eventOutcome', + type: 'keyword', + description: "Displays the outcome, usually as 'success' or 'failure'.", + }, + { + name: 'externalId', + type: 'keyword', + description: + 'The ID used by an originating device. They are usually increasing numbers, associated with events.', + }, + { + name: 'fileCreateTime', + type: 'date', + description: 'Time when the file was created.', + }, + { + name: 'fileHash', + type: 'keyword', + description: 'Hash of a file.', + }, + { + name: 'fileId', + type: 'keyword', + description: 'An ID associated with a file could be the inode.', + }, + { + name: 'fileModificationTime', + type: 'date', + description: 'Time when the file was last modified.', + }, + { + name: 'filename', + type: 'keyword', + description: 'Name of the file only (without its path).', + }, + { + name: 'filePath', + type: 'keyword', + description: 'Full path to the file, including file name itself.', + }, + { + name: 'filePermission', + type: 'keyword', + description: 'Permissions of the file.', + }, + { + name: 'fileSize', + type: 'long', + description: 'Size of the file.', + }, + { + name: 'fileType', + type: 'keyword', + description: 'Type of file (pipe, socket, etc.)', + }, + { + name: 'flexDate1', + type: 'date', + description: + 'A timestamp field available to map a timestamp that does not apply to any other defined timestamp field in this dictionary. Use all flex fields sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.', + }, + { + name: 'flexDate1Label', + type: 'keyword', + description: + 'The label field is a string and describes the purpose of the flex field.', + }, + { + name: 'flexString1', + type: 'keyword', + description: + 'One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.', + }, + { + name: 'flexString2', + type: 'keyword', + description: + 'One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.', + }, + { + name: 'flexString1Label', + type: 'keyword', + description: + 'The label field is a string and describes the purpose of the flex field.', + }, + { + name: 'flexString2Label', + type: 'keyword', + description: + 'The label field is a string and describes the purpose of the flex field.', + }, + { + name: 'message', + type: 'keyword', + description: + 'An arbitrary message giving more details about the event. Multi-line entries can be produced by using \\n as the new line separator.', + }, + { + name: 'oldFileCreateTime', + type: 'date', + description: 'Time when old file was created.', + }, + { + name: 'oldFileHash', + type: 'keyword', + description: 'Hash of the old file.', + }, + { + name: 'oldFileId', + type: 'keyword', + description: 'An ID associated with the old file could be the inode.', + }, + { + name: 'oldFileModificationTime', + type: 'date', + description: 'Time when old file was last modified.', + }, + { + name: 'oldFileName', + type: 'keyword', + description: 'Name of the old file.', + }, + { + name: 'oldFilePath', + type: 'keyword', + description: 'Full path to the old file, including the file name itself.', + }, + { + name: 'oldFilePermission', + type: 'keyword', + description: 'Permissions of the old file.', + }, + { + name: 'oldFileSize', + type: 'long', + description: 'Size of the old file.', + }, + { + name: 'oldFileType', + type: 'keyword', + description: 'Type of the old file (pipe, socket, etc.)', + }, + { + name: 'rawEvent', + type: 'keyword', + description: '', + }, + { + name: 'Reason', + type: 'keyword', + description: + 'The reason an audit event was generated. For example "bad password" or "unknown user". This could also be an error or return code. Example "0x1234".', + }, + { + name: 'requestClientApplication', + type: 'keyword', + description: 'The User-Agent associated with the request.', + }, + { + name: 'requestContext', + type: 'keyword', + description: + 'Description of the content from which the request originated (for example, HTTP Referrer)', + }, + { + name: 'requestCookies', + type: 'keyword', + description: 'Cookies associated with the request.', + }, + { + name: 'requestMethod', + type: 'keyword', + description: 'The HTTP method used to access a URL.', + }, + { + name: 'requestUrl', + type: 'keyword', + description: + 'In the case of an HTTP request, this field contains the URL accessed. The URL should contain the protocol as well.', + }, + { + name: 'sourceAddress', + type: 'ip', + description: 'Identifies the source that an event refers to in an IP network.', + }, + { + name: 'sourceDnsDomain', + type: 'keyword', + description: + 'The DNS domain part of the complete fully qualified domain name (FQDN).', + }, + { + name: 'sourceGeoLatitude', + type: 'double', + description: '', + }, + { + name: 'sourceGeoLongitude', + type: 'double', + description: '', + }, + { + name: 'sourceHostName', + type: 'keyword', + description: + "Identifies the source that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the source node, when a mode is available. Examples: 'host' or 'host.domain.com'.\n", + }, + { + name: 'sourceMacAddress', + type: 'keyword', + example: '00:0d:60:af:1b:61', + description: 'Six colon-separated hexadecimal numbers.', + }, + { + name: 'sourceNtDomain', + type: 'keyword', + description: 'The Windows domain name for the source address.', + }, + { + name: 'sourcePort', + type: 'long', + description: 'The valid port numbers are 0 to 65535.', + }, + { + name: 'sourceProcessId', + type: 'long', + description: 'The ID of the source process associated with the event.', + }, + { + name: 'sourceProcessName', + type: 'keyword', + description: "The name of the event's source process.", + }, + { + name: 'sourceServiceName', + type: 'keyword', + description: 'The service that is responsible for generating this event.', + }, + { + name: 'sourceTranslatedAddress', + type: 'ip', + description: + 'Identifies the translated source that the event refers to in an IP network.', + }, + { + name: 'sourceTranslatedPort', + type: 'long', + description: + 'A port number after being translated by, for example, a firewall. Valid port numbers are 0 to 65535.', + }, + { + name: 'sourceTranslatedZoneExternalID', + type: 'keyword', + description: '', + }, + { + name: 'sourceTranslatedZoneURI', + type: 'keyword', + description: + 'The URI for the Translated Zone that the destination asset has been assigned to in ArcSight.', + }, + { + name: 'sourceUserId', + type: 'keyword', + description: + 'Identifies the source user by ID. This is the user associated with the source of the event. For example, in UNIX, the root user is generally associated with user ID 0.', + }, + { + name: 'sourceUserName', + type: 'keyword', + description: + 'Identifies the source user by name. Email addresses are also mapped into the UserName fields. The sender is a candidate to put into this field.', + }, + { + name: 'sourceUserPrivileges', + type: 'keyword', + description: + 'The typical values are "Administrator", "User", and "Guest". It identifies the source user\'s privileges. In UNIX, for example, activity executed by the root user would be identified with "Administrator".', + }, + { + name: 'sourceZoneExternalID', + type: 'keyword', + description: '', + }, + { + name: 'sourceZoneURI', + type: 'keyword', + description: + 'The URI for the Zone that the source asset has been assigned to in ArcSight.', + }, + { + name: 'startTime', + type: 'date', + description: + 'The time when the activity the event referred to started. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970)', + }, + { + name: 'transportProtocol', + type: 'keyword', + description: + 'Identifies the Layer-4 protocol used. The possible values are protocols such as TCP or UDP.', + }, + { + name: 'type', + type: 'long', + description: + '0 means base event, 1 means aggregated, 2 means correlation, and 3 means action. This field can be omitted for base events (type 0).', + }, + { + name: 'categoryDeviceType', + type: 'keyword', + description: 'Device type. Examples - Proxy, IDS, Web Server', + }, + { + name: 'categoryObject', + type: 'keyword', + description: + 'Object that the event is about. For example it can be an operating sytem, database, file, etc.', + }, + { + name: 'categoryBehavior', + type: 'keyword', + description: + "Action or a behavior associated with an event. It's what is being done to the object.", + }, + { + name: 'categoryTechnique', + type: 'keyword', + description: 'Technique being used (e.g. /DoS).', + }, + { + name: 'categoryDeviceGroup', + type: 'keyword', + description: 'General device group like Firewall.', + }, + { + name: 'categorySignificance', + type: 'keyword', + description: 'Characterization of the importance of the event.', + }, + { + name: 'categoryOutcome', + type: 'keyword', + description: 'Outcome of the event (e.g. sucess, failure, or attempt).', + }, + { + name: 'managerReceiptTime', + type: 'date', + description: 'When the Arcsight ESM received the event.', + }, + ], + }, + ], + }, + { + name: 'source.service.name', + type: 'keyword', + description: 'Service that is the source of the event.', + }, + { + name: 'destination.service.name', + type: 'keyword', + description: 'Service that is the target of the event.', + }, + ], + }, ]; diff --git a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/packetbeat.ts b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/packetbeat.ts index 6002c9370210e..0be2e48fe4668 100644 --- a/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/packetbeat.ts +++ b/x-pack/legacy/plugins/siem/server/utils/beat_schema/8.0.0/packetbeat.ts @@ -15,91 +15,129 @@ export const packetbeatSchema: Schema = [ { key: 'ecs', title: 'ECS', - description: 'ECS fields.', + description: 'ECS Fields.', fields: [ { name: '@timestamp', - type: 'date', level: 'core', required: true, - example: '2016-05-23T08:05:34.853Z', + type: 'date', description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - }, - { - name: 'tags', - level: 'core', - type: 'keyword', - example: '["production", "env2"]', - description: 'List of keywords used to tag each event.', + 'Date/time when the event originated.\n\nThis is the date/time extracted from the event, typically representing when\nthe event was generated by the source.\n\nIf the event source has no original timestamp, this value is typically populated\nby the first time the event was received by the pipeline.\n\nRequired field for all events.', + example: '2016-05-23T08:05:34.853Z', }, { name: 'labels', level: 'core', type: 'object', - example: { - env: 'production', - application: 'foo-bar', - }, + object_type: 'keyword', description: - 'Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: `docker` and `k8s` labels.', + 'Custom key/value pairs.\n\nCan be used to add meta information to events. Should not contain nested objects.\nAll values are stored as keyword.\n\nExample: `docker` and `k8s` labels.', + example: '{"application": "foo-bar", "env": "production"}', }, { name: 'message', level: 'core', type: 'text', - example: 'Hello World', description: - 'For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message.', + 'For log events the message field contains the log message, optimized\nfor viewing in a log viewer.\n\nFor structured logs without an original message field, other fields can be concatenated\nto form a human-readable summary of the event.\n\nIf multiple messages exist, they can be combined into one message.', + example: 'Hello World', + }, + { + name: 'tags', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'List of keywords used to tag each event.', + example: '["production", "env2"]', }, { name: 'agent', title: 'Agent', group: 2, description: - 'The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken.', + 'The agent fields contain the data about the software entity, if\nany, that collects, detects, or observes events on a host, or takes measurements\non a host.\n\nExamples include Beats. Agents may also run on observers. ECS agent.* fields\nshall be populated with details of the agent running on the host or observer\nwhere the event happened or the measurement was taken.', footnote: - 'Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server.', + 'Examples: In the case of Beats for logs, the agent.name is filebeat.\nFor APM, it is the agent running in the app/service. The agent information does\nnot change if data is sent through queuing systems like Kafka, Redis, or processing\nsystems such as Logstash or APM Server.', type: 'group', fields: [ { - name: 'version', + name: 'ephemeral_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Ephemeral identifier of this agent (if one exists).\n\nThis id normally changes across restarts, but `agent.id` does not.', + example: '8a4f500f', + }, + { + name: 'id', level: 'core', type: 'keyword', - description: 'Version of the agent.', - example: '6.0.0-rc2', + ignore_above: 1024, + description: + 'Unique identifier of this agent (if one exists).\n\nExample: For Beats this would be beat.id.', + example: '8a4f500d', }, { name: 'name', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', + 'Custom name of the agent.\n\nThis is a name that can be given to an agent. This can be helpful if for example\ntwo Filebeat instances are running on the same host but a human readable separation\nis needed on which Filebeat instance data is coming from.\n\nIf no name is given, the name is often left empty.', example: 'foo', }, { name: 'type', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.', + 'Type of the agent.\n\nThe agent type stays always the same and should be given by the agent used.\nIn case of Filebeat the agent would always be Filebeat also if two Filebeat\ninstances are run on the same machine.', example: 'filebeat', }, { - name: 'id', + name: 'version', level: 'core', type: 'keyword', + ignore_above: 1024, + description: 'Version of the agent.', + example: '6.0.0-rc2', + }, + ], + }, + { + name: 'as', + title: 'Autonomous System', + group: 2, + description: + 'An autonomous system (AS) is a collection of connected Internet Protocol\n(IP) routing prefixes under the control of one or more network operators on\nbehalf of a single administrative entity or domain that presents a common, clearly\ndefined routing policy to the internet.', + type: 'group', + fields: [ + { + name: 'number', + level: 'extended', + type: 'long', description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'ephemeral_id', + name: 'organization.name', level: 'extended', type: 'keyword', - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', }, ], }, @@ -108,2673 +146,6183 @@ export const packetbeatSchema: Schema = [ title: 'Client', group: 2, description: - 'A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', + 'A client is defined as the initiator of a network connection for\nevents regarding sessions, connections, or bidirectional flow records.\n\nFor TCP events, the client is the initiator of the TCP connection that sends\nthe SYN packet(s). For other protocols, the client is generally the initiator\nor requestor in the network transaction. Some systems use the term "originator"\nto refer the client in TCP connections. The client fields describe details about\nthe system acting as the client in the network event. Client fields are usually\npopulated in conjunction with server fields. Client fields are generally not\npopulated for packet-level events.\n\nClient / server representations can add semantic context to an exchange, which\nis helpful to visualize the data in certain situations. If your context falls\nin that category, you should still ensure that source and destination are filled\nappropriately.', type: 'group', fields: [ { name: 'address', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Some event client addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', }, { - name: 'ip', - level: 'core', - type: 'ip', - description: 'IP address of the client. Can be one or multiple IPv4 or IPv6 addresses.', + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'port', + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', level: 'core', type: 'long', - description: 'Port of the client.', + format: 'bytes', + description: 'Bytes sent from the client to the server.', + example: 184, }, { - name: 'mac', + name: 'domain', level: 'core', type: 'keyword', - description: 'MAC address of the client.', + ignore_above: 1024, + description: 'Client domain.', }, { - name: 'domain', + name: 'geo.city_name', level: 'core', type: 'keyword', - description: 'Client domain.', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'bytes', + name: 'geo.continent_name', level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the client to the server.', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'packets', + name: 'geo.country_iso_code', level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the client to the server.', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, - ], - }, - { - name: 'cloud', - title: 'Cloud', - group: 2, - description: 'Fields related to the cloud or infrastructure the events are coming from.', - footnote: - 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.', - type: 'group', - fields: [ { - name: 'provider', + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', level: 'extended', - example: 'ec2', type: 'keyword', + ignore_above: 1024, description: - 'Name of the cloud provider. Example values are ec2, gce, or digitalocean.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'availability_zone', - level: 'extended', - example: 'us-east-1c', + name: 'geo.region_iso_code', + level: 'core', type: 'keyword', - description: 'Availability zone in which this host is running.', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'region', - level: 'extended', + name: 'geo.region_name', + level: 'core', type: 'keyword', - example: 'us-east-1', - description: 'Region in which this host is running.', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { - name: 'instance.id', - level: 'extended', - type: 'keyword', - example: 'i-1234567890abcdef0', - description: 'Instance ID of the host machine.', + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the client.\n\nCan be one or multiple IPv4 or IPv6 addresses.', }, { - name: 'instance.name', - level: 'extended', + name: 'mac', + level: 'core', type: 'keyword', - description: 'Instance name of the host machine.', + ignore_above: 1024, + description: 'MAC address of the client.', }, { - name: 'machine.type', + name: 'nat.ip', level: 'extended', - type: 'keyword', - example: 't2.medium', - description: 'Machine type of the host machine.', + type: 'ip', + description: + 'Translated IP of source based NAT sessions (e.g. internal client\nto internet).\n\nTypically connections traversing load balancers, firewalls, or routers.', }, { - name: 'account.id', + name: 'nat.port', level: 'extended', - type: 'keyword', - example: 666777888999, + type: 'long', + format: 'string', description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', + 'Translated port of source based NAT sessions (e.g. internal client\nto internet).\n\nTypically connections traversing load balancers, firewalls, or routers.', }, - ], - }, - { - name: 'container', - title: 'Container', - group: 2, - description: - 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.', - type: 'group', - fields: [ { - name: 'runtime', - level: 'extended', - type: 'keyword', - description: 'Runtime managing this container.', - example: 'docker', + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the client to the server.', + example: 12, }, { - name: 'id', + name: 'port', level: 'core', + type: 'long', + format: 'string', + description: 'Port of the client.', + }, + { + name: 'registered_domain', + level: 'extended', type: 'keyword', - description: 'Unique container id.', + ignore_above: 1024, + description: + 'The highest registered client domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', }, { - name: 'image.name', + name: 'top_level_domain', level: 'extended', type: 'keyword', - description: 'Name of the image the container was built on.', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', }, { - name: 'image.tag', + name: 'user.domain', level: 'extended', type: 'keyword', - description: 'Container image tag.', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'name', + name: 'user.email', level: 'extended', type: 'keyword', - description: 'Container name.', + ignore_above: 1024, + description: 'User email address.', }, { - name: 'labels', + name: 'user.full_name', level: 'extended', - type: 'object', - object_type: 'keyword', - description: 'Image labels.', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', }, - ], - }, - { - name: 'destination', - title: 'Destination', - group: 2, - description: - 'Destination fields describe details about the destination of a packet/event. Destination fields are usually populated in conjunction with source fields.', - type: 'group', - fields: [ { - name: 'address', + name: 'user.group.domain', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'ip', - level: 'core', - type: 'ip', - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'port', - level: 'core', - type: 'long', - description: 'Port of the destination.', + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', }, { - name: 'mac', - level: 'core', + name: 'user.hash', + level: 'extended', type: 'keyword', - description: 'MAC address of the destination.', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', }, { - name: 'domain', + name: 'user.id', level: 'core', type: 'keyword', - description: 'Destination domain.', + ignore_above: 1024, + description: 'Unique identifiers of the user.', }, { - name: 'bytes', + name: 'user.name', level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the destination to the source.', - }, - { - name: 'packets', - level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the destination to the source.', - }, - { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Short name or login of the user.', + example: 'albert', }, ], }, { - name: 'ecs', - title: 'ECS', + name: 'cloud', + title: 'Cloud', group: 2, - description: 'Meta-information specific to ECS.', + description: 'Fields related to the cloud or infrastructure the events are coming\nfrom.', + footnote: + 'Examples: If Metricbeat is running on an EC2 host and fetches data\nfrom its host, the cloud info contains the data about this machine. If Metricbeat\nruns on a remote machine outside the cloud and fetches data from a service running\nin the cloud, the field contains cloud data from the machine the service is\nrunning on.', type: 'group', fields: [ { - name: 'version', - level: 'core', + name: 'account.id', + level: 'extended', type: 'keyword', - required: true, + ignore_above: 1024, description: - 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. The current version is 1.0.0-beta2 .', - example: '1.0.0-beta2', + 'The cloud account or organization id used to identify different\nentities in a multi-tenant environment.\n\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier.', + example: 666777888999, }, - ], - }, - { - name: 'error', - title: 'Error', - group: 2, - description: - 'These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error.', - type: 'group', - fields: [ { - name: 'id', - level: 'core', + name: 'availability_zone', + level: 'extended', type: 'keyword', - description: 'Unique identifier for the error.', + ignore_above: 1024, + description: 'Availability zone in which this host is running.', + example: 'us-east-1c', }, { - name: 'message', - level: 'core', - type: 'text', - description: 'Error message.', + name: 'instance.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Instance ID of the host machine.', + example: 'i-1234567890abcdef0', }, { - name: 'code', - level: 'core', + name: 'instance.name', + level: 'extended', type: 'keyword', - description: 'Error code describing the error.', + ignore_above: 1024, + description: 'Instance name of the host machine.', }, - ], - }, - { - name: 'event', - title: 'Event', - group: 2, - description: - 'The event fields are used for context information about the log or metric event itself. A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical or categorical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host, or vulnerabilities measured on a scanned host.', - type: 'group', - fields: [ { - name: 'id', - level: 'core', + name: 'machine.type', + level: 'extended', type: 'keyword', - description: 'Unique ID to describe the event.', - example: '8a4f500d', + ignore_above: 1024, + description: 'Machine type of the host machine.', + example: 't2.medium', }, { - name: 'kind', + name: 'provider', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'The kind of the event. This gives information about what type of information the event contains, without being specific to the contents of the event. Examples are `event`, `state`, `alarm`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'state', + 'Name of the cloud provider. Example values are aws, azure, gcp,\nor digitalocean.', + example: 'aws', }, { - name: 'category', - level: 'core', + name: 'region', + level: 'extended', type: 'keyword', - description: - 'Event category. This contains high-level information about the contents of the event. It is more generic than `event.action`, in the sense that typically a category contains multiple actions. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'user-management', + ignore_above: 1024, + description: 'Region in which this host is running.', + example: 'us-east-1', }, + ], + }, + { + name: 'code_signature', + title: 'Code Signature', + group: 2, + description: 'These fields contain information about binary code signatures.', + type: 'group', + fields: [ { - name: 'action', + name: 'exists', level: 'core', - type: 'keyword', - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, }, { - name: 'outcome', + name: 'status', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'The outcome of the event. If the event describes an action, this fields contains the outcome of that action. Examples outcomes are `success` and `failure`. Warning: In future versions of ECS, we plan to provide a list of acceptable values for this field, please use with caution.', - example: 'success', - }, - { - name: 'type', - level: 'core', - type: 'keyword', - description: 'Reserved for future usage. Please avoid using this field for user data.', + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'module', + name: 'subject_name', level: 'core', type: 'keyword', - description: - 'Name of the module this data is coming from. This information is coming from the modules used in Beats or Logstash.', - example: 'mysql', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'dataset', - level: 'core', - type: 'keyword', + name: 'trusted', + level: 'extended', + type: 'boolean', description: - 'Name of the dataset. The concept of a `dataset` (fileset / metricset) is used in Beats as a subset of modules. It contains the information which is currently stored in metricset.name and metricset.module or fileset.name.', - example: 'stats', + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, }, { - name: 'severity', - level: 'core', - type: 'long', - example: '7', + name: 'valid', + level: 'extended', + type: 'boolean', description: - "Severity describes the severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events. ", + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, + ], + }, + { + name: 'container', + title: 'Container', + group: 2, + description: + 'Container fields are used for meta information about the specific\ncontainer that is the source of information.\n\nThese fields help correlate data based containers from any runtime.', + type: 'group', + fields: [ { - name: 'original', + name: 'id', level: 'core', type: 'keyword', - example: - 'Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232', - description: - 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`.', - index: false, - doc_values: false, + ignore_above: 1024, + description: 'Unique container id.', }, { - name: 'hash', + name: 'image.name', level: 'extended', type: 'keyword', - example: '123456789012345678901234567890ABCD', - description: - 'Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity.', - }, - { - name: 'duration', - level: 'core', - type: 'long', - format: 'duration', - input_format: 'nanoseconds', - description: - 'Duration of the event in nanoseconds. If event.start and event.end are known this value should be the difference between the end and start time.', + ignore_above: 1024, + description: 'Name of the image the container was built on.', }, { - name: 'timezone', + name: 'image.tag', level: 'extended', type: 'keyword', - description: - 'This field should be populated when the event\'s timestamp does not include timezone information already (e.g. default Syslog timestamps). It\'s optional otherwise. Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00").', + ignore_above: 1024, + description: 'Container image tags.', }, { - name: 'created', - level: 'core', - type: 'date', - description: - 'event.created contains the date when the event was created. This timestamp is distinct from @timestamp in that @timestamp contains the processed timestamp. For logs these two timestamps can be different as the timestamp in the log line and when the event is read for example by Filebeat are not identical. `@timestamp` must contain the timestamp extracted from the log line, event.created when the log line is read. The same could apply to package capturing where @timestamp contains the timestamp extracted from the network package and event.created when the event was created. In case the two timestamps are identical, @timestamp should be used.', - }, - { - name: 'start', + name: 'labels', level: 'extended', - type: 'date', - description: - 'event.start contains the date when the event started or when the activity was first observed.', + type: 'object', + object_type: 'keyword', + description: 'Image labels.', }, { - name: 'end', + name: 'name', level: 'extended', - type: 'date', - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - }, - { - name: 'risk_score', - level: 'core', - type: 'float', - description: - "Risk score or priority of the event (e.g. security solutions). Use your system's original value here. ", + type: 'keyword', + ignore_above: 1024, + description: 'Container name.', }, { - name: 'risk_score_norm', + name: 'runtime', level: 'extended', - type: 'float', - description: - 'Normalized risk score or priority of the event, on a scale of 0 to 100. This is mainly useful if you use more than one system that assigns risk scores, and you want to see a normalized value across all systems.', + type: 'keyword', + ignore_above: 1024, + description: 'Runtime managing this container.', + example: 'docker', }, ], }, { - name: 'file', + name: 'destination', + title: 'Destination', group: 2, - title: 'File', description: - 'A file is defined as a set of information that has been created on, or has existed on a filesystem. File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.', + 'Destination fields describe details about the destination of a packet/event.\n\nDestination fields are usually populated in conjunction with source fields.', type: 'group', fields: [ { - name: 'path', + name: 'address', level: 'extended', type: 'keyword', - description: 'Path to the file.', + ignore_above: 1024, + description: + 'Some event destination addresses are defined ambiguously. The\nevent will sometimes list an IP, a domain or a unix socket. You should always\nstore the raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', }, { - name: 'target_path', + name: 'as.number', level: 'extended', - type: 'keyword', - description: 'Target path for symlinks.', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, }, { - name: 'extension', + name: 'as.organization.name', level: 'extended', type: 'keyword', - description: 'File extension. This should allow easy filtering by file extensions.', - example: 'png', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', }, { - name: 'type', - level: 'extended', - type: 'keyword', - description: 'File type (file, dir, or symlink).', + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the destination to the source.', + example: 184, }, { - name: 'device', - level: 'extended', + name: 'domain', + level: 'core', type: 'keyword', - description: 'Device that is the source of the file.', + ignore_above: 1024, + description: 'Destination domain.', }, { - name: 'inode', - level: 'extended', + name: 'geo.city_name', + level: 'core', type: 'keyword', - description: 'Inode representing the file in the filesystem.', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'uid', - level: 'extended', + name: 'geo.continent_name', + level: 'core', type: 'keyword', - description: 'The user ID (UID) or security identifier (SID) of the file owner.', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'owner', - level: 'extended', + name: 'geo.country_iso_code', + level: 'core', type: 'keyword', - description: "File owner's username.", + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'gid', - level: 'extended', + name: 'geo.country_name', + level: 'core', type: 'keyword', - description: 'Primary group ID (GID) of the file.', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'group', - level: 'extended', - type: 'keyword', - description: 'Primary group name of the file.', + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'mode', - level: 'extended', - type: 'keyword', - example: 416, - description: 'Mode of the file in octal representation.', - }, - { - name: 'size', - level: 'extended', - type: 'long', - format: 'bytes', - description: 'File size in bytes (field is only added when `type` is `file`).', - }, - { - name: 'mtime', - level: 'extended', - type: 'date', - description: 'Last time file content was modified.', - }, - { - name: 'ctime', - level: 'extended', - type: 'date', - description: 'Last time file metadata changed.', - }, - ], - }, - { - name: 'group', - title: 'Group', - group: 2, - description: - 'The group fields are meant to represent groups that are relevant to the event.', - type: 'group', - fields: [ - { - name: 'id', + name: 'geo.name', level: 'extended', type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: 'Name of the group.', - }, - ], - }, - { - name: 'host', - title: 'Host', - group: 2, - description: - 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or on which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.', - type: 'group', - fields: [ - { - name: 'hostname', - level: 'core', - type: 'keyword', + ignore_above: 1024, description: - 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.', + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'name', + name: 'geo.region_iso_code', level: 'core', type: 'keyword', - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'id', + name: 'geo.region_name', level: 'core', type: 'keyword', - description: - 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { name: 'ip', level: 'core', type: 'ip', - description: 'Host ip address.', + description: + 'IP address of the destination.\n\nCan be one or multiple IPv4 or IPv6 addresses.', }, { name: 'mac', level: 'core', type: 'keyword', - description: 'Host mac address.', + ignore_above: 1024, + description: 'MAC address of the destination.', }, { - name: 'type', - level: 'core', - type: 'keyword', + name: 'nat.ip', + level: 'extended', + type: 'ip', description: - 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.', + 'Translated ip of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', }, { - name: 'architecture', - level: 'core', - type: 'keyword', - example: 'x86_64', - description: 'Operating system architecture.', + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Port the source session is translated to by NAT Device.\n\nTypically used with load balancers, firewalls, or routers.', }, { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, - { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', - }, - ], + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the destination to the source.', + example: 12, }, { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the destination.', }, - ], - }, - { - name: 'http', - title: 'HTTP', - group: 2, - description: 'Fields related to HTTP activity.', - type: 'group', - fields: [ { - name: 'request.method', + name: 'registered_domain', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Http request method. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'get, post, put', + 'The highest registered destination domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', }, { - name: 'request.body.content', + name: 'top_level_domain', level: 'extended', type: 'keyword', - description: 'The full http request body.', - example: 'Hello world', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', }, { - name: 'request.referrer', + name: 'user.domain', level: 'extended', type: 'keyword', - description: 'Referrer for this HTTP request.', - example: 'https://blog.example.com/', - }, - { - name: 'response.status_code', - level: 'extended', - type: 'long', - description: 'Http response status code.', - example: 404, + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'response.body.content', + name: 'user.email', level: 'extended', type: 'keyword', - description: 'The full http response body.', - example: 'Hello world', + ignore_above: 1024, + description: 'User email address.', }, { - name: 'version', + name: 'user.full_name', level: 'extended', type: 'keyword', - description: 'Http version.', - example: 1.1, + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', }, { - name: 'request.bytes', + name: 'user.group.domain', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Total size in bytes of the request (body and headers).', - example: 1437, + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'request.body.bytes', + name: 'user.group.id', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Size in bytes of the request body.', - example: 887, + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'response.bytes', + name: 'user.group.name', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Total size in bytes of the response (body and headers).', - example: 1437, + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', }, { - name: 'response.body.bytes', + name: 'user.hash', level: 'extended', - type: 'long', - format: 'bytes', - description: 'Size in bytes of the response body.', - example: 887, + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', }, - ], - }, - { - name: 'log', - title: 'Log', - description: 'Fields which are specific to log events.', - type: 'group', - fields: [ { - name: 'level', + name: 'user.id', level: 'core', type: 'keyword', - description: 'Log level of the log event. Some examples are `WARN`, `ERR`, `INFO`.', - example: 'ERR', + ignore_above: 1024, + description: 'Unique identifiers of the user.', }, { - name: 'original', + name: 'user.name', level: 'core', type: 'keyword', - example: 'Sep 19 08:26:10 localhost My log', - index: false, - doc_values: false, - description: - " This is the original log message and contains the full log message before splitting it up in multiple parts. In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. ", + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', }, ], }, { - name: 'network', - title: 'Network', + name: 'dll', + title: 'DLL', group: 2, description: - 'The network is defined as the communication path over which a host or network event happens. The network.* fields should be populated with details about the network activity associated with an event.', + 'These fields contain information about code libraries dynamically\nloaded into processes.\n\n\nMany operating systems refer to "shared code libraries" with different names,\nbut this field set refers to all of the following:\n\n* Dynamic-link library (`.dll`) commonly used on Windows\n\n* Shared Object (`.so`) commonly used on Unix-like operating systems\n\n* Dynamic library (`.dylib`) commonly used on macOS', type: 'group', fields: [ { - name: 'name', + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.status', level: 'extended', type: 'keyword', - description: 'Name given by operators to sections of their network.', - example: 'Guest Wifi', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'type', + name: 'code_signature.subject_name', level: 'core', type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'code_signature.trusted', + level: 'extended', + type: 'boolean', description: - 'In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'ipv4', + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, }, { - name: 'iana_number', + name: 'code_signature.valid', level: 'extended', - type: 'keyword', + type: 'boolean', description: - 'IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number.', - example: 6, + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, { - name: 'transport', - level: 'core', + name: 'hash.md5', + level: 'extended', type: 'keyword', - description: - 'Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'tcp', + ignore_above: 1024, + description: 'MD5 hash.', + default_field: false, }, { - name: 'application', + name: 'hash.sha1', level: 'extended', type: 'keyword', - description: - 'A name given to an application. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'aim', + ignore_above: 1024, + description: 'SHA1 hash.', + default_field: false, }, { - name: 'protocol', - level: 'core', + name: 'hash.sha256', + level: 'extended', type: 'keyword', - description: - 'L7 Network protocol name. ex. http, lumberjack, transport protocol. The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS" section.', - example: 'http', + ignore_above: 1024, + description: 'SHA256 hash.', + default_field: false, }, { - name: 'direction', - level: 'core', + name: 'hash.sha512', + level: 'extended', type: 'keyword', - description: - "Direction of the network traffic. Recommended values are: * inbound * outbound * internal * external * unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view. When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter. ", - example: 'inbound', + ignore_above: 1024, + description: 'SHA512 hash.', + default_field: false, }, { - name: 'forwarded_ip', + name: 'name', level: 'core', - type: 'ip', - description: 'Host IP address when the source IP address is the proxy.', - example: '192.1.1.2', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the library.\n\nThis generally maps to the name of the file on disk.', + example: 'kernel32.dll', + default_field: false, }, { - name: 'community_id', + name: 'path', level: 'extended', type: 'keyword', - description: - 'A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec.', - example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=', - }, - { - name: 'bytes', - level: 'core', - type: 'long', - format: 'bytes', - description: - 'Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum.', - example: 368, - }, - { - name: 'packets', - level: 'core', - type: 'long', - description: - 'Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum.', - example: 24, - }, - ], - }, - { - name: 'observer', - title: 'Observer', - group: 2, - description: - 'An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS.', - type: 'group', - fields: [ - { - name: 'mac', - level: 'core', - type: 'keyword', - description: 'MAC address of the observer', - }, - { - name: 'ip', - level: 'core', - type: 'ip', - description: 'IP address of the observer.', + ignore_above: 1024, + description: 'Full file path of the library.', + example: 'C:\\Windows\\System32\\kernel32.dll', + default_field: false, }, { - name: 'hostname', - level: 'core', + name: 'pe.company', + level: 'extended', type: 'keyword', - description: 'Hostname of the observer.', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'vendor', - level: 'core', + name: 'pe.description', + level: 'extended', type: 'keyword', - description: 'observer vendor information.', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, }, { - name: 'version', - level: 'core', + name: 'pe.file_version', + level: 'extended', type: 'keyword', - description: 'Observer version.', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, }, { - name: 'serial_number', + name: 'pe.original_file_name', level: 'extended', type: 'keyword', - description: 'Observer serial number.', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, }, { - name: 'type', - level: 'core', + name: 'pe.product', + level: 'extended', type: 'keyword', - description: - 'The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`.', - example: 'firewall', - }, - { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, - { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', - }, - ], - }, - { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, }, ], }, { - name: 'organization', - title: 'Organization', + name: 'dns', + title: 'DNS', group: 2, description: - 'The organization fields enrich data with information about the company or entity the data is associated with. These fields help you arrange or filter data stored in an index by one or multiple organizations.', + 'Fields describing DNS queries and answers.\n\nDNS events should either represent a single DNS query prior to getting answers\n(`dns.type:query`) or they should represent a full exchange and contain the\nquery details as well as all of the answers that were provided for this query\n(`dns.type:answer`).', type: 'group', fields: [ { - name: 'name', + name: 'answers', level: 'extended', - type: 'keyword', - description: 'Organization name.', + type: 'object', + object_type: 'keyword', + description: + 'An array containing an object for each answer section returned\nby the server.\n\nThe main keys that should be present in these objects are defined by ECS.\nRecords that have more information may contain more keys than what ECS defines.\n\nNot all DNS data sources give all details about DNS answers. At minimum, answer\nobjects must contain the `data` key. If more information is available, map\nas much of it to ECS as possible, and add any additional fields to the answer\nobjects as custom fields.', }, { - name: 'id', + name: 'answers.class', level: 'extended', type: 'keyword', - description: 'Unique identifier for the organization.', + ignore_above: 1024, + description: 'The class of DNS data contained in this resource record.', + example: 'IN', }, - ], - }, - { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ { - name: 'platform', + name: 'answers.data', level: 'extended', type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', + ignore_above: 1024, + description: + 'The data describing the resource.\n\nThe meaning of this data depends on the type and class of the resource record.', + example: '10.10.10.10', }, { - name: 'name', + name: 'answers.name', level: 'extended', type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', + ignore_above: 1024, + description: + 'The domain name to which this resource record pertains.\n\nIf a chain of CNAME is being resolved, each answer `name` should be the\none that corresponds with the answer `data`. It should not simply be the\noriginal `question.name` repeated.', + example: 'www.google.com', }, { - name: 'full', + name: 'answers.ttl', level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', + type: 'long', + description: + 'The time interval in seconds that this resource record may be cached\nbefore it should be discarded. Zero values mean that the data should not be\ncached.', + example: 180, }, { - name: 'family', + name: 'answers.type', level: 'extended', type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', + ignore_above: 1024, + description: 'The type of data contained in this resource record.', + example: 'CNAME', }, { - name: 'version', + name: 'header_flags', level: 'extended', type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', + ignore_above: 1024, + description: + 'Array of 2 letter DNS header flags.\n\nExpected values are: AA, TC, RD, RA, AD, CD, DO.', + example: ['RD', 'RA'], }, { - name: 'kernel', + name: 'id', level: 'extended', type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', + ignore_above: 1024, + description: + 'The DNS packet identifier assigned by the program that generated\nthe query. The identifier is copied to the response.', + example: 62111, }, - ], - }, - { - name: 'process', - title: 'Process', - group: 2, - description: - 'These fields contain information about a process. These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation.', - type: 'group', - fields: [ { - name: 'pid', - level: 'core', - type: 'long', - description: 'Process id.', - example: 'ssh', + name: 'op_code', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The DNS operation code that specifies the kind of query in the\nmessage. This value is set by the originator of a query and copied into the\nresponse.', + example: 'QUERY', }, { - name: 'name', + name: 'question.class', level: 'extended', type: 'keyword', - description: 'Process name. Sometimes called program name or similar.', - example: 'ssh', + ignore_above: 1024, + description: 'The class of records being queried.', + example: 'IN', }, { - name: 'ppid', + name: 'question.name', level: 'extended', - type: 'long', - description: 'Process parent id.', + type: 'keyword', + ignore_above: 1024, + description: + 'The name being queried.\n\nIf the name field contains non-printable characters (below 32 or above 126),\nthose characters should be represented as escaped base 10 integers (\\DDD).\nBack slashes and quotes should be escaped. Tabs, carriage returns, and line\nfeeds should be converted to \\t, \\r, and \\n respectively.', + example: 'www.google.com', }, { - name: 'args', + name: 'question.registered_domain', level: 'extended', type: 'keyword', - description: 'Process arguments. May be filtered to protect sensitive information.', - example: ['ssh', '-l', 'user', '10.0.0.16'], + ignore_above: 1024, + description: + 'The highest registered domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', }, { - name: 'executable', + name: 'question.subdomain', level: 'extended', type: 'keyword', - description: 'Absolute path to the process executable.', - example: '/usr/bin/ssh', + ignore_above: 1024, + description: + 'The subdomain is all of the labels under the registered_domain.\n\nIf the domain has multiple levels of subdomain, such as "sub2.sub1.example.com",\nthe subdomain field should contain "sub2.sub1", with no trailing period.', + example: 'www', }, { - name: 'title', + name: 'question.top_level_domain', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Process title. The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened.', + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', }, { - name: 'thread.id', + name: 'question.type', level: 'extended', - type: 'long', - example: 4242, - description: 'Thread ID.', + type: 'keyword', + ignore_above: 1024, + description: 'The type of record being queried.', + example: 'AAAA', }, { - name: 'start', + name: 'resolved_ip', level: 'extended', - type: 'date', - example: '2016-05-23T08:05:34.853Z', - description: 'The time the process started.', + type: 'ip', + description: + 'Array containing all IPs seen in `answers.data`.\n\nThe `answers` array can be difficult to use, because of the variety of data\nformats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip`\nmakes it possible to index them as IP addresses, and makes them easier to\nvisualize and query for.', + example: ['10.10.10.10', '10.10.10.11'], }, { - name: 'working_directory', + name: 'response_code', level: 'extended', type: 'keyword', - example: '/home/alice', - description: 'The working directory of the process.', + ignore_above: 1024, + description: 'The DNS response code.', + example: 'NOERROR', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of DNS event captured, query or answer.\n\nIf your source of DNS events only gives you DNS queries, you should only create\ndns events of type `dns.type:query`.\n\nIf your source of DNS events gives you answers as well, you should create\none event per query (optionally as soon as the query is seen). And a second\nevent containing all query details as well as an array of answers.', + example: 'answer', }, ], }, { - name: 'related', - title: 'Related', + name: 'ecs', + title: 'ECS', group: 2, - description: - 'This field set is meant to facilitate pivoting around a piece of data. Some pieces of information can be seen in many places in ECS. To facilitate searching for them, append values to their corresponding field in `related.`. A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:a.b.c.d`.', + description: 'Meta-information specific to ECS.', type: 'group', fields: [ { - name: 'ip', - level: 'extended', - type: 'ip', - description: 'All of the IPs seen on your event.', + name: 'version', + level: 'core', + required: true, + type: 'keyword', + ignore_above: 1024, + description: + 'ECS version this event conforms to. `ecs.version` is a required\nfield and must exist in all events.\n\nWhen querying across multiple indices -- which may conform to slightly different\nECS versions -- this field lets integrations adjust to the schema version\nof the events.', + example: '1.0.0', }, ], }, { - name: 'server', - title: 'Server', + name: 'error', + title: 'Error', group: 2, description: - 'A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', + 'These fields can represent errors of any kind.\n\nUse them for errors that happen while fetching events or in cases where the\nevent itself contains an error.', type: 'group', fields: [ { - name: 'address', - level: 'extended', + name: 'code', + level: 'core', type: 'keyword', - description: - 'Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + ignore_above: 1024, + description: 'Error code describing the error.', }, { - name: 'ip', + name: 'id', level: 'core', - type: 'ip', - description: 'IP address of the server. Can be one or multiple IPv4 or IPv6 addresses.', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the error.', }, { - name: 'port', + name: 'message', level: 'core', - type: 'long', - description: 'Port of the server.', - }, - { - name: 'mac', - level: 'core', - type: 'keyword', - description: 'MAC address of the server.', + type: 'text', + description: 'Error message.', }, { - name: 'domain', - level: 'core', + name: 'stack_trace', + level: 'extended', type: 'keyword', - description: 'Server domain.', - }, - { - name: 'bytes', - level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the server to the client.', - }, - { - name: 'packets', - level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the server to the client.', - }, - { - name: 'geo', - title: 'Geo', - group: 2, - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, + ignore_above: 1024, + multi_fields: [ { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'The stack trace of this error in plain text.', + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The type of the error, for example the class name of the exception.', + example: 'java.lang.NullPointerException', }, ], }, { - name: 'service', - title: 'Service', + name: 'event', + title: 'Event', group: 2, description: - 'The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version.', + 'The event fields are used for context information about the log\nor metric event itself.\n\nA log is defined as an event containing details of something that happened.\nLog events must include the time at which the thing happened. Examples of log\nevents include a process starting on a host, a network packet being sent from\na source to a destination, or a network connection between a client and a server\nbeing initiated or closed. A metric is defined as an event containing one or\nmore numerical measurements and the time at which the measurement was taken.\nExamples of metric events include memory pressure measured on a host and device\ntemperature. See the `event.kind` definition in this section for additional\ndetails about metric and state events.', type: 'group', fields: [ { - name: 'id', + name: 'action', level: 'core', type: 'keyword', + ignore_above: 1024, description: - 'Unique identifier of the running service. This id should uniquely identify this service. This makes it possible to correlate logs and metrics for one specific service. Example: If you are experiencing issues with one redis instance, you can filter on that id to see metrics and logs for that single instance.', - example: 'd37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6', + 'The action captured by the event.\n\nThis describes the information in the event. It is more specific than `event.category`.\nExamples are `group-add`, `process-started`, `file-created`. The value is\nnormally defined by the implementer.', + example: 'user-password-change', }, { - name: 'name', + name: 'category', level: 'core', type: 'keyword', - example: 'elasticsearch-metrics', + ignore_above: 1024, description: - 'Name of the service data is collected from. The name of the service is normally user given. This allows if two instances of the same service are running on the same machine they can be differentiated by the `service.name`. Also it allows for distributed services that run on multiple hosts to correlate the related instances based on the name. In the case of Elasticsearch the service.name could contain the cluster name. For Beats the service.name is by default a copy of the `service.type` field if no name is specified.', + 'This is one of four ECS Categorization Fields, and indicates the\nsecond level in the ECS category hierarchy.\n\n`event.category` represents the "big buckets" of ECS categories. For example,\nfiltering on `event.category:process` yields all events relating to process\nactivity. This field is closely related to `event.type`, which is used as\na subcategory.\n\nThis field is an array. This will allow proper categorization of some events\nthat fall in multiple categories.', + example: 'authentication', }, { - name: 'type', - level: 'core', + name: 'code', + level: 'extended', type: 'keyword', - example: 'elasticsearch', + ignore_above: 1024, description: - 'The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`.', + 'Identification code for this event, if one exists.\n\nSome event sources use event codes to identify messages unambiguously, regardless\nof message language or wording adjustments over time. An example of this is\nthe Windows Event ID.', + example: 4648, }, { - name: 'state', + name: 'created', level: 'core', - type: 'keyword', - description: 'Current state of the service.', + type: 'date', + description: + 'event.created contains the date/time when the event was first\nread by an agent, or by your pipeline.\n\nThis field is distinct from @timestamp in that @timestamp typically contain\nthe time extracted from the original event.\n\nIn most situations, these two timestamps will be slightly different. The difference\ncan be used to calculate the delay between your source generating an event,\nand the time when your agent first processed it. This can be used to monitor\nyour agent or pipeline ability to keep up with your event source.\n\nIn case the two timestamps are identical, @timestamp should be used.', + example: '2016-05-23T08:05:34.857Z', }, { - name: 'version', + name: 'dataset', level: 'core', type: 'keyword', - example: '3.2.4', + ignore_above: 1024, description: - 'Version of the service the data was collected from. This allows to look at a data set only for a specific version of a service.', + 'Name of the dataset.\n\nIf an event source publishes more than one type of log or events (e.g. access\nlog, error log), the dataset is used to specify which one the event comes\nfrom.\n\nIt is recommended but not required to start the dataset name with the module\nname, followed by a dot, then the dataset name.', + example: 'apache.access', }, { - name: 'ephemeral_id', + name: 'duration', + level: 'core', + type: 'long', + format: 'duration', + input_format: 'nanoseconds', + output_format: 'asMilliseconds', + output_precision: 1, + description: + 'Duration of the event in nanoseconds.\n\nIf event.start and event.end are known this value should be the difference\nbetween the end and start time.', + }, + { + name: 'end', level: 'extended', - type: 'keyword', + type: 'date', description: - 'Ephemeral identifier of this service (if one exists). This id normally changes across restarts, but `service.id` does not.', - example: '8a4f500f', + 'event.end contains the date when the event ended or when the activity\nwas last observed.', }, - ], - }, - { - name: 'source', - title: 'Source', - group: 2, - description: - 'Source fields describe details about the source of a packet/event. Source fields are usually populated in conjunction with destination fields.', - type: 'group', - fields: [ { - name: 'address', + name: 'hash', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', + 'Hash (perhaps logstash fingerprint) of raw field to be able to\ndemonstrate log integrity.', + example: '123456789012345678901234567890ABCD', }, { - name: 'ip', + name: 'id', level: 'core', - type: 'ip', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', + type: 'keyword', + ignore_above: 1024, + description: 'Unique ID to describe the event.', + example: '8a4f500d', }, { - name: 'port', + name: 'ingested', level: 'core', - type: 'long', - description: 'Port of the source.', + type: 'date', + description: + 'Timestamp when an event arrived in the central data store.\n\nThis is different from `@timestamp`, which is when the event originally occurred. It is\nalso different from `event.created`, which is meant to capture the first time\nan agent saw the event.\n\nIn normal conditions, assuming no tampering, the timestamps should chronologically\nlook like this: `@timestamp` < `event.created` < `event.ingested`.', + example: '2016-05-23T08:05:35.101Z', + default_field: false, }, { - name: 'mac', + name: 'kind', level: 'core', type: 'keyword', - description: 'MAC address of the source.', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nhighest level in the ECS category hierarchy.\n\n`event.kind` gives high-level information about what type of information the\nevent contains, without being specific to the contents of the event. For example,\nvalues of this field distinguish alert events from metric events.\n\nThe value of this field can be used to inform how these kinds of events should\nbe handled. They may warrant different retention, different access control,\nit may also help understand whether the data coming in at a regular interval\nor not.', + example: 'alert', }, { - name: 'domain', + name: 'module', level: 'core', type: 'keyword', - description: 'Source domain.', + ignore_above: 1024, + description: + 'Name of the module this data is coming from.\n\nIf your monitoring agent supports the concept of modules or plugins to process\nevents of a given source (e.g. Apache logs), `event.module` should contain\nthe name of this module.', + example: 'apache', }, { - name: 'bytes', + name: 'original', level: 'core', - type: 'long', - format: 'bytes', - example: 184, - description: 'Bytes sent from the source to the destination.', + type: 'keyword', + ignore_above: 1024, + description: + 'Raw text message of entire event. Used to demonstrate log integrity.\n\nThis field is not indexed and doc_values are disabled. It cannot be searched,\nbut it can be retrieved from `_source`.', + example: + 'Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100|\nworm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232', }, { - name: 'packets', + name: 'outcome', level: 'core', - type: 'long', - example: 12, - description: 'Packets sent from the source to the destination.', - }, - { - name: 'geo', - title: 'Geo', - group: 2, + type: 'keyword', + ignore_above: 1024, description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - type: 'group', - fields: [ - { - name: 'location', - level: 'core', - type: 'geo_point', - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - }, - { - name: 'continent_name', - level: 'core', - type: 'keyword', - description: 'Name of the continent.', - example: 'North America', - }, - { - name: 'country_name', - level: 'core', - type: 'keyword', - description: 'Country name.', - example: 'Canada', - }, - { - name: 'region_name', - level: 'core', - type: 'keyword', - description: 'Region name.', - example: 'Quebec', - }, - { - name: 'city_name', - level: 'core', - type: 'keyword', - description: 'City name.', - example: 'Montreal', - }, - { - name: 'country_iso_code', - level: 'core', - type: 'keyword', - description: 'Country ISO code.', - example: 'CA', - }, - { - name: 'region_iso_code', - level: 'core', - type: 'keyword', - description: 'Region ISO code.', - example: 'CA-QC', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - }, - ], + 'This is one of four ECS Categorization Fields, and indicates the\nlowest level in the ECS category hierarchy.\n\n`event.outcome` simply denotes whether the event represents a success or a\nfailure from the perspective of the entity that produced the event.\n\nNote that when a single transaction is described in multiple events, each\nevent may populate different values of `event.outcome`, according to their\nperspective.\n\nAlso note that in the case of a compound event (a single event that contains\nmultiple logical events), this field should be populated with the value that\nbest captures the overall success or failure from the perspective of the event\nproducer.\n\nFurther note that not all events will have an associated outcome. For example,\nthis field is generally not populated for metric events, events with `event.type:info`,\nor any events for which an outcome does not make logical sense.', + example: 'success', }, - ], - }, - { - name: 'url', - title: 'URL', - description: 'URL fields provide a complete URL, with scheme, host, and path.', - type: 'group', - fields: [ { - name: 'original', + name: 'provider', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not.', - example: - 'https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch', + 'Source of the event.\n\nEvent transports such as Syslog or the Windows Event Log typically mention\nthe source of an event. It can be the name of the software that generated\nthe event (e.g. Sysmon, httpd), or of a subsystem of the operating system\n(kernel, Microsoft-Windows-Security-Auditing).', + example: 'kernel', }, { - name: 'full', + name: 'reference', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source.', - example: 'https://www.elastic.co:443/search?q=elasticsearch#top', + 'Reference URL linking to additional information about this event.\n\nThis URL links to a static definition of the this event. Alert events, indicated\nby `event.kind:alert`, are a common use case for this field.', + example: 'https://system.vendor.com/event/#0001234', + default_field: false, }, { - name: 'scheme', - level: 'extended', - type: 'keyword', + name: 'risk_score', + level: 'core', + type: 'float', description: - 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.', - example: 'https', + "Risk score or priority of the event (e.g. security solutions).\nUse your system's original value here.", }, { - name: 'domain', + name: 'risk_score_norm', level: 'extended', - type: 'keyword', + type: 'float', description: - 'Domain of the request, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.', - example: 'www.elastic.co', + 'Normalized risk score or priority of the event, on a scale of\n0 to 100.\n\nThis is mainly useful if you use more than one system that assigns risk scores,\nand you want to see a normalized value across all systems.', }, { - name: 'port', + name: 'sequence', level: 'extended', - type: 'integer', - description: 'Port of the request, such as 443.', - example: 443, + type: 'long', + format: 'string', + description: + 'Sequence number of the event.\n\nThe sequence number is a value published by some event sources, to make the\nexact ordering of events unambiguous, regardless of the timestamp precision.', }, { - name: 'path', - level: 'extended', - type: 'keyword', - description: 'Path of the request, such as "/search".', + name: 'severity', + level: 'core', + type: 'long', + format: 'string', + description: + 'The numeric severity of the event according to your event source.\n\nWhat the different severity values mean can be different between sources and\nuse cases. It is up to the implementer to make sure severities are consistent\nacross events from the same source.\n\nThe Syslog severity belongs in `log.syslog.severity.code`. `event.severity`\nis meant to represent the severity according to the event source (e.g. firewall,\nIDS). If the event source does not publish its own severity, you may optionally\ncopy the `log.syslog.severity.code` to `event.severity`.', + example: 7, }, { - name: 'query', + name: 'start', level: 'extended', - type: 'keyword', + type: 'date', description: - 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.', + 'event.start contains the date when the event started or when the\nactivity was first observed.', }, { - name: 'fragment', + name: 'timezone', level: 'extended', type: 'keyword', + ignore_above: 1024, description: - 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.', + 'This field should be populated when the event timestamp does\nnot include timezone information already (e.g. default Syslog timestamps).\nIt is optional otherwise.\n\nAcceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"),\nabbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00").', }, { - name: 'username', - level: 'extended', + name: 'type', + level: 'core', type: 'keyword', - description: 'Username of the request.', + ignore_above: 1024, + description: + 'This is one of four ECS Categorization Fields, and indicates the\nthird level in the ECS category hierarchy.\n\n`event.type` represents a categorization "sub-bucket" that, when used along\nwith the `event.category` field values, enables filtering events down to a\nlevel appropriate for single visualization.\n\nThis field is an array. This will allow proper categorization of some events\nthat fall in multiple event types.', }, { - name: 'password', + name: 'url', level: 'extended', type: 'keyword', - description: 'Password of the request.', + ignore_above: 1024, + description: + 'URL linking to an external system to continue investigation of\nthis event.\n\nThis URL links to another system where in-depth investigation of the specific\noccurence of this event can take place. Alert events, indicated by `event.kind:alert`,\nare a common use case for this field.', + example: 'https://mysystem.mydomain.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe', + default_field: false, }, ], }, { - name: 'user', - title: 'User', + name: 'file', + title: 'File', group: 2, description: - 'The user fields describe information about the user that is relevant to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them.', - reusable: { - top_level: true, - expected: ['client', 'destination', 'host', 'server', 'source'], - }, + 'A file is defined as a set of information that has been created\non, or has existed on a filesystem.\n\nFile objects can be associated with host events, network events, and/or file\nevents (e.g., those produced by File Integrity Monitoring [FIM] products or\nservices). File fields provide details about the affected file associated with\nthe event or metric.', type: 'group', fields: [ { - name: 'id', - level: 'core', + name: 'accessed', + level: 'extended', + type: 'date', + description: + 'Last time the file was accessed.\n\nNote that not all filesystems keep track of access time.', + }, + { + name: 'attributes', + level: 'extended', type: 'keyword', - description: 'One or multiple unique identifiers of the user.', + ignore_above: 1024, + description: + 'Array of file attributes.\n\nAttributes names will vary by platform. Here is a non-exhaustive list of values\nthat are expected in this field: archive, compressed, directory, encrypted,\nexecute, hidden, read, readonly, system, write.', + example: '["readonly", "system"]', + default_field: false, }, { - name: 'name', + name: 'code_signature.exists', level: 'core', - type: 'keyword', - example: 'albert', - description: 'Short name or login of the user.', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, }, { - name: 'full_name', + name: 'code_signature.status', level: 'extended', type: 'keyword', - example: 'Albert Einstein', - description: "User's full name, if available. ", + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, }, { - name: 'email', - level: 'extended', + name: 'code_signature.subject_name', + level: 'core', type: 'keyword', - description: 'User email address.', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'hash', + name: 'code_signature.trusted', level: 'extended', - type: 'keyword', + type: 'boolean', description: - 'Unique user hash to correlate information for a user in anonymized form. Useful if `user.id` or `user.name` contain confidential information and cannot be used.', + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, }, { - name: 'group', - title: 'Group', - group: 2, + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', description: - 'The group fields are meant to represent groups that are relevant to the event.', - type: 'group', - fields: [ - { - name: 'id', - level: 'extended', - type: 'keyword', - description: 'Unique identifier for the group on the system/platform.', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - description: 'Name of the group.', - }, - ], + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, }, - ], - }, - { - name: 'user_agent', - title: 'User agent', - group: 2, - description: - 'The user_agent fields normally come from a browser request. They often show up in web service logs coming from the parsed user agent string.', - type: 'group', - fields: [ { - name: 'original', + name: 'created', level: 'extended', - type: 'keyword', - description: 'Unparsed version of the user_agent.', - example: - 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1', + type: 'date', + description: + 'File creation time.\n\nNote that not all filesystems store the creation time.', }, { - name: 'name', + name: 'ctime', level: 'extended', - type: 'keyword', - example: 'Safari', - description: 'Name of the user agent.', + type: 'date', + description: + 'Last time the file attributes or metadata changed.\n\nNote that changes to the file content will update `mtime`. This implies `ctime`\nwill be adjusted at the same time, since `mtime` is an attribute of the file.', }, { - name: 'version', + name: 'device', level: 'extended', type: 'keyword', - description: 'Version of the user agent.', - example: 12, + ignore_above: 1024, + description: 'Device that is the source of the file.', + example: 'sda', }, { - name: 'device.name', + name: 'directory', level: 'extended', type: 'keyword', - example: 'iPhone', - description: 'Name of the device.', + ignore_above: 1024, + description: + 'Directory where the file is located. It should include the drive\nletter, when appropriate.', + example: '/home/alice', }, { - name: 'os', - title: 'Operating System', - group: 2, - description: 'The OS fields contain information about the operating system.', - reusable: { - top_level: false, - expected: ['observer', 'host', 'user_agent'], - }, - type: 'group', - fields: [ - { - name: 'platform', - level: 'extended', - type: 'keyword', - description: 'Operating system platform (such centos, ubuntu, windows).', - example: 'darwin', - }, - { - name: 'name', - level: 'extended', - type: 'keyword', - example: 'Mac OS X', - description: 'Operating system name, without the version.', - }, - { - name: 'full', - level: 'extended', - type: 'keyword', - example: 'Mac OS Mojave', - description: 'Operating system name, including the version or code name.', - }, - { - name: 'family', - level: 'extended', - type: 'keyword', - example: 'debian', - description: 'OS family (such as redhat, debian, freebsd, windows).', - }, - { - name: 'version', - level: 'extended', - type: 'keyword', - example: '10.14.1', - description: 'Operating system version as a raw string.', - }, - { - name: 'kernel', - level: 'extended', - type: 'keyword', - example: '4.4.0-112-generic', - description: 'Operating system kernel version as a raw string.', - }, - ], + name: 'drive_letter', + level: 'extended', + type: 'keyword', + ignore_above: 1, + description: + 'Drive letter where the file is located. This field is only relevant\non Windows.\n\nThe value should be uppercase, and not include the colon.', + example: 'C', + default_field: false, }, - ], - }, - { - name: 'agent.hostname', - type: 'keyword', - description: 'Hostname of the agent.', - }, - ], - }, - { - key: 'beat', - title: 'Beat', - description: 'Contains common beat fields available in all event types.', - fields: [ - { - name: 'beat.timezone', - type: 'alias', - path: 'event.timezone', - migration: true, - }, - { - name: 'fields', - type: 'object', - object_type: 'keyword', - description: 'Contains user configurable fields.', - }, - { - name: 'error', - type: 'group', - description: 'Error fields containing additional info in case of errors.', - fields: [ { - name: 'type', + name: 'extension', + level: 'extended', type: 'keyword', - description: 'Error type.', + ignore_above: 1024, + description: 'File extension.', + example: 'png', }, - ], - }, - { - name: 'beat.name', - type: 'alias', - path: 'host.name', - migration: true, - }, - { - name: 'beat.hostname', - type: 'alias', - path: 'agent.hostname', - migration: true, - }, - ], - }, - { - key: 'cloud', - title: 'Cloud provider metadata', - description: 'Metadata from cloud providers added by the add_cloud_metadata processor.', - fields: [ - { - name: 'cloud.project.id', - example: 'project-x', - description: 'Name of the project in Google Cloud.', - }, - { - name: 'meta.cloud.provider', - type: 'alias', - path: 'cloud.provider', - migration: true, - }, - { - name: 'meta.cloud.instance_id', - type: 'alias', - path: 'cloud.instance.id', - migration: true, - }, - { - name: 'meta.cloud.instance_name', - type: 'alias', - path: 'cloud.instance.name', - migration: true, - }, - { - name: 'meta.cloud.machine_type', - type: 'alias', - path: 'cloud.machine.type', - migration: true, - }, - { - name: 'meta.cloud.availability_zone', - type: 'alias', - path: 'cloud.availability_zone', - migration: true, - }, - { - name: 'meta.cloud.project_id', - type: 'alias', - path: 'cloud.project.id', - migration: true, - }, - { - name: 'meta.cloud.region', - type: 'alias', - path: 'cloud.region', - migration: true, - }, - ], - }, - { - key: 'docker', - title: 'Docker', - description: 'Docker stats collected from Docker.', - short_config: false, - anchor: 'docker-processor', - fields: [ - { - name: 'docker', - type: 'group', - fields: [ { - name: 'container.id', - type: 'alias', - path: 'container.id', - migration: true, + name: 'gid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Primary group ID (GID) of the file.', + example: '1001', }, { - name: 'container.image', - type: 'alias', - path: 'container.image.name', - migration: true, + name: 'group', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Primary group name of the file.', + example: 'alice', }, { - name: 'container.name', - type: 'alias', - path: 'container.name', - migration: true, + name: 'hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', }, { - name: 'container.labels', - type: 'object', - object_type: 'keyword', - description: 'Image labels.', + name: 'hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', }, - ], - }, - ], - }, - { - key: 'host', - title: 'Host', - description: 'Info collected for the host machine.', - anchor: 'host-processor', - }, - { - key: 'kubernetes', - title: 'Kubernetes', - description: 'Kubernetes metadata added by the kubernetes processor', - short_config: false, - anchor: 'kubernetes-processor', - fields: [ - { - name: 'kubernetes', - type: 'group', - fields: [ { - name: 'pod.name', + name: 'hash.sha256', + level: 'extended', type: 'keyword', - description: 'Kubernetes pod name', + ignore_above: 1024, + description: 'SHA256 hash.', }, { - name: 'pod.uid', + name: 'hash.sha512', + level: 'extended', type: 'keyword', - description: 'Kubernetes Pod UID', + ignore_above: 1024, + description: 'SHA512 hash.', }, { - name: 'namespace', + name: 'inode', + level: 'extended', type: 'keyword', - description: 'Kubernetes namespace', + ignore_above: 1024, + description: 'Inode representing the file in the filesystem.', + example: '256383', }, { - name: 'node.name', + name: 'mime_type', + level: 'extended', type: 'keyword', - description: 'Kubernetes node name', + ignore_above: 1024, + description: + 'MIME type should identify the format of the file or stream of bytes\nusing https://www.iana.org/assignments/media-types/media-types.xhtml[IANA\nofficial types], where possible. When more than one type is applicable, the\nmost specific type should be used.', + default_field: false, }, { - name: 'labels', - type: 'object', - description: 'Kubernetes labels map', + name: 'mode', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Mode of the file in octal representation.', + example: '0640', }, { - name: 'annotations', - type: 'object', - description: 'Kubernetes annotations map', + name: 'mtime', + level: 'extended', + type: 'date', + description: 'Last time the file content was modified.', }, { - name: 'container.name', + name: 'name', + level: 'extended', type: 'keyword', - description: 'Kubernetes container name', + ignore_above: 1024, + description: 'Name of the file including the extension, without the directory.', + example: 'example.png', }, { - name: 'container.image', + name: 'owner', + level: 'extended', type: 'keyword', - description: 'Kubernetes container image', + ignore_above: 1024, + description: "File owner's username.", + example: 'alice', }, - ], - }, - ], - }, - { - key: 'process', - title: 'Process', - description: 'Process metadata fields', - fields: [ - { - name: 'process', - type: 'group', - fields: [ - { - name: 'exe', - type: 'alias', - path: 'process.executable', - migration: true, - }, - ], - }, - ], - }, - { - key: 'common', - title: 'Common', - description: - 'These fields contain data about the environment in which the transaction or flow was captured.', - fields: [ - { - name: 'type', - description: - 'The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.', - required: true, - }, - { - name: 'server.process.name', - description: 'The name of the process that served the transaction.', - }, - { - name: 'server.process.args', - description: 'The command-line of the process that served the transaction.', - }, - { - name: 'server.process.executable', - description: 'Absolute path to the server process executable.', - }, - { - name: 'server.process.working_directory', - description: 'The working directory of the server process.', - }, - { - name: 'server.process.start', - description: 'The time the server process started.', - }, - { - name: 'client.process.name', - description: 'The name of the process that initiated the transaction.', - }, - { - name: 'client.process.args', - description: 'The command-line of the process that initiated the transaction.', - }, - { - name: 'client.process.executable', - description: 'Absolute path to the client process executable.', - }, - { - name: 'client.process.working_directory', - description: 'The working directory of the client process.', - }, - { - name: 'client.process.start', - description: 'The time the client process started.', - }, - { - name: 'real_ip', - type: 'alias', - path: 'network.forwarded_ip', - migration: true, - description: - 'If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default `X-Forwarded-For`. Unless this field is disabled, it always has a value, and it matches the `client_ip` for non proxy clients.', - }, - { - name: 'transport', - type: 'alias', - path: 'network.transport', - migration: true, - description: - 'The transport protocol used for the transaction. If not specified, then tcp is assumed.', - }, - ], - }, - { - key: 'flows_event', - title: 'Flow Event', - description: 'These fields contain data about the flow itself.', - fields: [ - { - name: 'flow.final', - type: 'boolean', - description: - 'Indicates if event is last event in flow. If final is false, the event reports an intermediate flow state only.', - }, - { - name: 'flow.id', - description: 'Internal flow ID based on connection meta data and address.', - }, - { - name: 'flow.vlan', - type: 'long', - description: - "VLAN identifier from the 802.1q frame. In case of a multi-tagged frame this field will be an array with the outer tag's VLAN identifier listed first. ", - }, - { - name: 'flow_id', - type: 'alias', - path: 'flow.id', - migration: true, - }, - { - name: 'final', - type: 'alias', - path: 'flow.final', - migration: true, - }, - { - name: 'vlan', - type: 'alias', - path: 'flow.vlan', - migration: true, - }, - { - name: 'source.stats.net_bytes_total', - type: 'alias', - path: 'source.bytes', - migration: true, - }, - { - name: 'source.stats.net_packets_total', - type: 'alias', - path: 'source.packets', - migration: true, - }, - { - name: 'dest.stats.net_bytes_total', - type: 'alias', - path: 'destination.bytes', - migration: true, - }, - { - name: 'dest.stats.net_packets_total', - type: 'alias', - path: 'destination.packets', - migration: true, - }, - ], - }, - { - key: 'trans_event', - title: 'Transaction Event', - description: 'These fields contain data about the transaction itself.', - fields: [ - { - name: 'status', - description: - 'The high level status of the transaction. The way to compute this value depends on the protocol, but the result has a meaning independent of the protocol.', - required: true, - possible_values: ['OK', 'Error', 'Server Error', 'Client Error'], - }, - { - name: 'method', - description: - 'The command/verb/method of the transaction. For HTTP, this is the method name (GET, POST, PUT, and so on), for SQL this is the verb (SELECT, UPDATE, DELETE, and so on).', - }, - { - name: 'resource', - description: - 'The logical resource that this transaction refers to. For HTTP, this is the URL path up to the last slash (/). For example, if the URL is `/users/1`, the resource is `/users`. For databases, the resource is typically the table name. The field is not filled for all transaction types.', - }, - { - name: 'path', - required: true, - description: - 'The path the transaction refers to. For HTTP, this is the URL. For SQL databases, this is the table name. For key-value stores, this is the key.', - }, - { - name: 'query', - type: 'keyword', - description: - 'The query in a human readable format. For HTTP, it will typically be something like `GET /users/_search?name=test`. For MySQL, it is something like `SELECT id from users where name=test`.', - }, - { - name: 'params', - type: 'text', - description: - 'The request parameters. For HTTP, these are the POST or GET parameters. For Thrift-RPC, these are the parameters from the request.', - }, - { - name: 'notes', - type: 'alias', - path: 'error.message', - description: - 'Messages from Packetbeat itself. This field usually contains error messages for interpreting the raw data. This information can be helpful for troubleshooting.', - }, - ], - }, - { - key: 'raw', - title: 'Raw', - description: 'These fields contain the raw transaction data.', - fields: [ - { - name: 'request', - type: 'text', - description: - 'For text protocols, this is the request as seen on the wire (application layer only). For binary protocols this is our representation of the request.', - }, - { - name: 'response', - type: 'text', - description: - 'For text protocols, this is the response as seen on the wire (application layer only). For binary protocols this is our representation of the request.', - }, - ], - }, - { - key: 'trans_measurements', - title: 'Measurements (Transactions)', - description: 'These fields contain measurements related to the transaction.', - fields: [ - { - name: 'bytes_in', - type: 'alias', - path: 'source.bytes', - description: - 'The number of bytes of the request. Note that this size is the application layer message length, without the length of the IP or TCP headers.', - }, - { - name: 'bytes_out', - type: 'alias', - path: 'destination.bytes', - description: - 'The number of bytes of the response. Note that this size is the application layer message length, without the length of the IP or TCP headers.', - }, - ], - }, - { - key: 'amqp', - title: 'AMQP', - description: 'AMQP specific event fields.', - fields: [ - { - name: 'amqp', - type: 'group', - fields: [ { - name: 'reply-code', - type: 'long', - description: 'AMQP reply code to an error, similar to http reply-code', - example: 404, + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Full path to the file, including the file name. It should include\nthe drive letter, when appropriate.', + example: '/home/alice/example.png', }, { - name: 'reply-text', + name: 'pe.company', + level: 'extended', type: 'keyword', - description: 'Text explaining the error.', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, }, { - name: 'class-id', - type: 'long', - description: 'Failing method class.', + name: 'pe.description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, }, { - name: 'method-id', - type: 'long', - description: 'Failing method ID.', + name: 'pe.file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, }, { - name: 'exchange', + name: 'pe.original_file_name', + level: 'extended', type: 'keyword', - description: 'Name of the exchange.', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, }, { - name: 'exchange-type', + name: 'pe.product', + level: 'extended', type: 'keyword', - description: 'Exchange type.', - example: 'fanout', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, }, { - name: 'passive', - type: 'boolean', - description: 'If set, do not create exchange/queue.', + name: 'size', + level: 'extended', + type: 'long', + description: 'File size in bytes.\n\nOnly relevant when `file.type` is "file".', + example: 16384, }, { - name: 'durable', - type: 'boolean', - description: 'If set, request a durable exchange/queue.', + name: 'target_path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Target path for symlinks.', }, { - name: 'exclusive', - type: 'boolean', - description: 'If set, request an exclusive queue.', + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'File type (file, dir, or symlink).', + example: 'file', }, { - name: 'auto-delete', - type: 'boolean', - description: 'If set, auto-delete queue when unused.', + name: 'uid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The user ID (UID) or security identifier (SID) of the file owner.', + example: '1001', }, + ], + }, + { + name: 'geo', + title: 'Geo', + group: 2, + description: + 'Geo fields can carry data about a specific location related to an\nevent.\n\nThis geolocation information can be derived from techniques such as Geo IP,\nor be user-supplied.', + type: 'group', + fields: [ { - name: 'no-wait', - type: 'boolean', - description: 'If set, the server will not respond to the method.', + name: 'city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'consumer-tag', - description: 'Identifier for the consumer, valid within the current channel.', + name: 'continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'delivery-tag', - type: 'long', - description: 'The server-assigned and channel-specific delivery tag.', + name: 'country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'message-count', - type: 'long', - description: - 'The number of messages in the queue, which will be zero for newly-declared queues.', + name: 'country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'consumer-count', - type: 'long', - description: 'The number of consumers of a queue.', + name: 'location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'routing-key', + name: 'name', + level: 'extended', type: 'keyword', - description: 'Message routing key.', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'no-ack', - type: 'boolean', - description: 'If set, the server does not expect acknowledgements for messages.', + name: 'region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'no-local', - type: 'boolean', + name: 'region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + ], + }, + { + name: 'group', + title: 'Group', + group: 2, + description: + 'The group fields are meant to represent groups that are relevant\nto the event.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, description: - 'If set, the server will not send messages to the connection that published them.', + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', }, { - name: 'if-unused', - type: 'boolean', - description: 'Delete only if unused.', + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', }, { - name: 'if-empty', - type: 'boolean', - description: 'Delete only if empty.', + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', }, + ], + }, + { + name: 'hash', + title: 'Hash', + group: 2, + description: + 'The hash fields represent different hash algorithms and their values.\n\nField names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for\nother hashes by lowercasing the hash algorithm name and using underscore separators\nas appropriate (snake case, e.g. sha3_512).', + type: 'group', + fields: [ { - name: 'queue', + name: 'md5', + level: 'extended', type: 'keyword', - description: 'The queue name identifies the queue within the vhost.', + ignore_above: 1024, + description: 'MD5 hash.', }, { - name: 'redelivered', - type: 'boolean', - description: - 'Indicates that the message has been previously delivered to this or another client.', + name: 'sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', }, { - name: 'multiple', - type: 'boolean', - description: 'Acknowledge multiple messages.', + name: 'sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', }, { - name: 'arguments', - type: 'object', - description: - 'Optional additional arguments passed to some methods. Can be of various types.', + name: 'sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', }, + ], + }, + { + name: 'host', + title: 'Host', + group: 2, + description: + 'A host is defined as a general computing instance.\n\nECS host.* fields should be populated with details about the host on which the\nevent happened, or from which the measurement was taken. Host types include\nhardware, virtual machines, Docker containers, and Kubernetes nodes.', + type: 'group', + fields: [ { - name: 'mandatory', - type: 'boolean', - description: 'Indicates mandatory routing.', + name: 'architecture', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system architecture.', + example: 'x86_64', }, { - name: 'immediate', - type: 'boolean', - description: 'Request immediate delivery.', + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the domain of which the host is a member.\n\nFor example, on Windows this could be the host Active Directory domain\nor NetBIOS domain name. For Linux this could be the domain of the host\nLDAP provider.', + example: 'CONTOSO', + default_field: false, }, { - name: 'content-type', + name: 'geo.city_name', + level: 'core', type: 'keyword', - description: 'MIME content type.', - example: 'text/plain', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', }, { - name: 'content-encoding', + name: 'geo.continent_name', + level: 'core', type: 'keyword', - description: 'MIME content encoding.', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', }, { - name: 'headers', - type: 'object', - object_type: 'keyword', - description: 'Message header field table.', + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', }, { - name: 'delivery-mode', + name: 'geo.country_name', + level: 'core', type: 'keyword', - description: 'Non-persistent (1) or persistent (2).', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', }, { - name: 'priority', - type: 'long', - description: 'Message priority, 0 to 9.', + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', }, { - name: 'correlation-id', + name: 'geo.name', + level: 'extended', type: 'keyword', - description: 'Application correlation identifier.', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', }, { - name: 'reply-to', + name: 'geo.region_iso_code', + level: 'core', type: 'keyword', - description: 'Address to reply to.', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', }, { - name: 'expiration', + name: 'geo.region_name', + level: 'core', type: 'keyword', - description: 'Message expiration specification.', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', }, { - name: 'message-id', + name: 'hostname', + level: 'core', type: 'keyword', - description: 'Application message identifier.', + ignore_above: 1024, + description: + 'Hostname of the host.\n\nIt normally contains what the `hostname` command returns on the host machine.', }, { - name: 'timestamp', + name: 'id', + level: 'core', type: 'keyword', - description: 'Message timestamp.', + ignore_above: 1024, + description: + 'Unique host id.\n\nAs hostname is not always unique, use values that are meaningful in your environment.\n\nExample: The current usage of `beat.name`.', }, { - name: 'type', - type: 'keyword', - description: 'Message type name.', + name: 'ip', + level: 'core', + type: 'ip', + description: 'Host ip addresses.', }, { - name: 'user-id', + name: 'mac', + level: 'core', type: 'keyword', - description: 'Creating user id.', + ignore_above: 1024, + description: 'Host mac addresses.', }, { - name: 'app-id', + name: 'name', + level: 'core', type: 'keyword', - description: 'Creating application id.', + ignore_above: 1024, + description: + 'Name of the host.\n\nIt can contain what `hostname` returns on Unix systems, the fully qualified\ndomain name, or a name specified by the user. The sender decides which value\nto use.', }, - ], - }, - ], - }, - { - key: 'cassandra', - title: 'Cassandra', - description: 'Cassandra v4/3 specific event fields.', - fields: [ - { - name: 'no_request', - type: 'alias', - path: 'cassandra.no_request', - migration: true, - }, - { - name: 'cassandra', - type: 'group', - description: 'Information about the Cassandra request and response.', - fields: [ { - name: 'no_request', - type: 'boolean', - description: 'Indicates that there is no request because this is a PUSH message.', + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', }, { - name: 'request', - type: 'group', - description: 'Cassandra request.', - fields: [ + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'headers', - type: 'group', - description: 'Cassandra request headers.', - fields: [ - { - name: 'version', - type: 'long', - description: 'The version of the protocol.', - }, - { - name: 'flags', - type: 'keyword', - description: 'Flags applying to this frame.', - }, - { - name: 'stream', - type: 'keyword', - description: - 'A frame has a stream id. If a client sends a request message with the stream id X, it is guaranteed that the stream id of the response to that message will be X.', - }, - { - name: 'op', - type: 'keyword', - description: 'An operation type that distinguishes the actual message.', - }, - { - name: 'length', - type: 'long', - description: - 'A integer representing the length of the body of the frame (a frame is limited to 256MB in length).', - }, - ], + name: 'text', + type: 'text', + norms: false, + default_field: false, }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ { - name: 'query', - type: 'keyword', - description: 'The CQL query which client send to cassandra.', + name: 'text', + type: 'text', + norms: false, + default_field: false, }, ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', }, { - name: 'response', + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Type of host.\n\nFor Cloud providers this can be the machine type like `t2.medium`. If vm,\nthis could be the container, for example, or other information meaningful\nin your environment.', + }, + { + name: 'uptime', + level: 'extended', + type: 'long', + description: 'Seconds the host has been up.', + example: 1325, + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'http', + title: 'HTTP', + group: 2, + description: + 'Fields related to HTTP activity. Use the `url` field set to store\nthe url of the request.', + type: 'group', + fields: [ + { + name: 'request.body.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Size in bytes of the request body.', + example: 887, + }, + { + name: 'request.body.content', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The full HTTP request body.', + example: 'Hello world', + }, + { + name: 'request.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Total size in bytes of the request (body and headers).', + example: 1437, + }, + { + name: 'request.method', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'HTTP request method.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'get, post, put', + }, + { + name: 'request.referrer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Referrer for this HTTP request.', + example: 'https://blog.example.com/', + }, + { + name: 'response.body.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Size in bytes of the response body.', + example: 887, + }, + { + name: 'response.body.content', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The full HTTP response body.', + example: 'Hello world', + }, + { + name: 'response.bytes', + level: 'extended', + type: 'long', + format: 'bytes', + description: 'Total size in bytes of the response (body and headers).', + example: 1437, + }, + { + name: 'response.status_code', + level: 'extended', + type: 'long', + format: 'string', + description: 'HTTP response status code.', + example: 404, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'HTTP version.', + example: 1.1, + }, + ], + }, + { + name: 'interface', + title: 'Interface', + group: 2, + description: + 'The interface fields are used to record ingress and egress interface\ninformation when reported by an observer (e.g. firewall, router, load balancer)\nin the context of the observer handling a network connection. In the case of\na single observer interface (e.g. network sensor on a span port) only the observer.ingress\ninformation should be populated.', + type: 'group', + fields: [ + { + name: 'alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, + }, + ], + }, + { + name: 'log', + title: 'Log', + group: 2, + description: + 'Details about the event logging mechanism or logging transport.\n\nThe log.* fields are typically populated with details about the logging mechanism\nused to create and/or transport the event. For example, syslog details belong\nunder `log.syslog.*`.\n\nThe details specific to your event source are typically not logged under `log.*`,\nbut rather in `event.*` or in other ECS fields.', + type: 'group', + fields: [ + { + name: 'level', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Original log level of the log event.\n\nIf the source of the event provides a log level or textual severity, this\nis the one that goes in `log.level`. If your source does not specify one,\nyou may put your event transport severity here (e.g. Syslog severity).\n\nSome examples are `warn`, `err`, `i`, `informational`.', + example: 'error', + }, + { + name: 'logger', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The name of the logger inside an application. This is usually the\nname of the class which initialized the logger, or can be a custom name.', + example: 'org.elasticsearch.bootstrap.Bootstrap', + }, + { + name: 'origin.file.line', + level: 'extended', + type: 'integer', + description: + 'The line number of the file containing the source code which originated\nthe log event.', + example: 42, + }, + { + name: 'origin.file.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The name of the file containing the source code which originated\nthe log event. Note that this is not the name of the log file.', + example: 'Bootstrap.java', + }, + { + name: 'origin.function', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the function or method which originated the log event.', + example: 'init', + }, + { + name: 'original', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'This is the original log message and contains the full log message\nbefore splitting it up in multiple parts.\n\nIn contrast to the `message` field which can contain an extracted part of\nthe log message, this field contains the original, full log message. It can\nhave already some modifications applied like encoding or new lines removed\nto clean up the log message.\n\nThis field is not indexed and doc_values are disabled so it can not be queried\nbut the value can be retrieved from `_source`.', + example: 'Sep 19 08:26:10 localhost My log', + }, + { + name: 'syslog', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'The Syslog metadata of the event, if the event was transmitted\nvia Syslog. Please see RFCs 5424 or 3164.', + }, + { + name: 'syslog.facility.code', + level: 'extended', + type: 'long', + format: 'string', + description: + 'The Syslog numeric facility of the log event, if available.\n\nAccording to RFCs 5424 and 3164, this value should be an integer between 0\nand 23.', + example: 23, + }, + { + name: 'syslog.facility.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The Syslog text-based facility of the log event, if available.', + example: 'local7', + }, + { + name: 'syslog.priority', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Syslog numeric priority of the event, if available.\n\nAccording to RFCs 5424 and 3164, the priority is 8 * facility + severity.\nThis number is therefore expected to contain a value between 0 and 191.', + example: 135, + }, + { + name: 'syslog.severity.code', + level: 'extended', + type: 'long', + description: + 'The Syslog numeric severity of the log event, if available.\n\nIf the event source publishing via Syslog provides a different numeric severity\nvalue (e.g. firewall, IDS), your source numeric severity should go to `event.severity`.\nIf the event source does not specify a distinct severity, you can optionally\ncopy the Syslog severity to `event.severity`.', + example: 3, + }, + { + name: 'syslog.severity.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The Syslog numeric severity of the log event, if available.\n\nIf the event source publishing via Syslog provides a different severity value\n(e.g. firewall, IDS), your source text severity should go to `log.level`.\nIf the event source does not specify a distinct severity, you can optionally\ncopy the Syslog severity to `log.level`.', + example: 'Error', + }, + ], + }, + { + name: 'network', + title: 'Network', + group: 2, + description: + 'The network is defined as the communication path over which a host\nor network event happens.\n\nThe network.* fields should be populated with details about the network activity\nassociated with an event.', + type: 'group', + fields: [ + { + name: 'application', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A name given to an application level protocol. This can be arbitrarily\nassigned for things like microservices, but also apply to things like skype,\nicq, facebook, twitter. This would be used in situations where the vendor\nor service can be decoded such as from the source/dest IP owners, ports, or\nwire format.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'aim', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: + 'Total bytes transferred in both directions.\n\nIf `source.bytes` and `destination.bytes` are known, `network.bytes` is their\nsum.', + example: 368, + }, + { + name: 'community_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash of source and destination IPs and ports, as well as the\nprotocol used in a communication. This is a tool-agnostic standard to identify\nflows.\n\nLearn more at https://github.com/corelight/community-id-spec.', + example: '1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=', + }, + { + name: 'direction', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + "Direction of the network traffic.\nRecommended values are:\n * inbound\n * outbound\n * internal\n * external\n * unknown\n\nWhen mapping events from a host-based monitoring context, populate this field from the host's point of view.\nWhen mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of your network perimeter.", + example: 'inbound', + }, + { + name: 'forwarded_ip', + level: 'core', + type: 'ip', + description: 'Host IP address when the source IP address is the proxy.', + example: '192.1.1.2', + }, + { + name: 'iana_number', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).\nStandardized list of protocols. This aligns well with NetFlow and sFlow related\nlogs which use the IANA Protocol Number.', + example: 6, + }, + { + name: 'inner', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'Network.inner fields are added in addition to network.vlan fields\nto describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed\nfields include vlan.id and vlan.name. Inner vlan fields are typically used\nwhen sending traffic with multiple 802.1q encapsulations to a network sensor\n(e.g. Zeek, Wireshark.)', + default_field: false, + }, + { + name: 'inner.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'inner.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name given by operators to sections of their network.', + example: 'Guest Wifi', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: + 'Total packets transferred in both directions.\n\nIf `source.packets` and `destination.packets` are known, `network.packets`\nis their sum.', + example: 24, + }, + { + name: 'protocol', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'L7 Network protocol name. ex. http, lumberjack, transport protocol.\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'http', + }, + { + name: 'transport', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Same as network.iana_number, but instead using the Keyword name\nof the transport layer (udp, tcp, ipv6-icmp, etc.)\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'tcp', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'In the OSI Model this would be the Network Layer. ipv4, ipv6,\nipsec, pim, etc\n\nThe field value must be normalized to lowercase for querying. See the documentation\nsection "Implementing ECS".', + example: 'ipv4', + }, + { + name: 'vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + ], + }, + { + name: 'observer', + title: 'Observer', + group: 2, + description: + 'An observer is defined as a special network, security, or application\ndevice used to detect, observe, or create network, security, or application-related\nevents and metrics.\n\nThis could be a custom hardware appliance or a server that has been configured\nto run special network, security, or application software. Examples include\nfirewalls, web proxies, intrusion detection/prevention systems, network monitoring\nsensors, web application firewalls, data loss prevention systems, and APM servers.\nThe observer.* fields shall be populated with details of the system, if any,\nthat detects, observes and/or creates a network, security, or application event\nor metric. Message queues and ETL components used in processing events or metrics\nare not considered observers in ECS.', + type: 'group', + fields: [ + { + name: 'egress', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'Observer.egress holds information like interface number and name,\nvlan, and zone information to classify egress traffic. Single armed monitoring\nsuch as a network sensor on a span port should only use observer.ingress\nto categorize traffic.', + default_field: false, + }, + { + name: 'egress.interface.alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'egress.interface.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'egress.interface.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, + }, + { + name: 'egress.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'egress.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'egress.zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Network zone of outbound traffic as reported by the observer to\ncategorize the destination area of egress traffic, e.g. Internal, External,\nDMZ, HR, Legal, etc.', + example: 'Public_Internet', + default_field: false, + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'hostname', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Hostname of the observer.', + }, + { + name: 'ingress', + level: 'extended', + type: 'object', + object_type: 'keyword', + description: + 'Observer.ingress holds information like interface number and name,\nvlan, and zone information to classify ingress traffic. Single armed monitoring\nsuch as a network sensor on a span port should only use observer.ingress\nto categorize traffic.', + default_field: false, + }, + { + name: 'ingress.interface.alias', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Interface alias as reported by the system, typically used in firewall\nimplementations for e.g. inside, outside, or dmz logical interface naming.', + example: 'outside', + default_field: false, + }, + { + name: 'ingress.interface.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface ID as reported by an observer (typically SNMP interface\nID).', + example: 10, + default_field: false, + }, + { + name: 'ingress.interface.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Interface name as reported by the system.', + example: 'eth0', + default_field: false, + }, + { + name: 'ingress.vlan.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'ingress.vlan.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + { + name: 'ingress.zone', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Network zone of incoming traffic as reported by the observer to\ncategorize the source area of ingress traffic. e.g. internal, External, DMZ,\nHR, Legal, etc.', + example: 'DMZ', + default_field: false, + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: 'IP addresses of the observer.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC addresses of the observer', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Custom name of the observer.\n\nThis is a name that can be given to an observer. This can be helpful for example\nif multiple firewalls of the same model are used in an organization.\n\nIf no custom name is needed, the field can be left empty.', + example: '1_proxySG', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The product name of the observer.', + example: 's200', + }, + { + name: 'serial_number', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Observer serial number.', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of the observer the data is coming from.\n\nThere is no predefined list of observer types. Some examples are `forwarder`,\n`firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`.', + example: 'firewall', + }, + { + name: 'vendor', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Vendor name of the observer.', + example: 'Symantec', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Observer version.', + }, + ], + }, + { + name: 'organization', + title: 'Organization', + group: 2, + description: + 'The organization fields enrich data with information about the company\nor entity the data is associated with.\n\nThese fields help you arrange or filter data stored in an index by one or multiple\norganizations.', + type: 'group', + fields: [ + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the organization.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + }, + ], + }, + { + name: 'os', + title: 'Operating System', + group: 2, + description: 'The OS fields contain information about the operating system.', + type: 'group', + fields: [ + { + name: 'family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + ], + }, + { + name: 'package', + title: 'Package', + group: 2, + description: + 'These fields contain information about an installed software package.\nIt contains general information about a package, such as name, version or size.\nIt also contains installation details, such as time or location.', + type: 'group', + fields: [ + { + name: 'architecture', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package architecture.', + example: 'x86_64', + }, + { + name: 'build_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the build version of the installed\npackage.\n\nFor example use the commit SHA of a non-released package.', + example: '36f4f7e89dd61b0988b12ee000b98966867710cd', + default_field: false, + }, + { + name: 'checksum', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Checksum of the installed package for verification.', + example: '68b329da9893e34099c7d8ad5cb9c940', + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Description of the package.', + example: + 'Open source programming language to build simple/reliable/efficient\nsoftware.', + }, + { + name: 'install_scope', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Indicating how the package was installed, e.g. user-local, global.', + example: 'global', + }, + { + name: 'installed', + level: 'extended', + type: 'date', + description: 'Time when package was installed.', + }, + { + name: 'license', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'License under which the package was released.\n\nUse a short name, e.g. the license identifier from SPDX License List where\npossible (https://spdx.org/licenses/).', + example: 'Apache License 2.0', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package name', + example: 'go', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Path where the package is installed.', + example: '/usr/local/Cellar/go/1.12.9/', + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Home page or reference URL of the software in this package, if\navailable.', + example: 'https://golang.org', + default_field: false, + }, + { + name: 'size', + level: 'extended', + type: 'long', + format: 'string', + description: 'Package size in bytes.', + example: 62231, + }, + { + name: 'type', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Type of package.\n\nThis should contain the package file type, rather than the package manager\nname. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar.', + example: 'rpm', + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Package version', + example: '1.12.9', + }, + ], + }, + { + name: 'pe', + title: 'PE Header', + group: 2, + description: 'These fields contain Windows Portable Executable (PE) metadata.', + type: 'group', + fields: [ + { + name: 'company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + ], + }, + { + name: 'process', + title: 'Process', + group: 2, + description: + 'These fields contain information about a process.\n\nThese fields can help you correlate metrics information with a process id/name\nfrom a log message. The `process.pid` often stays in the metric itself and\nis copied to the global field for correlation.', + type: 'group', + fields: [ + { + name: 'args', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of process arguments, starting with the absolute path to\nthe executable.\n\nMay be filtered to protect sensitive information.', + example: ['/usr/bin/ssh', '-l', 'user', '10.0.0.16'], + }, + { + name: 'args_count', + level: 'extended', + type: 'long', + description: + 'Length of the process.args array.\n\nThis field can be useful for querying or performing bucket analysis on how\nmany arguments were provided to start a process. More arguments may be an\nindication of suspicious activity.', + example: 4, + default_field: false, + }, + { + name: 'code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'command_line', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Full command line that started the process, including the absolute\npath to the executable, and all arguments.\n\nSome arguments may be filtered to protect sensitive information.', + example: '/usr/bin/ssh -l user 10.0.0.16', + default_field: false, + }, + { + name: 'entity_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier for the process.\n\nThe implementation of this is specified by the data source, but some examples\nof what could be used here are a process-generated UUID, Sysmon Process GUIDs,\nor a hash of some uniquely identifying components of a process.\n\nConstructing a globally unique identifier is a common practice to mitigate\nPID reuse as well as to identify a specific process over time, across multiple\nmonitored hosts.', + example: 'c2c455d9f99375d', + default_field: false, + }, + { + name: 'executable', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Absolute path to the process executable.', + example: '/usr/bin/ssh', + }, + { + name: 'exit_code', + level: 'extended', + type: 'long', + description: + 'The exit code of the process, if this is a termination event.\n\nThe field should be absent if there is no exit code for the event (e.g. process\nstart).', + example: 137, + default_field: false, + }, + { + name: 'hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + }, + { + name: 'hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + }, + { + name: 'hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + }, + { + name: 'hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Process name.\n\nSometimes called program name or similar.', + example: 'ssh', + }, + { + name: 'parent.args', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of process arguments.\n\nMay be filtered to protect sensitive information.', + example: ['ssh', '-l', 'user', '10.0.0.16'], + default_field: false, + }, + { + name: 'parent.args_count', + level: 'extended', + type: 'long', + description: + 'Length of the process.args array.\n\nThis field can be useful for querying or performing bucket analysis on how\nmany arguments were provided to start a process. More arguments may be an\nindication of suspicious activity.', + example: 4, + default_field: false, + }, + { + name: 'parent.code_signature.exists', + level: 'core', + type: 'boolean', + description: 'Boolean to capture if a signature is present.', + example: 'true', + default_field: false, + }, + { + name: 'parent.code_signature.status', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Additional information about the certificate status.\n\nThis is useful for logging cryptographic errors with the certificate validity\nor trust status. Leave unpopulated if the validity or trust of the certificate\nwas unchecked.', + example: 'ERROR_UNTRUSTED_ROOT', + default_field: false, + }, + { + name: 'parent.code_signature.subject_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Subject name of the code signer', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'parent.code_signature.trusted', + level: 'extended', + type: 'boolean', + description: + 'Stores the trust status of the certificate chain.\n\nValidating the trust of the certificate chain may be complicated, and this\nfield should only be populated by tools that actively check the status.', + example: 'true', + default_field: false, + }, + { + name: 'parent.code_signature.valid', + level: 'extended', + type: 'boolean', + description: + 'Boolean to capture if the digital signature is verified against\nthe binary content.\n\nLeave unpopulated if a certificate was unchecked.', + example: 'true', + default_field: false, + }, + { + name: 'parent.command_line', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Full command line that started the process, including the absolute\npath to the executable, and all arguments.\n\nSome arguments may be filtered to protect sensitive information.', + example: '/usr/bin/ssh -l user 10.0.0.16', + default_field: false, + }, + { + name: 'parent.entity_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier for the process.\n\nThe implementation of this is specified by the data source, but some examples\nof what could be used here are a process-generated UUID, Sysmon Process GUIDs,\nor a hash of some uniquely identifying components of a process.\n\nConstructing a globally unique identifier is a common practice to mitigate\nPID reuse as well as to identify a specific process over time, across multiple\nmonitored hosts.', + example: 'c2c455d9f99375d', + default_field: false, + }, + { + name: 'parent.executable', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Absolute path to the process executable.', + example: '/usr/bin/ssh', + default_field: false, + }, + { + name: 'parent.exit_code', + level: 'extended', + type: 'long', + description: + 'The exit code of the process, if this is a termination event.\n\nThe field should be absent if there is no exit code for the event (e.g. process\nstart).', + example: 137, + default_field: false, + }, + { + name: 'parent.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'MD5 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA1 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA256 hash.', + default_field: false, + }, + { + name: 'parent.hash.sha512', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'SHA512 hash.', + default_field: false, + }, + { + name: 'parent.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Process name.\n\nSometimes called program name or similar.', + example: 'ssh', + default_field: false, + }, + { + name: 'parent.pgid', + level: 'extended', + type: 'long', + format: 'string', + description: 'Identifier of the group of processes the process belongs to.', + default_field: false, + }, + { + name: 'parent.pid', + level: 'core', + type: 'long', + format: 'string', + description: 'Process id.', + example: 4242, + default_field: false, + }, + { + name: 'parent.ppid', + level: 'extended', + type: 'long', + format: 'string', + description: "Parent process' pid.", + example: 4241, + default_field: false, + }, + { + name: 'parent.start', + level: 'extended', + type: 'date', + description: 'The time the process started.', + example: '2016-05-23T08:05:34.853Z', + default_field: false, + }, + { + name: 'parent.thread.id', + level: 'extended', + type: 'long', + format: 'string', + description: 'Thread ID.', + example: 4242, + default_field: false, + }, + { + name: 'parent.thread.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Thread name.', + example: 'thread-0', + default_field: false, + }, + { + name: 'parent.title', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'Process title.\n\nThe proctitle, some times the same as process name. Can also be different:\nfor example a browser setting its title to the web page currently opened.', + default_field: false, + }, + { + name: 'parent.uptime', + level: 'extended', + type: 'long', + description: 'Seconds the process has been up.', + example: 1325, + default_field: false, + }, + { + name: 'parent.working_directory', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'The working directory of the process.', + example: '/home/alice', + default_field: false, + }, + { + name: 'pe.company', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal company name of the file, provided at compile-time.', + example: 'Microsoft Corporation', + default_field: false, + }, + { + name: 'pe.description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal description of the file, provided at compile-time.', + example: 'Paint', + default_field: false, + }, + { + name: 'pe.file_version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal version of the file, provided at compile-time.', + example: '6.3.9600.17415', + default_field: false, + }, + { + name: 'pe.original_file_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal name of the file, provided at compile-time.', + example: 'MSPAINT.EXE', + default_field: false, + }, + { + name: 'pe.product', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Internal product name of the file, provided at compile-time.', + example: 'Microsoft® Windows® Operating System', + default_field: false, + }, + { + name: 'pgid', + level: 'extended', + type: 'long', + format: 'string', + description: 'Identifier of the group of processes the process belongs to.', + }, + { + name: 'pid', + level: 'core', + type: 'long', + format: 'string', + description: 'Process id.', + example: 4242, + }, + { + name: 'ppid', + level: 'extended', + type: 'long', + format: 'string', + description: "Parent process' pid.", + example: 4241, + }, + { + name: 'start', + level: 'extended', + type: 'date', + description: 'The time the process started.', + example: '2016-05-23T08:05:34.853Z', + }, + { + name: 'thread.id', + level: 'extended', + type: 'long', + format: 'string', + description: 'Thread ID.', + example: 4242, + }, + { + name: 'thread.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Thread name.', + example: 'thread-0', + }, + { + name: 'title', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Process title.\n\nThe proctitle, some times the same as process name. Can also be different:\nfor example a browser setting its title to the web page currently opened.', + }, + { + name: 'uptime', + level: 'extended', + type: 'long', + description: 'Seconds the process has been up.', + example: 1325, + }, + { + name: 'working_directory', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'The working directory of the process.', + example: '/home/alice', + }, + ], + }, + { + name: 'registry', + title: 'Registry', + group: 2, + description: 'Fields related to Windows Registry operations.', + type: 'group', + fields: [ + { + name: 'data.bytes', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Original bytes written with base64 encoding.\n\nFor Windows registry operations, such as SetValueEx and RegQueryValueEx, this\ncorresponds to the data pointed by `lp_data`. This is optional but provides\nbetter recoverability and should be populated for REG_BINARY encoded values.', + example: 'ZQBuAC0AVQBTAAAAZQBuAAAAAAA=', + default_field: false, + }, + { + name: 'data.strings', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Content when writing string types.\n\nPopulated as an array when writing string data to the registry. For single\nstring registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with\none string. For sequences of string with REG_MULTI_SZ, this array will be\nvariable length. For numeric data, such as REG_DWORD and REG_QWORD, this should\nbe populated with the decimal representation (e.g `"1"`).', + example: '["C:\\rta\\red_ttp\\bin\\myapp.exe"]', + default_field: false, + }, + { + name: 'data.type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Standard registry type for encoding contents', + example: 'REG_SZ', + default_field: false, + }, + { + name: 'hive', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Abbreviated name for the hive.', + example: 'HKLM', + default_field: false, + }, + { + name: 'key', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Hive-relative path of keys.', + example: + 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe', + default_field: false, + }, + { + name: 'path', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Full path, including hive, key and value', + example: + 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution\nOptions\\winword.exe\\Debugger', + default_field: false, + }, + { + name: 'value', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the value written.', + example: 'Debugger', + default_field: false, + }, + ], + }, + { + name: 'related', + title: 'Related', + group: 2, + description: + 'This field set is meant to facilitate pivoting around a piece of\ndata.\n\nSome pieces of information can be seen in many places in an ECS event. To facilitate\nsearching for them, store an array of all seen values to their corresponding\nfield in `related.`.\n\nA concrete example is IP addresses, which can be under host, observer, source,\ndestination, client, server, and network.forwarded_ip. If you append all IPs\nto `related.ip`, you can then search for a given IP trivially, no matter where\nit appeared, by querying `related.ip:192.0.2.15`.', + type: 'group', + fields: [ + { + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + "All the hashes seen on your event. Populating this field, then\nusing it to search for hashes can help in situations where you're unsure what\nthe hash algorithm is (and therefore which key name to search).", + default_field: false, + }, + { + name: 'ip', + level: 'extended', + type: 'ip', + description: 'All of the IPs seen on your event.', + }, + { + name: 'user', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'All the user names seen on your event.', + default_field: false, + }, + ], + }, + { + name: 'rule', + title: 'Rule', + group: 2, + description: + 'Rule fields are used to capture the specifics of any observer or\nagent rules that generate alerts or other notable events.\n\nExamples of data sources that would populate the rule fields include: network\nadmission control platforms, network or host IDS/IPS, network firewalls, web\napplication firewalls, url filters, endpoint detection and response (EDR) systems,\netc.', + type: 'group', + fields: [ + { + name: 'author', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name, organization, or pseudonym of the author or authors who created\nthe rule used to generate this event.', + example: ['Star-Lord'], + default_field: false, + }, + { + name: 'category', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A categorization value keyword used by the entity using the rule\nfor detection of this event.', + example: 'Attempted Information Leak', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The description of the rule generating the event.', + example: 'Block requests to public DNS over HTTPS / TLS protocols', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A rule ID that is unique within the scope of an agent, observer,\nor other entity using the rule for detection of this event.', + example: 101, + default_field: false, + }, + { + name: 'license', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the license under which the rule used to generate this\nevent is made available.', + example: 'Apache 2.0', + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the rule or signature generating the event.', + example: 'BLOCK_DNS_over_TLS', + default_field: false, + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Reference URL to additional information about the rule used to\ngenerate this event.\n\nThe URL can point to the vendor documentation about the rule. If that is\nnot available, it can also be a link to a more general page describing this\ntype of alert.', + example: 'https://en.wikipedia.org/wiki/DNS_over_TLS', + default_field: false, + }, + { + name: 'ruleset', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the ruleset, policy, group, or parent category in which\nthe rule used to generate this event is a member.', + example: 'Standard_Protocol_Filters', + default_field: false, + }, + { + name: 'uuid', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A rule ID that is unique within the scope of a set or group of\nagents, observers, or other entities using the rule for detection of this\nevent.', + example: 1100110011, + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The version / revision of the rule being used for analysis.', + example: 1.1, + default_field: false, + }, + ], + }, + { + name: 'server', + title: 'Server', + group: 2, + description: + 'A Server is defined as the responder in a network connection for\nevents regarding sessions, connections, or bidirectional flow records.\n\nFor TCP events, the server is the receiver of the initial SYN packet(s) of the\nTCP connection. For other protocols, the server is generally the responder in\nthe network transaction. Some systems actually use the term "responder" to refer\nthe server in TCP connections. The server fields describe details about the\nsystem acting as the server in the network event. Server fields are usually\npopulated in conjunction with client fields. Server fields are generally not\npopulated for packet-level events.\n\nClient / server representations can add semantic context to an exchange, which\nis helpful to visualize the data in certain situations. If your context falls\nin that category, you should still ensure that source and destination are filled\nappropriately.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event server addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the server to the client.', + example: 184, + }, + { + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Server domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the server.\n\nCan be one or multiple IPv4 or IPv6 addresses.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the server.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of destination based NAT sessions (e.g. internet\nto private DMZ)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the server to the client.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the server.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered server domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'service', + title: 'Service', + group: 2, + description: + 'The service fields describe the service for or from which the data\nwas collected.\n\nThese fields help you find and correlate logs for a specific service and version.', + type: 'group', + fields: [ + { + name: 'ephemeral_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Ephemeral identifier of this service (if one exists).\n\nThis id normally changes across restarts, but `service.id` does not.', + example: '8a4f500f', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the running service. If the service is comprised\nof many nodes, the `service.id` should be the same for all nodes.\n\nThis id should uniquely identify the service. This makes it possible to correlate\nlogs and metrics for one specific service, no matter which particular node\nemitted the event.\n\nNote that if you need to see the events from one specific host of the service,\nyou should filter on that `host.name` or `host.id` instead.', + example: 'd37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the service data is collected from.\n\nThe name of the service is normally user given. This allows for distributed\nservices that run on multiple hosts to correlate the related instances based\non the name.\n\nIn the case of Elasticsearch the `service.name` could contain the cluster\nname. For Beats the `service.name` is by default a copy of the `service.type`\nfield if no name is specified.', + example: 'elasticsearch-metrics', + }, + { + name: 'node.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of a service node.\n\nThis allows for two nodes of the same service running on the same host to\nbe differentiated. Therefore, `service.node.name` should typically be unique\nacross nodes of a given service.\n\nIn the case of Elasticsearch, the `service.node.name` could contain the unique\nnode name within the Elasticsearch cluster. In cases where the service doe not\nhave the concept of a node name, the host name or container name can be used\nto distinguish running instances that make up this service. If those do not\nprovide uniqueness (e.g. multiple instances of the service running on the\nsame host) - the node name can be manually set.', + example: 'instance-0000000016', + }, + { + name: 'state', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Current state of the service.', + }, + { + name: 'type', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of the service data is collected from.\n\nThe type can be used to group and correlate logs and metrics from one service\ntype.\n\nExample: If logs or metrics are collected from Elasticsearch, `service.type`\nwould be `elasticsearch`.', + example: 'elasticsearch', + }, + { + name: 'version', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: + 'Version of the service the data was collected from.\n\nThis allows to look at a data set only for a specific version of a service.', + example: '3.2.4', + }, + ], + }, + { + name: 'source', + title: 'Source', + group: 2, + description: + 'Source fields describe details about the source of a packet/event.\n\nSource fields are usually populated in conjunction with destination fields.', + type: 'group', + fields: [ + { + name: 'address', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Some event source addresses are defined ambiguously. The event\nwill sometimes list an IP, a domain or a unix socket. You should always store\nthe raw address in the `.address` field.\n\nThen it should be duplicated to `.ip` or `.domain`, depending on which one\nit is.', + }, + { + name: 'as.number', + level: 'extended', + type: 'long', + description: + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + }, + { + name: 'as.organization.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Organization name.', + example: 'Google LLC', + }, + { + name: 'bytes', + level: 'core', + type: 'long', + format: 'bytes', + description: 'Bytes sent from the source to the destination.', + example: 184, + }, + { + name: 'domain', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Source domain.', + }, + { + name: 'geo.city_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'City name.', + example: 'Montreal', + }, + { + name: 'geo.continent_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the continent.', + example: 'North America', + }, + { + name: 'geo.country_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country ISO code.', + example: 'CA', + }, + { + name: 'geo.country_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Country name.', + example: 'Canada', + }, + { + name: 'geo.location', + level: 'core', + type: 'geo_point', + description: 'Longitude and latitude.', + example: '{ "lon": -73.614830, "lat": 45.505918 }', + }, + { + name: 'geo.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'User-defined description of a location, at the level of granularity\nthey care about.\n\nCould be the name of their data centers, the floor number, if this describes\na local physical entity, city names.\n\nNot typically used in automated geolocation.', + example: 'boston-dc', + }, + { + name: 'geo.region_iso_code', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region ISO code.', + example: 'CA-QC', + }, + { + name: 'geo.region_name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Region name.', + example: 'Quebec', + }, + { + name: 'ip', + level: 'core', + type: 'ip', + description: + 'IP address of the source.\n\nCan be one or multiple IPv4 or IPv6 addresses.', + }, + { + name: 'mac', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'MAC address of the source.', + }, + { + name: 'nat.ip', + level: 'extended', + type: 'ip', + description: + 'Translated ip of source based NAT sessions (e.g. internal client\nto internet)\n\nTypically connections traversing load balancers, firewalls, or routers.', + }, + { + name: 'nat.port', + level: 'extended', + type: 'long', + format: 'string', + description: + 'Translated port of source based NAT sessions. (e.g. internal client\nto internet)\n\nTypically used with load balancers, firewalls, or routers.', + }, + { + name: 'packets', + level: 'core', + type: 'long', + description: 'Packets sent from the source to the destination.', + example: 12, + }, + { + name: 'port', + level: 'core', + type: 'long', + format: 'string', + description: 'Port of the source.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered source domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'user.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'user.full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'user.group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'user.group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'user.group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'user.hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'user.id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'user.name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'threat', + title: 'Threat', + group: 2, + description: + 'Fields to classify events and alerts according to a threat taxonomy\nsuch as the Mitre ATT&CK framework.\n\nThese fields are for users to classify alerts from all of their sources (e.g.\nIDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to\ncapture the high level category of the threat (e.g. "impact"). The threat.technique.*\nfields are meant to capture which kind of approach is used by this detected\nthreat, to accomplish the goal (e.g. "endpoint denial of service").', + type: 'group', + fields: [ + { + name: 'framework', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the threat framework used to further categorize and classify\nthe tactic and technique of the reported threat. Framework classification\ncan be provided by detecting systems, evaluated at ingest time, or retrospectively\ntagged to events.', + example: 'MITRE ATT&CK', + }, + { + name: 'tactic.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The id of tactic used by this threat. You can use the Mitre ATT&CK\nMatrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'TA0040', + }, + { + name: 'tactic.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the type of tactic used by this threat. You can use the\nMitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'impact', + }, + { + name: 'tactic.reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The reference url of tactic used by this threat. You can use the\nMitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/\n)', + example: 'https://attack.mitre.org/tactics/TA0040/', + }, + { + name: 'technique.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The id of technique used by this tactic. You can use the Mitre\nATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'T1499', + }, + { + name: 'technique.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'The name of technique used by this tactic. You can use the Mitre\nATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'endpoint denial of service', + }, + { + name: 'technique.reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The reference url of technique used by this tactic. You can use\nthe Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/\n)', + example: 'https://attack.mitre.org/techniques/T1499/', + }, + ], + }, + { + name: 'tls', + title: 'TLS', + group: 2, + description: + 'Fields related to a TLS connection. These fields focus on the TLS\nprotocol itself and intentionally avoids in-depth analysis of the related x.509\ncertificate files.', + type: 'group', + fields: [ + { + name: 'cipher', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'String indicating the cipher used during the current connection.', + example: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', + default_field: false, + }, + { + name: 'client.certificate', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'PEM-encoded stand-alone certificate offered by the client. This\nis usually mutually-exclusive of `client.certificate_chain` since this value\nalso exists in that list.', + example: 'MII...', + default_field: false, + }, + { + name: 'client.certificate_chain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of PEM-encoded certificates that make up the certificate\nchain offered by the client. This is usually mutually-exclusive of `client.certificate`\nsince that value should be the first certificate in the chain.', + example: ['MII...', 'MII...'], + default_field: false, + }, + { + name: 'client.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the MD5 digest of DER-encoded version\nof certificate offered by the client. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC', + default_field: false, + }, + { + name: 'client.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA1 digest of DER-encoded version\nof certificate offered by the client. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '9E393D93138888D288266C2D915214D1D1CCEB2A', + default_field: false, + }, + { + name: 'client.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA256 digest of DER-encoded\nversion of certificate offered by the client. For consistency with other hash\nvalues, this value should be formatted as an uppercase hash.', + example: '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0', + default_field: false, + }, + { + name: 'client.issuer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Distinguished name of subject of the issuer of the x.509 certificate\npresented by the client.', + example: 'CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'client.ja3', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash that identifies clients based on how they perform an SSL/TLS\nhandshake.', + example: 'd4e5b18d6b55c71272893221c96ba240', + default_field: false, + }, + { + name: 'client.not_after', + level: 'extended', + type: 'date', + description: + 'Date/Time indicating when client certificate is no longer considered\nvalid.', + example: '2021-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'client.not_before', + level: 'extended', + type: 'date', + description: 'Date/Time indicating when client certificate is first considered\nvalid.', + example: '1970-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'client.server_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Also called an SNI, this tells the server which hostname to which\nthe client is attempting to connect. When this value is available, it should\nget copied to `destination.domain`.', + example: 'www.elastic.co', + default_field: false, + }, + { + name: 'client.subject', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Distinguished name of subject of the x.509 certificate presented\nby the client.', + example: 'CN=myclient, OU=Documentation Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'client.supported_ciphers', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Array of ciphers offered by the client during the client hello.', + example: [ + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', + '...', + ], + default_field: false, + }, + { + name: 'curve', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'String indicating the curve used for the given cipher, when applicable.', + example: 'secp256r1', + default_field: false, + }, + { + name: 'established', + level: 'extended', + type: 'boolean', + description: + 'Boolean flag indicating if the TLS negotiation was successful and\ntransitioned to an encrypted tunnel.', + default_field: false, + }, + { + name: 'next_protocol', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'String indicating the protocol being tunneled. Per the values in\nthe IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids),\nthis string should be lower case.', + example: 'http/1.1', + default_field: false, + }, + { + name: 'resumed', + level: 'extended', + type: 'boolean', + description: + 'Boolean flag indicating if this TLS connection was resumed from\nan existing TLS negotiation.', + default_field: false, + }, + { + name: 'server.certificate', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'PEM-encoded stand-alone certificate offered by the server. This\nis usually mutually-exclusive of `server.certificate_chain` since this value\nalso exists in that list.', + example: 'MII...', + default_field: false, + }, + { + name: 'server.certificate_chain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Array of PEM-encoded certificates that make up the certificate\nchain offered by the server. This is usually mutually-exclusive of `server.certificate`\nsince that value should be the first certificate in the chain.', + example: ['MII...', 'MII...'], + default_field: false, + }, + { + name: 'server.hash.md5', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the MD5 digest of DER-encoded version\nof certificate offered by the server. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC', + default_field: false, + }, + { + name: 'server.hash.sha1', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA1 digest of DER-encoded version\nof certificate offered by the server. For consistency with other hash values,\nthis value should be formatted as an uppercase hash.', + example: '9E393D93138888D288266C2D915214D1D1CCEB2A', + default_field: false, + }, + { + name: 'server.hash.sha256', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Certificate fingerprint using the SHA256 digest of DER-encoded\nversion of certificate offered by the server. For consistency with other hash\nvalues, this value should be formatted as an uppercase hash.', + example: '0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0', + default_field: false, + }, + { + name: 'server.issuer', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Subject of the issuer of the x.509 certificate presented by the\nserver.', + example: 'CN=MyDomain Root CA, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'server.ja3s', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A hash that identifies servers based on how they perform an SSL/TLS\nhandshake.', + example: '394441ab65754e2207b1e1b457b3641d', + default_field: false, + }, + { + name: 'server.not_after', + level: 'extended', + type: 'date', + description: + 'Timestamp indicating when server certificate is no longer considered\nvalid.', + example: '2021-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'server.not_before', + level: 'extended', + type: 'date', + description: 'Timestamp indicating when server certificate is first considered\nvalid.', + example: '1970-01-01T00:00:00.000Z', + default_field: false, + }, + { + name: 'server.subject', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Subject of the x.509 certificate presented by the server.', + example: 'CN=www.mydomain.com, OU=Infrastructure Team, DC=mydomain, DC=com', + default_field: false, + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Numeric part of the version parsed from the original string.', + example: '1.2', + default_field: false, + }, + { + name: 'version_protocol', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Normalized lowercase protocol name parsed from original string.', + example: 'tls', + default_field: false, + }, + ], + }, + { + name: 'tracing', + title: 'Tracing', + group: 2, + description: + 'Distributed tracing makes it possible to analyze performance throughout\na microservice architecture all in one view. This is accomplished by tracing\nall of the requests - from the initial web request in the front-end service\n- to queries made through multiple back-end services.', + type: 'group', + fields: [ + { + name: 'trace.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the trace.\n\nA trace groups multiple events like transactions that belong together. For\nexample, a user request handled by multiple inter-connected services.', + example: '4bf92f3577b34da6a3ce929d0e0e4736', + }, + { + name: 'transaction.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique identifier of the transaction.\n\nA transaction is the highest level of work measured within a service, such\nas a request to a server.', + example: '00f067aa0ba902b7', + }, + ], + }, + { + name: 'url', + title: 'URL', + group: 2, + description: + 'URL fields provide support for complete or partial URLs, and supports\nthe breaking down into scheme, domain, path, and so on.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Domain of the url, such as "www.elastic.co".\n\nIn some cases a URL may refer to an IP and/or port directly, without a domain\nname. In this case, the IP address would go to the `domain` field.', + example: 'www.elastic.co', + }, + { + name: 'extension', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The field contains the file extension from the original request\nurl.\n\nThe file extension is only set if it exists, as not every url has a file extension.\n\nThe leading period must not be included. For example, the value must be "png",\nnot ".png".', + example: 'png', + }, + { + name: 'fragment', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Portion of the url after the `#`, such as "top".\n\nThe `#` is not part of the fragment.', + }, + { + name: 'full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'If full URLs are important to your use case, they should be stored\nin `url.full`, whether this field is reconstructed or present in the event\nsource.', + example: 'https://www.elastic.co:443/search?q=elasticsearch#top', + }, + { + name: 'original', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: + 'Unmodified original url as seen in the event source.\n\nNote that in network monitoring, the observed URL may be a full URL, whereas\nin access logs, the URL is often just represented as a path.\n\nThis field is meant to represent the URL as it was observed, complete or not.', + example: + 'https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch', + }, + { + name: 'password', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Password of the request.', + }, + { + name: 'path', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Path of the request, such as "/search".', + }, + { + name: 'port', + level: 'extended', + type: 'long', + format: 'string', + description: 'Port of the request, such as 443.', + example: 443, + }, + { + name: 'query', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The query field describes the query string of the request, such\nas "q=elasticsearch".\n\nThe `?` is excluded from the query string. If a URL contains no `?`, there\nis no query field. If there is a `?` but no query, the query field exists\nwith an empty string. The `exists` query can be used to differentiate between\nthe two cases.', + }, + { + name: 'registered_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The highest registered url domain, stripped of the subdomain.\n\nFor example, the registered domain for "foo.google.com" is "google.com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last two labels will not work well for TLDs such as "co.uk".', + example: 'google.com', + }, + { + name: 'scheme', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Scheme of the request, such as "https".\n\nNote: The `:` is not part of the scheme.', + example: 'https', + }, + { + name: 'top_level_domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The effective top level domain (eTLD), also known as the domain\nsuffix, is the last part of the domain name. For example, the top level domain\nfor google.com is "com".\n\nThis value can be determined precisely with a list like the public suffix\nlist (http://publicsuffix.org). Trying to approximate this by simply taking\nthe last label will not work well for effective TLDs such as "co.uk".', + example: 'co.uk', + }, + { + name: 'username', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Username of the request.', + }, + ], + }, + { + name: 'user', + title: 'User', + group: 2, + description: + 'The user fields describe information about the user that is relevant\nto the event.\n\nFields can have one entry or multiple entries. If a user has more than one id,\nprovide an array that includes all of them.', + type: 'group', + fields: [ + { + name: 'domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the user is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'email', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'User email address.', + }, + { + name: 'full_name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: "User's full name, if available.", + example: 'Albert Einstein', + }, + { + name: 'group.domain', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Name of the directory the group is a member of.\n\nFor example, an LDAP or Active Directory domain name.', + }, + { + name: 'group.id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifier for the group on the system/platform.', + }, + { + name: 'group.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the group.', + }, + { + name: 'hash', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'Unique user hash to correlate information for a user in anonymized\nform.\n\nUseful if `user.id` or `user.name` contain confidential information and cannot\nbe used.', + }, + { + name: 'id', + level: 'core', + type: 'keyword', + ignore_above: 1024, + description: 'Unique identifiers of the user.', + }, + { + name: 'name', + level: 'core', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Short name or login of the user.', + example: 'albert', + }, + ], + }, + { + name: 'user_agent', + title: 'User agent', + group: 2, + description: + 'The user_agent fields normally come from a browser request.\n\nThey often show up in web service logs coming from the parsed user agent string.', + type: 'group', + fields: [ + { + name: 'device.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the device.', + example: 'iPhone', + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Name of the user agent.', + example: 'Safari', + }, + { + name: 'original', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: 'Unparsed user_agent string.', + example: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15\n(KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1', + }, + { + name: 'os.family', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'OS family (such as redhat, debian, freebsd, windows).', + example: 'debian', + }, + { + name: 'os.full', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, including the version or code name.', + example: 'Mac OS Mojave', + }, + { + name: 'os.kernel', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system kernel version as a raw string.', + example: '4.4.0-112-generic', + }, + { + name: 'os.name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + default_field: false, + }, + ], + description: 'Operating system name, without the version.', + example: 'Mac OS X', + }, + { + name: 'os.platform', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system platform (such centos, ubuntu, windows).', + example: 'darwin', + }, + { + name: 'os.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Operating system version as a raw string.', + example: '10.14.1', + }, + { + name: 'version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Version of the user agent.', + example: 12, + }, + ], + }, + { + name: 'vlan', + title: 'VLAN', + group: 2, + description: + 'The VLAN fields are used to identify 802.1q tag(s) of a packet,\nas well as ingress and egress VLAN associations of an observer in relation to\na specific packet or connection.\n\nNetwork.vlan fields are used to record a single VLAN tag, or the outer tag in\nthe case of q-in-q encapsulations, for a packet or connection as observed, typically\nprovided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic.\n\nNetwork.inner VLAN fields are used to report inner q-in-q 802.1q tags (multiple\n802.1q encapsulations) as observed, typically provided by a network sensor (e.g.\nZeek, Wireshark) passively reporting on traffic. Network.inner VLAN fields should\nonly be used in addition to network.vlan fields to indicate q-in-q tagging.\n\nObserver.ingress and observer.egress VLAN values are used to record observer\nspecific information when observer events contain discrete ingress and egress\nVLAN information, typically provided by firewalls, routers, or load balancers.', + type: 'group', + fields: [ + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'VLAN ID as reported by the observer.', + example: 10, + default_field: false, + }, + { + name: 'name', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'Optional VLAN name as reported by the observer.', + example: 'outside', + default_field: false, + }, + ], + }, + { + name: 'vulnerability', + title: 'Vulnerability', + group: 2, + description: + 'The vulnerability fields describe information about a vulnerability\nthat is relevant to an event.', + type: 'group', + fields: [ + { + name: 'category', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of system or architecture that the vulnerability affects.\nThese may be platform-specific (for example, Debian or SUSE) or general (for\nexample, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys\nvulnerability categories])\n\nThis field must be an array.', + example: '["Firewall"]', + default_field: false, + }, + { + name: 'classification', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The classification of the vulnerability scoring system. For example\n(https://www.first.org/cvss/)', + example: 'CVSS', + default_field: false, + }, + { + name: 'description', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + multi_fields: [ + { + name: 'text', + type: 'text', + norms: false, + }, + ], + description: + 'The description of the vulnerability that provides additional context\nof the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common\nVulnerabilities and Exposure CVE description])', + example: 'In macOS before 2.12.6, there is a vulnerability in the RPC...', + default_field: false, + }, + { + name: 'enumeration', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The type of identifier used for this vulnerability. For example\n(https://cve.mitre.org/about/)', + example: 'CVE', + default_field: false, + }, + { + name: 'id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The identification (ID) is the number portion of a vulnerability\nentry. It includes a unique identification number for the vulnerability. For\nexample (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities\nand Exposure CVE ID]', + example: 'CVE-2019-00001', + default_field: false, + }, + { + name: 'reference', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'A resource that provides additional information, context, and mitigations\nfor the identified vulnerability.', + example: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111', + default_field: false, + }, + { + name: 'report_id', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The report or scan identification number.', + example: 20191018.0001, + default_field: false, + }, + { + name: 'scanner.vendor', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: 'The name of the vulnerability scanner vendor.', + example: 'Tenable', + default_field: false, + }, + { + name: 'score.base', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nBase scores cover an assessment for exploitability metrics (attack vector,\ncomplexity, privileges, and user interaction), impact metrics (confidentiality,\nintegrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document)', + example: 5.5, + default_field: false, + }, + { + name: 'score.environmental', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nEnvironmental scores cover an assessment for any modified Base metrics, confidentiality,\nintegrity, and availability requirements. For example (https://www.first.org/cvss/specification-document)', + example: 5.5, + default_field: false, + }, + { + name: 'score.temporal', + level: 'extended', + type: 'float', + description: + 'Scores can range from 0.0 to 10.0, with 10.0 being the most severe.\n\nTemporal scores cover an assessment for code maturity, remediation level,\nand confidence. For example (https://www.first.org/cvss/specification-document)', + default_field: false, + }, + { + name: 'score.version', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The National Vulnerability Database (NVD) provides qualitative\nseverity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score\nranges in addition to the severity ratings for CVSS v3.0 as they are defined\nin the CVSS v3.0 specification.\n\nCVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit\norganization, whose mission is to help computer security incident response\nteams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss)', + example: 2, + default_field: false, + }, + { + name: 'severity', + level: 'extended', + type: 'keyword', + ignore_above: 1024, + description: + 'The severity of the vulnerability can help with metrics and internal\nprioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss)', + example: 'Critical', + default_field: false, + }, + ], + }, + ], + }, + { + key: 'beat', + anchor: 'beat-common', + title: 'Beat', + description: 'Contains common beat fields available in all event types.\n', + fields: [ + { + name: 'agent.hostname', + type: 'keyword', + description: 'Hostname of the agent.', + }, + { + name: 'beat.timezone', + type: 'alias', + path: 'event.timezone', + migration: true, + }, + { + name: 'fields', + type: 'object', + object_type: 'keyword', + description: 'Contains user configurable fields.\n', + }, + { + name: 'beat.name', + type: 'alias', + path: 'host.name', + migration: true, + }, + { + name: 'beat.hostname', + type: 'alias', + path: 'agent.hostname', + migration: true, + }, + { + name: 'timeseries.instance', + type: 'keyword', + description: 'Time series instance id', + }, + ], + }, + { + key: 'cloud', + title: 'Cloud provider metadata', + description: 'Metadata from cloud providers added by the add_cloud_metadata processor.\n', + fields: [ + { + name: 'cloud.project.id', + example: 'project-x', + description: 'Name of the project in Google Cloud.\n', + }, + { + name: 'cloud.image.id', + example: 'ami-abcd1234', + description: 'Image ID for the cloud instance.\n', + }, + { + name: 'meta.cloud.provider', + type: 'alias', + path: 'cloud.provider', + migration: true, + }, + { + name: 'meta.cloud.instance_id', + type: 'alias', + path: 'cloud.instance.id', + migration: true, + }, + { + name: 'meta.cloud.instance_name', + type: 'alias', + path: 'cloud.instance.name', + migration: true, + }, + { + name: 'meta.cloud.machine_type', + type: 'alias', + path: 'cloud.machine.type', + migration: true, + }, + { + name: 'meta.cloud.availability_zone', + type: 'alias', + path: 'cloud.availability_zone', + migration: true, + }, + { + name: 'meta.cloud.project_id', + type: 'alias', + path: 'cloud.project.id', + migration: true, + }, + { + name: 'meta.cloud.region', + type: 'alias', + path: 'cloud.region', + migration: true, + }, + ], + }, + { + key: 'docker', + title: 'Docker', + description: 'Docker stats collected from Docker.\n', + short_config: false, + anchor: 'docker-processor', + fields: [ + { + name: 'docker', + type: 'group', + fields: [ + { + name: 'container.id', + type: 'alias', + path: 'container.id', + migration: true, + }, + { + name: 'container.image', + type: 'alias', + path: 'container.image.name', + migration: true, + }, + { + name: 'container.name', + type: 'alias', + path: 'container.name', + migration: true, + }, + { + name: 'container.labels', + type: 'object', + object_type: 'keyword', + description: 'Image labels.\n', + }, + ], + }, + ], + }, + { + key: 'host', + title: 'Host', + description: 'Info collected for the host machine.\n', + anchor: 'host-processor', + fields: [ + { + name: 'host', + type: 'group', + fields: [ + { + name: 'containerized', + type: 'boolean', + description: 'If the host is a container.\n', + }, + { + name: 'os.build', + type: 'keyword', + example: '18D109', + description: 'OS build information.\n', + }, + { + name: 'os.codename', + type: 'keyword', + example: 'stretch', + description: 'OS codename, if any.\n', + }, + ], + }, + ], + }, + { + key: 'kubernetes', + title: 'Kubernetes', + description: 'Kubernetes metadata added by the kubernetes processor\n', + short_config: false, + anchor: 'kubernetes-processor', + fields: [ + { + name: 'kubernetes', + type: 'group', + fields: [ + { + name: 'pod.name', + type: 'keyword', + description: 'Kubernetes pod name\n', + }, + { + name: 'pod.uid', + type: 'keyword', + description: 'Kubernetes Pod UID\n', + }, + { + name: 'namespace', + type: 'keyword', + description: 'Kubernetes namespace\n', + }, + { + name: 'node.name', + type: 'keyword', + description: 'Kubernetes node name\n', + }, + { + name: 'labels.*', + type: 'object', + object_type: 'keyword', + object_type_mapping_type: '*', + description: 'Kubernetes labels map\n', + }, + { + name: 'annotations.*', + type: 'object', + object_type: 'keyword', + object_type_mapping_type: '*', + description: 'Kubernetes annotations map\n', + }, + { + name: 'replicaset.name', + type: 'keyword', + description: 'Kubernetes replicaset name\n', + }, + { + name: 'deployment.name', + type: 'keyword', + description: 'Kubernetes deployment name\n', + }, + { + name: 'statefulset.name', + type: 'keyword', + description: 'Kubernetes statefulset name\n', + }, + { + name: 'container.name', + type: 'keyword', + description: 'Kubernetes container name\n', + }, + { + name: 'container.image', + type: 'keyword', + description: 'Kubernetes container image\n', + }, + ], + }, + ], + }, + { + key: 'process', + title: 'Process', + description: 'Process metadata fields\n', + fields: [ + { + name: 'process', + type: 'group', + fields: [ + { + name: 'exe', + type: 'alias', + path: 'process.executable', + migration: true, + }, + ], + }, + ], + }, + { + key: 'jolokia-autodiscover', + title: 'Jolokia Discovery autodiscover provider', + description: 'Metadata from Jolokia Discovery added by the jolokia provider.\n', + fields: [ + { + name: 'jolokia.agent.version', + type: 'keyword', + description: 'Version number of jolokia agent.\n', + }, + { + name: 'jolokia.agent.id', + type: 'keyword', + description: + 'Each agent has a unique id which can be either provided during startup of the agent in form of a configuration parameter or being autodetected. If autodected, the id has several parts: The IP, the process id, hashcode of the agent and its type.\n', + }, + { + name: 'jolokia.server.product', + type: 'keyword', + description: 'The container product if detected.\n', + }, + { + name: 'jolokia.server.version', + type: 'keyword', + description: "The container's version (if detected).\n", + }, + { + name: 'jolokia.server.vendor', + type: 'keyword', + description: 'The vendor of the container the agent is running in.\n', + }, + { + name: 'jolokia.url', + type: 'keyword', + description: 'The URL how this agent can be contacted.\n', + }, + { + name: 'jolokia.secured', + type: 'boolean', + description: 'Whether the agent was configured for authentication or not.\n', + }, + ], + }, + { + key: 'common', + title: 'Common', + description: + 'These fields contain data about the environment in which the transaction or flow was captured.\n', + fields: [ + { + name: 'type', + description: + 'The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.\n', + required: true, + }, + { + name: 'server.process.name', + description: 'The name of the process that served the transaction.\n', + }, + { + name: 'server.process.args', + description: 'The command-line of the process that served the transaction.\n', + }, + { + name: 'server.process.executable', + description: 'Absolute path to the server process executable.\n', + }, + { + name: 'server.process.working_directory', + description: 'The working directory of the server process.\n', + }, + { + name: 'server.process.start', + description: 'The time the server process started.\n', + }, + { + name: 'client.process.name', + description: 'The name of the process that initiated the transaction.\n', + }, + { + name: 'client.process.args', + description: 'The command-line of the process that initiated the transaction.\n', + }, + { + name: 'client.process.executable', + description: 'Absolute path to the client process executable.\n', + }, + { + name: 'client.process.working_directory', + description: 'The working directory of the client process.\n', + }, + { + name: 'client.process.start', + description: 'The time the client process started.\n', + }, + { + name: 'real_ip', + type: 'alias', + path: 'network.forwarded_ip', + migration: true, + description: + 'If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default `X-Forwarded-For`.\nUnless this field is disabled, it always has a value, and it matches the `client_ip` for non proxy clients.\n', + }, + { + name: 'transport', + type: 'alias', + path: 'network.transport', + migration: true, + description: + 'The transport protocol used for the transaction. If not specified, then tcp is assumed.\n', + }, + ], + }, + { + key: 'flows_event', + title: 'Flow Event', + description: 'These fields contain data about the flow itself.\n', + fields: [ + { + name: 'flow.final', + type: 'boolean', + description: + 'Indicates if event is last event in flow. If final is false, the event reports an intermediate flow state only.\n', + }, + { + name: 'flow.id', + description: 'Internal flow ID based on connection meta data and address.\n', + }, + { + name: 'flow.vlan', + type: 'long', + description: + "VLAN identifier from the 802.1q frame. In case of a multi-tagged frame this field will be an array with the outer tag's VLAN identifier listed first.\n", + }, + { + name: 'flow_id', + type: 'alias', + path: 'flow.id', + migration: true, + }, + { + name: 'final', + type: 'alias', + path: 'flow.final', + migration: true, + }, + { + name: 'vlan', + type: 'alias', + path: 'flow.vlan', + migration: true, + }, + { + name: 'source.stats.net_bytes_total', + type: 'alias', + path: 'source.bytes', + migration: true, + }, + { + name: 'source.stats.net_packets_total', + type: 'alias', + path: 'source.packets', + migration: true, + }, + { + name: 'dest.stats.net_bytes_total', + type: 'alias', + path: 'destination.bytes', + migration: true, + }, + { + name: 'dest.stats.net_packets_total', + type: 'alias', + path: 'destination.packets', + migration: true, + }, + ], + }, + { + key: 'trans_event', + title: 'Transaction Event', + description: 'These fields contain data about the transaction itself.\n', + fields: [ + { + name: 'status', + description: + 'The high level status of the transaction. The way to compute this value depends on the protocol, but the result has a meaning independent of the protocol.\n', + required: true, + possible_values: ['OK', 'Error', 'Server Error', 'Client Error'], + }, + { + name: 'method', + description: + 'The command/verb/method of the transaction. For HTTP, this is the method name (GET, POST, PUT, and so on), for SQL this is the verb (SELECT, UPDATE, DELETE, and so on).\n', + }, + { + name: 'resource', + description: + 'The logical resource that this transaction refers to. For HTTP, this is the URL path up to the last slash (/). For example, if the URL is `/users/1`, the resource is `/users`. For databases, the resource is typically the table name. The field is not filled for all transaction types.\n', + }, + { + name: 'path', + required: true, + description: + 'The path the transaction refers to. For HTTP, this is the URL. For SQL databases, this is the table name. For key-value stores, this is the key.\n', + }, + { + name: 'query', + type: 'keyword', + description: + 'The query in a human readable format. For HTTP, it will typically be something like `GET /users/_search?name=test`. For MySQL, it is something like `SELECT id from users where name=test`.\n', + }, + { + name: 'params', + type: 'text', + description: + 'The request parameters. For HTTP, these are the POST or GET parameters. For Thrift-RPC, these are the parameters from the request.\n', + }, + { + name: 'notes', + type: 'alias', + path: 'error.message', + description: + 'Messages from Packetbeat itself. This field usually contains error messages for interpreting the raw data. This information can be helpful for troubleshooting.\n', + }, + ], + }, + { + key: 'raw', + title: 'Raw', + description: 'These fields contain the raw transaction data.', + fields: [ + { + name: 'request', + type: 'text', + description: + 'For text protocols, this is the request as seen on the wire (application layer only). For binary protocols this is our representation of the request.\n', + }, + { + name: 'response', + type: 'text', + description: + 'For text protocols, this is the response as seen on the wire (application layer only). For binary protocols this is our representation of the request.\n', + }, + ], + }, + { + key: 'trans_measurements', + title: 'Measurements (Transactions)', + description: 'These fields contain measurements related to the transaction.\n', + fields: [ + { + name: 'bytes_in', + type: 'alias', + path: 'source.bytes', + description: + 'The number of bytes of the request. Note that this size is the application layer message length, without the length of the IP or TCP headers.\n', + }, + { + name: 'bytes_out', + type: 'alias', + path: 'destination.bytes', + description: + 'The number of bytes of the response. Note that this size is the application layer message length, without the length of the IP or TCP headers.\n', + }, + ], + }, + { + key: 'amqp', + title: 'AMQP', + description: 'AMQP specific event fields.', + fields: [ + { + name: 'amqp', + type: 'group', + fields: [ + { + name: 'reply-code', + type: 'long', + description: 'AMQP reply code to an error, similar to http reply-code\n', + example: 404, + }, + { + name: 'reply-text', + type: 'keyword', + description: 'Text explaining the error.\n', + }, + { + name: 'class-id', + type: 'long', + description: 'Failing method class.\n', + }, + { + name: 'method-id', + type: 'long', + description: 'Failing method ID.\n', + }, + { + name: 'exchange', + type: 'keyword', + description: 'Name of the exchange.\n', + }, + { + name: 'exchange-type', + type: 'keyword', + description: 'Exchange type.\n', + example: 'fanout', + }, + { + name: 'passive', + type: 'boolean', + description: 'If set, do not create exchange/queue.\n', + }, + { + name: 'durable', + type: 'boolean', + description: 'If set, request a durable exchange/queue.\n', + }, + { + name: 'exclusive', + type: 'boolean', + description: 'If set, request an exclusive queue.\n', + }, + { + name: 'auto-delete', + type: 'boolean', + description: 'If set, auto-delete queue when unused.\n', + }, + { + name: 'no-wait', + type: 'boolean', + description: 'If set, the server will not respond to the method.\n', + }, + { + name: 'consumer-tag', + description: 'Identifier for the consumer, valid within the current channel.\n', + }, + { + name: 'delivery-tag', + type: 'long', + description: 'The server-assigned and channel-specific delivery tag.\n', + }, + { + name: 'message-count', + type: 'long', + description: + 'The number of messages in the queue, which will be zero for newly-declared queues.\n', + }, + { + name: 'consumer-count', + type: 'long', + description: 'The number of consumers of a queue.\n', + }, + { + name: 'routing-key', + type: 'keyword', + description: 'Message routing key.\n', + }, + { + name: 'no-ack', + type: 'boolean', + description: 'If set, the server does not expect acknowledgements for messages.\n', + }, + { + name: 'no-local', + type: 'boolean', + description: + 'If set, the server will not send messages to the connection that published them.\n', + }, + { + name: 'if-unused', + type: 'boolean', + description: 'Delete only if unused.\n', + }, + { + name: 'if-empty', + type: 'boolean', + description: 'Delete only if empty.\n', + }, + { + name: 'queue', + type: 'keyword', + description: 'The queue name identifies the queue within the vhost.\n', + }, + { + name: 'redelivered', + type: 'boolean', + description: + 'Indicates that the message has been previously delivered to this or another client.\n', + }, + { + name: 'multiple', + type: 'boolean', + description: 'Acknowledge multiple messages.\n', + }, + { + name: 'arguments', + type: 'object', + description: + 'Optional additional arguments passed to some methods. Can be of various types.\n', + }, + { + name: 'mandatory', + type: 'boolean', + description: 'Indicates mandatory routing.\n', + }, + { + name: 'immediate', + type: 'boolean', + description: 'Request immediate delivery.\n', + }, + { + name: 'content-type', + type: 'keyword', + description: 'MIME content type.\n', + example: 'text/plain', + }, + { + name: 'content-encoding', + type: 'keyword', + description: 'MIME content encoding.\n', + }, + { + name: 'headers', + type: 'object', + object_type: 'keyword', + description: 'Message header field table.\n', + }, + { + name: 'delivery-mode', + type: 'keyword', + description: 'Non-persistent (1) or persistent (2).\n', + }, + { + name: 'priority', + type: 'long', + description: 'Message priority, 0 to 9.\n', + }, + { + name: 'correlation-id', + type: 'keyword', + description: 'Application correlation identifier.\n', + }, + { + name: 'reply-to', + type: 'keyword', + description: 'Address to reply to.\n', + }, + { + name: 'expiration', + type: 'keyword', + description: 'Message expiration specification.\n', + }, + { + name: 'message-id', + type: 'keyword', + description: 'Application message identifier.\n', + }, + { + name: 'timestamp', + type: 'keyword', + description: 'Message timestamp.\n', + }, + { + name: 'type', + type: 'keyword', + description: 'Message type name.\n', + }, + { + name: 'user-id', + type: 'keyword', + description: 'Creating user id.\n', + }, + { + name: 'app-id', + type: 'keyword', + description: 'Creating application id.\n', + }, + ], + }, + ], + }, + { + key: 'cassandra', + title: 'Cassandra', + description: 'Cassandra v4/3 specific event fields.', + fields: [ + { + name: 'no_request', + type: 'alias', + path: 'cassandra.no_request', + migration: true, + }, + { + name: 'cassandra', + type: 'group', + description: 'Information about the Cassandra request and response.', + fields: [ + { + name: 'no_request', + type: 'boolean', + description: 'Indicates that there is no request because this is a PUSH message.\n', + }, + { + name: 'request', + type: 'group', + description: 'Cassandra request.', + fields: [ + { + name: 'headers', + type: 'group', + description: 'Cassandra request headers.', + fields: [ + { + name: 'version', + type: 'long', + description: 'The version of the protocol.', + }, + { + name: 'flags', + type: 'keyword', + description: 'Flags applying to this frame.', + }, + { + name: 'stream', + type: 'keyword', + description: + 'A frame has a stream id. If a client sends a request message with the stream id X, it is guaranteed that the stream id of the response to that message will be X.', + }, + { + name: 'op', + type: 'keyword', + description: 'An operation type that distinguishes the actual message.', + }, + { + name: 'length', + type: 'long', + description: + 'A integer representing the length of the body of the frame (a frame is limited to 256MB in length).', + }, + ], + }, + { + name: 'query', + type: 'keyword', + description: 'The CQL query which client send to cassandra.', + }, + ], + }, + { + name: 'response', type: 'group', description: 'Cassandra response.', fields: [ @@ -3243,19 +6791,19 @@ export const packetbeatSchema: Schema = [ name: 'transaction_id', type: 'keyword', description: - 'Transaction ID, a random number chosen by the client, used by the client and server to associate messages and responses between a client and a server.', + 'Transaction ID, a random number chosen by the\nclient, used by the client and server to associate\nmessages and responses between a client and a\nserver.\n', }, { name: 'seconds', type: 'long', description: - 'Number of seconds elapsed since client began address acquisition or renewal process.', + 'Number of seconds elapsed since client began address acquisition or\nrenewal process.\n', }, { name: 'flags', type: 'keyword', description: - 'Flags are set by the client to indicate how the DHCP server should its reply -- either unicast or broadcast.', + 'Flags are set by the client to indicate how the DHCP server should\nits reply -- either unicast or broadcast.\n', }, { name: 'client_ip', @@ -3266,19 +6814,19 @@ export const packetbeatSchema: Schema = [ name: 'assigned_ip', type: 'ip', description: - 'The IP address that the DHCP server is assigning to the client. This field is also known as "your" IP address.', + 'The IP address that the DHCP server is assigning to the client.\nThis field is also known as "your" IP address.\n', }, { name: 'server_ip', type: 'ip', description: - 'The IP address of the DHCP server that the client should use for the next step in the bootstrap process.', + 'The IP address of the DHCP server that the client should use for the\nnext step in the bootstrap process.\n', }, { name: 'relay_ip', type: 'ip', description: - 'The relay IP address used by the client to contact the server (i.e. a DHCP relay server).', + 'The relay IP address used by the client to contact the server\n(i.e. a DHCP relay server).\n', }, { name: 'client_mac', @@ -3289,13 +6837,13 @@ export const packetbeatSchema: Schema = [ name: 'server_name', type: 'keyword', description: - 'The name of the server sending the message. Optional. Used in DHCPOFFER or DHCPACK messages.', + 'The name of the server sending the message. Optional. Used in\nDHCPOFFER or DHCPACK messages.\n', }, { name: 'op_code', type: 'keyword', example: 'bootreply', - description: 'The message op code (bootrequest or bootreply).', + description: 'The message op code (bootrequest or bootreply).\n', }, { name: 'hops', @@ -3306,7 +6854,7 @@ export const packetbeatSchema: Schema = [ name: 'hardware_type', type: 'keyword', description: - 'The type of hardware used for the local network (Ethernet, LocalTalk, etc).', + 'The type of hardware used for the local network (Ethernet,\nLocalTalk, etc).\n', }, { name: 'option', @@ -3317,124 +6865,126 @@ export const packetbeatSchema: Schema = [ type: 'keyword', example: 'ack', description: - 'The specific type of DHCP message being sent (e.g. discover, offer, request, decline, ack, nak, release, inform).', + 'The specific type of DHCP message being sent (e.g. discover,\noffer, request, decline, ack, nak, release, inform).\n', }, { name: 'parameter_request_list', type: 'keyword', description: - 'This option is used by a DHCP client to request values for specified configuration parameters.', + 'This option is used by a DHCP client to request values for\nspecified configuration parameters.\n', }, { name: 'requested_ip_address', type: 'ip', description: - 'This option is used in a client request (DHCPDISCOVER) to allow the client to request that a particular IP address be assigned.', + 'This option is used in a client request (DHCPDISCOVER) to allow\nthe client to request that a particular IP address be assigned.\n', }, { name: 'server_identifier', type: 'ip', - description: 'IP address of the individual DHCP server which handled this message.', + description: + 'IP address of the individual DHCP server which handled this\nmessage.\n', }, { name: 'broadcast_address', type: 'ip', description: - "This option specifies the broadcast address in use on the client's subnet. ", + "This option specifies the broadcast address in use on the\nclient's subnet.\n", }, { name: 'max_dhcp_message_size', type: 'long', description: - 'This option specifies the maximum length DHCP message that the client is willing to accept.', + 'This option specifies the maximum length DHCP message that the\nclient is willing to accept.\n', }, { name: 'class_identifier', type: 'keyword', description: - "This option is used by DHCP clients to optionally identify the vendor type and configuration of a DHCP client. Vendors may choose to define specific vendor class identifiers to convey particular configuration or other identification information about a client. For example, the identifier may encode the client's hardware configuration. ", + "This option is used by DHCP clients to optionally identify the\nvendor type and configuration of a DHCP client. Vendors may\nchoose to define specific vendor class identifiers to convey\nparticular configuration or other identification information\nabout a client. For example, the identifier may encode the\nclient's hardware configuration.\n", }, { name: 'domain_name', type: 'keyword', description: - 'This option specifies the domain name that client should use when resolving hostnames via the Domain Name System.', + 'This option specifies the domain name that client should use\nwhen resolving hostnames via the Domain Name System.\n', }, { name: 'dns_servers', type: 'ip', description: - 'The domain name server option specifies a list of Domain Name System servers available to the client.', + 'The domain name server option specifies a list of Domain Name\nSystem servers available to the client.\n', }, { name: 'vendor_identifying_options', type: 'object', description: - 'A DHCP client may use this option to unambiguously identify the vendor that manufactured the hardware on which the client is running, the software in use, or an industry consortium to which the vendor belongs. This field is described in RFC 3925.', + 'A DHCP client may use this option to unambiguously identify the\nvendor that manufactured the hardware on which the client is\nrunning, the software in use, or an industry consortium to which\nthe vendor belongs. This field is described in RFC 3925.\n', }, { name: 'subnet_mask', type: 'ip', - description: 'The subnet mask that the client should use on the currnet network.', + description: + 'The subnet mask that the client should use on the currnet\nnetwork.\n', }, { name: 'utc_time_offset_sec', type: 'long', description: - "The time offset field specifies the offset of the client's subnet in seconds from Coordinated Universal Time (UTC). ", + "The time offset field specifies the offset of the client's\nsubnet in seconds from Coordinated Universal Time (UTC).\n", }, { name: 'router', type: 'ip', description: - "The router option specifies a list of IP addresses for routers on the client's subnet. ", + "The router option specifies a list of IP addresses for routers\non the client's subnet.\n", }, { name: 'time_servers', type: 'ip', description: - 'The time server option specifies a list of RFC 868 time servers available to the client.', + 'The time server option specifies a list of RFC 868 time servers\navailable to the client.\n', }, { name: 'ntp_servers', type: 'ip', description: - 'This option specifies a list of IP addresses indicating NTP servers available to the client.', + 'This option specifies a list of IP addresses indicating NTP\nservers available to the client.\n', }, { name: 'hostname', type: 'keyword', - description: 'This option specifies the name of the client.', + description: 'This option specifies the name of the client.\n', }, { name: 'ip_address_lease_time_sec', type: 'long', description: - 'This option is used in a client request (DHCPDISCOVER or DHCPREQUEST) to allow the client to request a lease time for the IP address. In a server reply (DHCPOFFER), a DHCP server uses this option to specify the lease time it is willing to offer.', + 'This option is used in a client request (DHCPDISCOVER or\nDHCPREQUEST) to allow the client to request a lease time for the\nIP address. In a server reply (DHCPOFFER), a DHCP server uses\nthis option to specify the lease time it is willing to offer.\n', }, { name: 'message', type: 'text', description: - 'This option is used by a DHCP server to provide an error message to a DHCP client in a DHCPNAK message in the event of a failure. A client may use this option in a DHCPDECLINE message to indicate the why the client declined the offered parameters.', + 'This option is used by a DHCP server to provide an error message\nto a DHCP client in a DHCPNAK message in the event of a failure.\nA client may use this option in a DHCPDECLINE message to\nindicate the why the client declined the offered parameters.\n', }, { name: 'renewal_time_sec', type: 'long', description: - 'This option specifies the time interval from address assignment until the client transitions to the RENEWING state.', + 'This option specifies the time interval from address assignment\nuntil the client transitions to the RENEWING state.\n', }, { name: 'rebinding_time_sec', type: 'long', description: - 'This option specifies the time interval from address assignment until the client transitions to the REBINDING state.', + 'This option specifies the time interval from address assignment\nuntil the client transitions to the REBINDING state.\n', }, { name: 'boot_file_name', type: 'keyword', description: - "This option is used to identify a bootfile when the 'file' field in the DHCP header has been used for DHCP options. ", + "This option is used to identify a bootfile when the 'file' field\nin the DHCP header has been used for DHCP options.\n", }, ], }, @@ -3451,129 +7001,64 @@ export const packetbeatSchema: Schema = [ name: 'dns', type: 'group', fields: [ - { - name: 'id', - type: 'long', - description: - 'The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.', - }, - { - name: 'op_code', - description: - 'The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response.', - example: 'QUERY', - }, { name: 'flags.authoritative', type: 'boolean', description: - 'A DNS flag specifying that the responding server is an authority for the domain name used in the question.', + 'A DNS flag specifying that the responding server is an authority for the domain name used in the question.\n', }, { name: 'flags.recursion_available', type: 'boolean', description: - 'A DNS flag specifying whether recursive query support is available in the name server.', + 'A DNS flag specifying whether recursive query support is available in the name server.\n', }, { name: 'flags.recursion_desired', type: 'boolean', description: - 'A DNS flag specifying that the client directs the server to pursue a query recursively. Recursive query support is optional.', + 'A DNS flag specifying that the client directs the server to pursue a query recursively. Recursive query support is optional.\n', }, { name: 'flags.authentic_data', type: 'boolean', description: - 'A DNS flag specifying that the recursive server considers the response authentic.', + 'A DNS flag specifying that the recursive server considers the response authentic.\n', }, { name: 'flags.checking_disabled', type: 'boolean', description: - 'A DNS flag specifying that the client disables the server signature validation of the query.', + 'A DNS flag specifying that the client disables the server signature validation of the query.\n', }, { name: 'flags.truncated_response', type: 'boolean', description: - 'A DNS flag specifying that only the first 512 bytes of the reply were returned.', - }, - { - name: 'response_code', - description: 'The DNS status code.', - example: 'NOERROR', - }, - { - name: 'question.name', - description: - 'The domain name being queried. If the name field contains non-printable characters (below 32 or above 126), then those characters are represented as escaped base 10 integers (\\DDD). Back slashes and quotes are escaped. Tabs, carriage returns, and line feeds are converted to \\t, \\r, and respectively.', - example: 'www.google.com.', - }, - { - name: 'question.type', - description: 'The type of records being queried.', - example: 'AAAA', - }, - { - name: 'question.class', - description: 'The class of of records being queried.', - example: 'IN', + 'A DNS flag specifying that only the first 512 bytes of the reply were returned.\n', }, { name: 'question.etld_plus_one', description: - 'The effective top-level domain (eTLD) plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org.', + 'The effective top-level domain (eTLD) plus one more label.\nFor example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.".\nThe data for determining the eTLD comes from an embedded copy of the\ndata from http://publicsuffix.org.', example: 'amazon.co.uk.', }, - { - name: 'answers', - type: 'object', - description: - 'An array containing a dictionary about each answer section returned by the server.', - }, { name: 'answers_count', type: 'long', - description: 'The number of resource records contained in the `dns.answers` field.', - }, - { - name: 'answers.name', - description: 'The domain name to which this resource record pertains.', - example: 'example.com.', - }, - { - name: 'answers.type', - description: 'The type of data contained in this resource record.', - example: 'MX', - }, - { - name: 'answers.class', - description: 'The class of DNS data contained in this resource record.', - example: 'IN', - }, - { - name: 'answers.ttl', - description: - 'The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.', - type: 'long', - }, - { - name: 'answers.data', - description: - 'The data describing the resource. The meaning of this data depends on the type and class of the resource record.', + description: 'The number of resource records contained in the `dns.answers` field.\n', }, { name: 'authorities', type: 'object', description: - 'An array containing a dictionary for each authority section from the answer.', + 'An array containing a dictionary for each authority section from the answer.\n', }, { name: 'authorities_count', type: 'long', description: - 'The number of resource records contained in the `dns.authorities` field. The `dns.authorities` field may or may not be included depending on the configuration of Packetbeat.', + 'The number of resource records contained in the `dns.authorities` field. The `dns.authorities` field may or may not be included depending on the configuration of Packetbeat.\n', }, { name: 'authorities.name', @@ -3594,13 +7079,13 @@ export const packetbeatSchema: Schema = [ name: 'additionals', type: 'object', description: - 'An array containing a dictionary for each additional section from the answer.', + 'An array containing a dictionary for each additional section from the answer.\n', }, { name: 'additionals_count', type: 'long', description: - 'The number of resource records contained in the `dns.additionals` field. The `dns.additionals` field may or may not be included depending on the configuration of Packetbeat.', + 'The number of resource records contained in the `dns.additionals` field. The `dns.additionals` field may or may not be included depending on the configuration of Packetbeat.\n', }, { name: 'additionals.name', @@ -3620,13 +7105,13 @@ export const packetbeatSchema: Schema = [ { name: 'additionals.ttl', description: - 'The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.', + 'The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.\n', type: 'long', }, { name: 'additionals.data', description: - 'The data describing the resource. The meaning of this data depends on the type and class of the resource record.', + 'The data describing the resource. The meaning of this data depends on the type and class of the resource record.\n', }, { name: 'opt.version', @@ -3672,7 +7157,7 @@ export const packetbeatSchema: Schema = [ type: 'object', object_type: 'keyword', description: - 'A map containing the captured header fields from the request. Which headers to capture is configurable. If headers with the same header name are present in the message, they will be separated by commas.', + 'A map containing the captured header fields from the request. Which headers to capture is configurable. If headers with the same header name are present in the message, they will be separated by commas.\n', }, { name: 'params', @@ -3697,7 +7182,7 @@ export const packetbeatSchema: Schema = [ type: 'object', object_type: 'keyword', description: - 'A map containing the captured header fields from the response. Which headers to capture is configurable. If headers with the same header name are present in the message, they will be separated by commas.', + 'A map containing the captured header fields from the response. Which headers to capture is configurable. If headers with the same header name are present in the message, they will be separated by commas.\n', }, { name: 'code', @@ -3720,7 +7205,7 @@ export const packetbeatSchema: Schema = [ { key: 'icmp', title: 'ICMP', - description: 'ICMP specific event fields.', + description: 'ICMP specific event fields.\n', fields: [ { name: 'icmp', @@ -3778,232 +7263,232 @@ export const packetbeatSchema: Schema = [ name: 'protocol_type', type: 'keyword', description: - 'The memcache protocol implementation. The value can be "binary" for binary-based, "text" for text-based, or "unknown" for an unknown memcache protocol type.', + 'The memcache protocol implementation. The value can be "binary" for binary-based, "text" for text-based, or "unknown" for an unknown memcache protocol type.\n', }, { name: 'request.line', type: 'keyword', - description: 'The raw command line for unknown commands ONLY.', + description: 'The raw command line for unknown commands ONLY.\n', }, { name: 'request.command', type: 'keyword', description: - 'The memcache command being requested in the memcache text protocol. For example "set" or "get". The binary protocol opcodes are translated into memcache text protocol commands.', + 'The memcache command being requested in the memcache text protocol. For example "set" or "get". The binary protocol opcodes are translated into memcache text protocol commands.\n', }, { name: 'response.command', type: 'keyword', description: - 'Either the text based protocol response message type or the name of the originating request if binary protocol is used.', + 'Either the text based protocol response message type or the name of the originating request if binary protocol is used.\n', }, { name: 'request.type', type: 'keyword', description: - 'The memcache command classification. This value can be "UNKNOWN", "Load", "Store", "Delete", "Counter", "Info", "SlabCtrl", "LRUCrawler", "Stats", "Success", "Fail", or "Auth".', + 'The memcache command classification. This value can be "UNKNOWN", "Load", "Store", "Delete", "Counter", "Info", "SlabCtrl", "LRUCrawler", "Stats", "Success", "Fail", or "Auth".\n', }, { name: 'response.type', type: 'keyword', description: - 'The memcache command classification. This value can be "UNKNOWN", "Load", "Store", "Delete", "Counter", "Info", "SlabCtrl", "LRUCrawler", "Stats", "Success", "Fail", or "Auth". The text based protocol will employ any of these, whereas the binary based protocol will mirror the request commands only (see `memcache.response.status` for binary protocol).', + 'The memcache command classification. This value can be "UNKNOWN", "Load", "Store", "Delete", "Counter", "Info", "SlabCtrl", "LRUCrawler", "Stats", "Success", "Fail", or "Auth". The text based protocol will employ any of these, whereas the binary based protocol will mirror the request commands only (see `memcache.response.status` for binary protocol).\n', }, { name: 'response.error_msg', type: 'keyword', description: - 'The optional error message in the memcache response (text based protocol only).', + 'The optional error message in the memcache response (text based protocol only).\n', }, { name: 'request.opcode', type: 'keyword', - description: 'The binary protocol message opcode name.', + description: 'The binary protocol message opcode name.\n', }, { name: 'response.opcode', type: 'keyword', - description: 'The binary protocol message opcode name.', + description: 'The binary protocol message opcode name.\n', }, { name: 'request.opcode_value', type: 'long', - description: 'The binary protocol message opcode value.', + description: 'The binary protocol message opcode value.\n', }, { name: 'response.opcode_value', type: 'long', - description: 'The binary protocol message opcode value.', + description: 'The binary protocol message opcode value.\n', }, { name: 'request.opaque', type: 'long', description: - 'The binary protocol opaque header value used for correlating request with response messages.', + 'The binary protocol opaque header value used for correlating request with response messages.\n', }, { name: 'response.opaque', type: 'long', description: - 'The binary protocol opaque header value used for correlating request with response messages.', + 'The binary protocol opaque header value used for correlating request with response messages.\n', }, { name: 'request.vbucket', type: 'long', - description: 'The vbucket index sent in the binary message.', + description: 'The vbucket index sent in the binary message.\n', }, { name: 'response.status', type: 'keyword', description: - 'The textual representation of the response error code (binary protocol only).', + 'The textual representation of the response error code (binary protocol only).\n', }, { name: 'response.status_code', type: 'long', - description: 'The status code value returned in the response (binary protocol only).', + description: 'The status code value returned in the response (binary protocol only).\n', }, { name: 'request.keys', type: 'array', - description: 'The list of keys sent in the store or load commands.', + description: 'The list of keys sent in the store or load commands.\n', }, { name: 'response.keys', type: 'array', - description: 'The list of keys returned for the load command (if present).', + description: 'The list of keys returned for the load command (if present).\n', }, { name: 'request.count_values', type: 'long', description: - 'The number of values found in the memcache request message. If the command does not send any data, this field is missing.', + 'The number of values found in the memcache request message. If the command does not send any data, this field is missing.\n', }, { name: 'response.count_values', type: 'long', description: - 'The number of values found in the memcache response message. If the command does not send any data, this field is missing.', + 'The number of values found in the memcache response message. If the command does not send any data, this field is missing.\n', }, { name: 'request.values', type: 'array', - description: 'The list of base64 encoded values sent with the request (if present).', + description: 'The list of base64 encoded values sent with the request (if present).\n', }, { name: 'response.values', type: 'array', - description: 'The list of base64 encoded values sent with the response (if present).', + description: 'The list of base64 encoded values sent with the response (if present).\n', }, { name: 'request.bytes', type: 'long', format: 'bytes', - description: 'The byte count of the values being transferred.', + description: 'The byte count of the values being transferred.\n', }, { name: 'response.bytes', type: 'long', format: 'bytes', - description: 'The byte count of the values being transferred.', + description: 'The byte count of the values being transferred.\n', }, { name: 'request.delta', type: 'long', - description: 'The counter increment/decrement delta value.', + description: 'The counter increment/decrement delta value.\n', }, { name: 'request.initial', type: 'long', description: - 'The counter increment/decrement initial value parameter (binary protocol only).', + 'The counter increment/decrement initial value parameter (binary protocol only).\n', }, { name: 'request.verbosity', type: 'long', - description: 'The value of the memcache "verbosity" command.', + description: 'The value of the memcache "verbosity" command.\n', }, { name: 'request.raw_args', type: 'keyword', description: - 'The text protocol raw arguments for the "stats ..." and "lru crawl ..." commands.', + 'The text protocol raw arguments for the "stats ..." and "lru crawl ..." commands.\n', }, { name: 'request.source_class', type: 'long', - description: "The source class id in 'slab reassign' command. ", + description: "The source class id in 'slab reassign' command.\n", }, { name: 'request.dest_class', type: 'long', - description: "The destination class id in 'slab reassign' command. ", + description: "The destination class id in 'slab reassign' command.\n", }, { name: 'request.automove', type: 'keyword', description: - 'The automove mode in the \'slab automove\' command expressed as a string. This value can be "standby"(=0), "slow"(=1), "aggressive"(=2), or the raw value if the value is unknown.', + 'The automove mode in the \'slab automove\' command expressed as a string. This value can be "standby"(=0), "slow"(=1), "aggressive"(=2), or the raw value if the value is unknown.\n', }, { name: 'request.flags', type: 'long', - description: 'The memcache command flags sent in the request (if present).', + description: 'The memcache command flags sent in the request (if present).\n', }, { name: 'response.flags', type: 'long', - description: 'The memcache message flags sent in the response (if present).', + description: 'The memcache message flags sent in the response (if present).\n', }, { name: 'request.exptime', type: 'long', description: - 'The data expiry time in seconds sent with the memcache command (if present). If the value is <30 days, the expiry time is relative to "now", or else it is an absolute Unix time in seconds (32-bit).', + 'The data expiry time in seconds sent with the memcache command (if present). If the value is <30 days, the expiry time is relative to "now", or else it is an absolute Unix time in seconds (32-bit).\n', }, { name: 'request.sleep_us', type: 'long', - description: "The sleep setting in microseconds for the 'lru_crawler sleep' command. ", + description: "The sleep setting in microseconds for the 'lru_crawler sleep' command.\n", }, { name: 'response.value', type: 'long', - description: 'The counter value returned by a counter operation.', + description: 'The counter value returned by a counter operation.\n', }, { name: 'request.noreply', type: 'boolean', description: - 'Set to true if noreply was set in the request. The `memcache.response` field will be missing.', + 'Set to true if noreply was set in the request. The `memcache.response` field will be missing.\n', }, { name: 'request.quiet', type: 'boolean', description: - 'Set to true if the binary protocol message is to be treated as a quiet message.', + 'Set to true if the binary protocol message is to be treated as a quiet message.\n', }, { name: 'request.cas_unique', type: 'long', - description: 'The CAS (compare-and-swap) identifier if present.', + description: 'The CAS (compare-and-swap) identifier if present.\n', }, { name: 'response.cas_unique', type: 'long', description: - 'The CAS (compare-and-swap) identifier to be used with CAS-based updates (if present).', + 'The CAS (compare-and-swap) identifier to be used with CAS-based updates (if present).\n', }, { name: 'response.stats', type: 'array', description: - 'The list of statistic values returned. Each entry is a dictionary with the fields "name" and "value".', + 'The list of statistic values returned. Each entry is a dictionary with the fields "name" and "value".\n', }, { name: 'response.version', type: 'keyword', - description: 'The returned memcache version string.', + description: 'The returned memcache version string.\n', }, ], }, @@ -4013,7 +7498,7 @@ export const packetbeatSchema: Schema = [ key: 'mongodb', title: 'MongoDb', description: - 'MongoDB-specific event fields. These fields mirror closely the fields for the MongoDB wire protocol. The higher level fields (for example, `query` and `resource`) apply to MongoDB events as well.', + 'MongoDB-specific event fields. These fields mirror closely the fields for the MongoDB wire protocol. The higher level fields (for example, `query` and `resource`) apply to MongoDB events as well.\n', fields: [ { name: 'mongodb', @@ -4022,57 +7507,57 @@ export const packetbeatSchema: Schema = [ { name: 'error', description: - 'If the MongoDB request has resulted in an error, this field contains the error message returned by the server.', + 'If the MongoDB request has resulted in an error, this field contains the error message returned by the server.\n', }, { name: 'fullCollectionName', description: - 'The full collection name. The full collection name is the concatenation of the database name with the collection name, using a dot (.) for the concatenation. For example, for the database foo and the collection bar, the full collection name is foo.bar.', + 'The full collection name. The full collection name is the concatenation of the database name with the collection name, using a dot (.) for the concatenation. For example, for the database foo and the collection bar, the full collection name is foo.bar.\n', }, { name: 'numberToSkip', type: 'long', description: - 'Sets the number of documents to omit - starting from the first document in the resulting dataset - when returning the result of the query.', + 'Sets the number of documents to omit - starting from the first document in the resulting dataset - when returning the result of the query.\n', }, { name: 'numberToReturn', type: 'long', - description: 'The requested maximum number of documents to be returned.', + description: 'The requested maximum number of documents to be returned.\n', }, { name: 'numberReturned', type: 'long', - description: 'The number of documents in the reply.', + description: 'The number of documents in the reply.\n', }, { name: 'startingFrom', - description: 'Where in the cursor this reply is starting.', + description: 'Where in the cursor this reply is starting.\n', }, { name: 'query', description: - 'A JSON document that represents the query. The query will contain one or more elements, all of which must match for a document to be included in the result set. Possible elements include $query, $orderby, $hint, $explain, and $snapshot.', + 'A JSON document that represents the query. The query will contain one or more elements, all of which must match for a document to be included in the result set. Possible elements include $query, $orderby, $hint, $explain, and $snapshot.\n', }, { name: 'returnFieldsSelector', description: - 'A JSON document that limits the fields in the returned documents. The returnFieldsSelector contains one or more elements, each of which is the name of a field that should be returned, and the integer value 1.', + 'A JSON document that limits the fields in the returned documents. The returnFieldsSelector contains one or more elements, each of which is the name of a field that should be returned, and the integer value 1.\n', }, { name: 'selector', description: - 'A BSON document that specifies the query for selecting the document to update or delete.', + 'A BSON document that specifies the query for selecting the document to update or delete.\n', }, { name: 'update', description: - 'A BSON document that specifies the update to be performed. For information on specifying updates, see the Update Operations documentation from the MongoDB Manual.', + 'A BSON document that specifies the update to be performed. For information on specifying updates, see the Update Operations documentation from the MongoDB Manual.\n', }, { name: 'cursorId', description: - 'The cursor identifier returned in the OP_REPLY. This must be the value that was returned from the database.', + 'The cursor identifier returned in the OP_REPLY. This must be the value that was returned from the database.\n', }, ], }, @@ -4081,7 +7566,7 @@ export const packetbeatSchema: Schema = [ { key: 'mysql', title: 'MySQL', - description: 'MySQL-specific event fields.', + description: 'MySQL-specific event fields.\n', fields: [ { name: 'mysql', @@ -4091,35 +7576,35 @@ export const packetbeatSchema: Schema = [ name: 'affected_rows', type: 'long', description: - 'If the MySQL command is successful, this field contains the affected number of rows of the last statement.', + 'If the MySQL command is successful, this field contains the affected number of rows of the last statement.\n', }, { name: 'insert_id', description: - 'If the INSERT query is successful, this field contains the id of the newly inserted row.', + 'If the INSERT query is successful, this field contains the id of the newly inserted row.\n', }, { name: 'num_fields', description: - 'If the SELECT query is successful, this field is set to the number of fields returned.', + 'If the SELECT query is successful, this field is set to the number of fields returned.\n', }, { name: 'num_rows', description: - 'If the SELECT query is successful, this field is set to the number of rows returned.', + 'If the SELECT query is successful, this field is set to the number of rows returned.\n', }, { name: 'query', - description: "The row mysql query as read from the transaction's request. ", + description: "The row mysql query as read from the transaction's request.\n", }, { name: 'error_code', type: 'long', - description: 'The error code returned by MySQL.', + description: 'The error code returned by MySQL.\n', }, { name: 'error_message', - description: 'The error info message returned by MySQL.', + description: 'The error info message returned by MySQL.\n', }, ], }, @@ -4150,7 +7635,7 @@ export const packetbeatSchema: Schema = [ }, { name: 'opcode', - description: 'NFS operation name, or main operation name, in case of COMPOUND calls.', + description: 'NFS operation name, or main operation name, in case of COMPOUND calls.\n', }, { name: 'status', @@ -4219,7 +7704,7 @@ export const packetbeatSchema: Schema = [ { key: 'pgsql', title: 'PostgreSQL', - description: 'PostgreSQL-specific event fields.', + description: 'PostgreSQL-specific event fields.\n', fields: [ { name: 'pgsql', @@ -4242,12 +7727,12 @@ export const packetbeatSchema: Schema = [ { name: 'num_fields', description: - 'If the SELECT query if successful, this field is set to the number of fields returned.', + 'If the SELECT query if successful, this field is set to the number of fields returned.\n', }, { name: 'num_rows', description: - 'If the SELECT query if successful, this field is set to the number of rows returned.', + 'If the SELECT query if successful, this field is set to the number of rows returned.\n', }, ], }, @@ -4256,7 +7741,7 @@ export const packetbeatSchema: Schema = [ { key: 'redis', title: 'Redis', - description: 'Redis-specific event fields.', + description: 'Redis-specific event fields.\n', fields: [ { name: 'redis', @@ -4264,12 +7749,12 @@ export const packetbeatSchema: Schema = [ fields: [ { name: 'return_value', - description: 'The return value of the Redis command in a human readable format.', + description: 'The return value of the Redis command in a human readable format.\n', }, { name: 'error', description: - 'If the Redis command has resulted in an error, this field contains the error message returned by the Redis server.', + 'If the Redis command has resulted in an error, this field contains the error message returned by the Redis server.\n', }, ], }, @@ -4278,7 +7763,7 @@ export const packetbeatSchema: Schema = [ { key: 'thrift', title: 'Thrift-RPC', - description: 'Thrift-RPC specific event fields.', + description: 'Thrift-RPC specific event fields.\n', fields: [ { name: 'thrift', @@ -4287,521 +7772,785 @@ export const packetbeatSchema: Schema = [ { name: 'params', description: - 'The RPC method call parameters in a human readable format. If the IDL files are available, the parameters use names whenever possible. Otherwise, the IDs from the message are used.', + 'The RPC method call parameters in a human readable format. If the IDL files are available, the parameters use names whenever possible. Otherwise, the IDs from the message are used.\n', }, { name: 'service', - description: 'The name of the Thrift-RPC service as defined in the IDL files.', + description: 'The name of the Thrift-RPC service as defined in the IDL files.\n', }, { name: 'return_value', description: - 'The value returned by the Thrift-RPC call. This is encoded in a human readable format.', + 'The value returned by the Thrift-RPC call. This is encoded in a human readable format.\n', }, { name: 'exceptions', description: - 'If the call resulted in exceptions, this field contains the exceptions in a human readable format.', + 'If the call resulted in exceptions, this field contains the exceptions in a human readable format.\n', }, ], }, ], - }, - { - key: 'tls', - title: 'TLS', - description: 'TLS-specific event fields.', - fields: [ - { - name: 'tls', - type: 'group', - fields: [ - { - name: 'version', - type: 'keyword', - description: 'The version of the TLS protocol used.', - example: 'TLS 1.3', - }, - { - name: 'handshake_completed', - type: 'boolean', - description: - 'Whether the TLS negotiation has been successful and the session has transitioned to encrypted mode.', - }, - { - name: 'resumed', - type: 'boolean', - description: 'If the TLS session has been resumed from a previous session.', - }, - { - name: 'resumption_method', - type: 'keyword', - description: - 'If the session has been resumed, the underlying method used. One of "id" for TLS session ID or "ticket" for TLS ticket extension.', - }, - { - name: 'client_certificate_requested', - type: 'boolean', - description: - 'Whether the server has requested the client to authenticate itself using a client certificate.', - }, - { - name: 'client_hello', - type: 'group', - fields: [ - { - name: 'version', - type: 'keyword', - description: - 'The version of the TLS protocol by which the client wishes to communicate during this session.', - }, - { - name: 'supported_ciphers', - type: 'array', - description: - 'List of ciphers the client is willing to use for this session. See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4', - }, - { - name: 'supported_compression_methods', - type: 'array', - description: - 'The list of compression methods the client supports. See https://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xhtml', - }, - { - name: 'extensions', - type: 'group', - description: 'The hello extensions provided by the client.', - fields: [ - { - name: 'server_name_indication', - type: 'keyword', - description: 'List of hostnames', - }, - { - name: 'application_layer_protocol_negotiation', - type: 'keyword', - description: - 'List of application-layer protocols the client is willing to use.', - }, - { - name: 'session_ticket', - type: 'keyword', - description: - 'Length of the session ticket, if provided, or an empty string to advertise support for tickets.', - }, - { - name: 'supported_versions', - type: 'keyword', - description: 'List of TLS versions that the client is willing to use.', - }, - { - name: 'supported_groups', - type: 'keyword', - description: - 'List of Elliptic Curve Cryptography (ECC) curve groups supported by the client.', - }, - { - name: 'signature_algorithms', - type: 'keyword', - description: - 'List of signature algorithms that may be use in digital signatures.', - }, - { - name: 'ec_points_formats', - type: 'keyword', - description: - 'List of Elliptic Curve (EC) point formats. Indicates the set of point formats that the client can parse.', - }, - { - name: '_unparsed_', - type: 'keyword', - description: 'List of extensions that were left unparsed by Packetbeat.', - }, - ], - }, - ], - }, + }, + { + key: 'tls_detailed', + title: 'Detailed TLS', + description: 'Detailed TLS-specific event fields.\n', + fields: [ + { + name: 'tls', + type: 'group', + fields: [ { - name: 'server_hello', + name: 'detailed', type: 'group', + default_fields: false, fields: [ { name: 'version', type: 'keyword', - description: - 'The version of the TLS protocol that is used for this session. It is the highest version supported by the server not exceeding the version requested in the client hello.', - }, - { - name: 'selected_cipher', - type: 'keyword', - description: - 'The cipher suite selected by the server from the list provided by in the client hello.', + description: 'The version of the TLS protocol used.\n', + example: 'TLS 1.3', }, { - name: 'selected_compression_method', + name: 'resumption_method', type: 'keyword', description: - 'The compression method selected by the server from the list provided in the client hello.', + 'If the session has been resumed, the underlying method used. One of "id" for TLS session ID or "ticket" for TLS ticket extension.\n', }, { - name: 'session_id', - type: 'keyword', + name: 'client_certificate_requested', + type: 'boolean', description: - 'Unique number to identify the session for the corresponding connection with the client.', + 'Whether the server has requested the client to authenticate itself using a client certificate.\n', }, { - name: 'extensions', + name: 'client_hello', type: 'group', - description: 'The hello extensions provided by the server.', fields: [ { - name: 'application_layer_protocol_negotiation', - type: 'array', - description: 'Negotiated application layer protocol', - }, - { - name: 'session_ticket', + name: 'version', type: 'keyword', description: - 'Used to announce that a session ticket will be provided by the server. Always an empty string.', + 'The version of the TLS protocol by which the client wishes to communicate during this session.\n', }, { - name: 'supported_versions', + name: 'session_id', type: 'keyword', - description: 'Negotiated TLS version to be used.', + description: + 'Unique number to identify the session for the corresponding connection with the client.\n', }, { - name: 'ec_points_formats', + name: 'supported_compression_methods', type: 'keyword', description: - 'List of Elliptic Curve (EC) point formats. Indicates the set of point formats that the server can parse.', + 'The list of compression methods the client supports. See https://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xhtml\n', }, { - name: '_unparsed_', - type: 'keyword', - description: 'List of extensions that were left unparsed by Packetbeat.', + name: 'extensions', + type: 'group', + description: 'The hello extensions provided by the client.', + fields: [ + { + name: 'server_name_indication', + type: 'keyword', + description: 'List of hostnames', + }, + { + name: 'application_layer_protocol_negotiation', + type: 'keyword', + description: + 'List of application-layer protocols the client is willing to use.\n', + }, + { + name: 'session_ticket', + type: 'keyword', + description: + 'Length of the session ticket, if provided, or an empty string to advertise support for tickets.\n', + }, + { + name: 'supported_versions', + type: 'keyword', + description: 'List of TLS versions that the client is willing to use.\n', + }, + { + name: 'supported_groups', + type: 'keyword', + description: + 'List of Elliptic Curve Cryptography (ECC) curve groups supported by the client.\n', + }, + { + name: 'signature_algorithms', + type: 'keyword', + description: + 'List of signature algorithms that may be use in digital signatures.\n', + }, + { + name: 'ec_points_formats', + type: 'keyword', + description: + 'List of Elliptic Curve (EC) point formats. Indicates the set of point formats that the client can parse.\n', + }, + { + name: '_unparsed_', + type: 'keyword', + description: 'List of extensions that were left unparsed by Packetbeat.\n', + }, + ], }, ], }, - ], - }, - { - name: 'client_certificate', - type: 'group', - description: 'Certificate provided by the client for authentication.', - fields: [ - { - name: 'version', - type: 'long', - description: 'X509 format version.', - }, - { - name: 'serial_number', - type: 'keyword', - description: "The certificate's serial number.", - }, - { - name: 'not_before', - type: 'date', - description: 'Date before which the certificate is not valid.', - }, { - name: 'not_after', - type: 'date', - description: 'Date after which the certificate expires.', - }, - { - name: 'public_key_algorithm', - type: 'keyword', - description: - "The algorithm used for this certificate's public key. One of RSA, DSA or ECDSA. ", - }, - { - name: 'public_key_size', - type: 'long', - description: 'Size of the public key.', - }, - { - name: 'signature_algorithm', - type: 'keyword', - description: "The algorithm used for the certificate's signature. ", - }, - { - name: 'alternative_names', - type: 'array', - description: 'Subject Alternative Names for this certificate.', - }, - { - name: 'raw', - type: 'keyword', - description: 'The raw certificate in PEM format.', - }, - { - name: 'subject', + name: 'server_hello', type: 'group', - description: 'Subject represented by this certificate.', fields: [ { - name: 'country', - type: 'keyword', - description: 'Country code.', - }, - { - name: 'organization', + name: 'version', type: 'keyword', - description: 'Organization name.', + description: + 'The version of the TLS protocol that is used for this session. It is the highest version supported by the server not exceeding the version requested in the client hello.\n', }, { - name: 'organizational_unit', + name: 'selected_compression_method', type: 'keyword', - description: 'Unit within organization.', + description: + 'The compression method selected by the server from the list provided in the client hello.\n', }, { - name: 'province', + name: 'session_id', type: 'keyword', - description: 'Province or region within country.', + description: + 'Unique number to identify the session for the corresponding connection with the client.\n', }, { - name: 'common_name', - type: 'keyword', - description: 'Name or host name identified by the certificate.', + name: 'extensions', + type: 'group', + description: 'The hello extensions provided by the server.', + fields: [ + { + name: 'application_layer_protocol_negotiation', + type: 'keyword', + description: 'Negotiated application layer protocol', + }, + { + name: 'session_ticket', + type: 'keyword', + description: + 'Used to announce that a session ticket will be provided by the server. Always an empty string.\n', + }, + { + name: 'supported_versions', + type: 'keyword', + description: 'Negotiated TLS version to be used.\n', + }, + { + name: 'ec_points_formats', + type: 'keyword', + description: + 'List of Elliptic Curve (EC) point formats. Indicates the set of point formats that the server can parse.\n', + }, + { + name: '_unparsed_', + type: 'keyword', + description: 'List of extensions that were left unparsed by Packetbeat.\n', + }, + ], }, ], }, { - name: 'issuer', + name: 'client_certificate', type: 'group', - description: 'Entity that issued and signed this certificate.', + description: 'Certificate provided by the client for authentication.', fields: [ { - name: 'country', - type: 'keyword', - description: 'Country code.', + name: 'version', + type: 'long', + description: 'X509 format version.', }, { - name: 'organization', + name: 'serial_number', type: 'keyword', - description: 'Organization name.', + description: "The certificate's serial number.", }, { - name: 'organizational_unit', - type: 'keyword', - description: 'Unit within organization.', + name: 'not_before', + type: 'date', + description: 'Date before which the certificate is not valid.', }, { - name: 'province', - type: 'keyword', - description: 'Province or region within country.', + name: 'not_after', + type: 'date', + description: 'Date after which the certificate expires.', }, { - name: 'common_name', + name: 'public_key_algorithm', type: 'keyword', - description: 'Name or host name identified by the certificate.', + description: + "The algorithm used for this certificate's public key. One of RSA, DSA or ECDSA.\n", }, - ], - }, - { - name: 'fingerprint', - type: 'group', - fields: [ { - name: 'md5', - type: 'keyword', - description: "Certificate's MD5 fingerprint.", + name: 'public_key_size', + type: 'long', + description: 'Size of the public key.', }, { - name: 'sha1', + name: 'signature_algorithm', type: 'keyword', - description: "Certificate's SHA-1 fingerprint.", + description: "The algorithm used for the certificate's signature.\n", }, { - name: 'sha256', + name: 'alternative_names', type: 'keyword', - description: "Certificate's SHA-256 fingerprint.", + description: 'Subject Alternative Names for this certificate.', + }, + { + name: 'subject', + type: 'group', + description: 'Subject represented by this certificate.', + fields: [ + { + name: 'country', + type: 'keyword', + description: 'Country code.', + }, + { + name: 'organization', + type: 'keyword', + description: 'Organization name.', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: 'Unit within organization.', + }, + { + name: 'province', + type: 'keyword', + description: 'Province or region within country.', + }, + { + name: 'common_name', + type: 'keyword', + description: 'Name or host name identified by the certificate.', + }, + { + name: 'locality', + type: 'keyword', + description: 'Locality.', + }, + ], + }, + { + name: 'issuer', + type: 'group', + description: 'Entity that issued and signed this certificate.', + fields: [ + { + name: 'country', + type: 'keyword', + description: 'Country code.', + }, + { + name: 'organization', + type: 'keyword', + description: 'Organization name.', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: 'Unit within organization.', + }, + { + name: 'province', + type: 'keyword', + description: 'Province or region within country.', + }, + { + name: 'common_name', + type: 'keyword', + description: 'Name or host name identified by the certificate.', + }, + { + name: 'locality', + type: 'keyword', + description: 'Locality.', + }, + ], }, ], }, - ], - }, - { - name: 'server_certificate', - type: 'group', - description: 'Certificate provided by the server for authentication.', - fields: [ - { - name: 'version', - type: 'long', - description: 'X509 format version.', - }, - { - name: 'serial_number', - type: 'keyword', - description: "The certificate's serial number.", - }, - { - name: 'not_before', - type: 'date', - description: 'Date before which the certificate is not valid.', - }, - { - name: 'not_after', - type: 'date', - description: 'Date after which the certificate expires.', - }, - { - name: 'public_key_algorithm', - type: 'keyword', - description: - "The algorithm used for this certificate's public key. One of RSA, DSA or ECDSA. ", - }, - { - name: 'public_key_size', - type: 'long', - description: 'Size of the public key.', - }, { - name: 'signature_algorithm', - type: 'keyword', - description: "The algorithm used for the certificate's signature. ", - }, - { - name: 'alternative_names', - type: 'array', - description: 'Subject Alternative Names for this certificate.', - }, - { - name: 'raw', - type: 'keyword', - description: 'The raw certificate in PEM format.', - }, - { - name: 'subject', + name: 'server_certificate', type: 'group', - description: 'Subject represented by this certificate.', + description: 'Certificate provided by the server for authentication.', fields: [ { - name: 'country', - type: 'keyword', - description: 'Country code.', + name: 'version', + type: 'long', + description: 'X509 format version.', }, { - name: 'organization', + name: 'serial_number', type: 'keyword', - description: 'Organization name.', + description: "The certificate's serial number.", + }, + { + name: 'not_before', + type: 'date', + description: 'Date before which the certificate is not valid.', + }, + { + name: 'not_after', + type: 'date', + description: 'Date after which the certificate expires.', }, { - name: 'organizational_unit', + name: 'public_key_algorithm', type: 'keyword', - description: 'Unit within organization.', + description: + "The algorithm used for this certificate's public key. One of RSA, DSA or ECDSA.\n", + }, + { + name: 'public_key_size', + type: 'long', + description: 'Size of the public key.', }, { - name: 'province', + name: 'signature_algorithm', type: 'keyword', - description: 'Province or region within country.', + description: "The algorithm used for the certificate's signature.\n", }, { - name: 'common_name', + name: 'alternative_names', type: 'keyword', - description: 'Name or host name identified by the certificate.', + description: 'Subject Alternative Names for this certificate.', + }, + { + name: 'subject', + type: 'group', + description: 'Subject represented by this certificate.', + fields: [ + { + name: 'country', + type: 'keyword', + description: 'Country code.', + }, + { + name: 'organization', + type: 'keyword', + description: 'Organization name.', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: 'Unit within organization.', + }, + { + name: 'province', + type: 'keyword', + description: 'Province or region within country.', + }, + { + name: 'common_name', + type: 'keyword', + description: 'Name or host name identified by the certificate.', + }, + { + name: 'locality', + type: 'keyword', + description: 'Locality.', + }, + ], + }, + { + name: 'issuer', + type: 'group', + description: 'Entity that issued and signed this certificate.', + fields: [ + { + name: 'country', + type: 'keyword', + description: 'Country code.', + }, + { + name: 'organization', + type: 'keyword', + description: 'Organization name.', + }, + { + name: 'organizational_unit', + type: 'keyword', + description: 'Unit within organization.', + }, + { + name: 'province', + type: 'keyword', + description: 'Province or region within country.', + }, + { + name: 'common_name', + type: 'keyword', + description: 'Name or host name identified by the certificate.', + }, + { + name: 'locality', + type: 'keyword', + description: 'Locality.', + }, + ], }, ], }, { - name: 'issuer', - type: 'group', - description: 'Entity that issued and signed this certificate.', - fields: [ - { - name: 'country', - type: 'keyword', - description: 'Country code.', - }, - { - name: 'organization', - type: 'keyword', - description: 'Organization name.', - }, - { - name: 'organizational_unit', - type: 'keyword', - description: 'Unit within organization.', - }, - { - name: 'province', - type: 'keyword', - description: 'Province or region within country.', - }, - { - name: 'common_name', - type: 'keyword', - description: 'Name or host name identified by the certificate.', - }, - ], + name: 'server_certificate_chain', + type: 'array', + description: 'Chain of trust for the server certificate.', }, { - name: 'fingerprint', - type: 'group', - fields: [ - { - name: 'md5', - type: 'keyword', - description: "Certificate's MD5 fingerprint.", - }, - { - name: 'sha1', - type: 'keyword', - description: "Certificate's SHA-1 fingerprint.", - }, - { - name: 'sha256', - type: 'keyword', - description: "Certificate's SHA-256 fingerprint.", - }, - ], + name: 'client_certificate_chain', + type: 'array', + description: 'Chain of trust for the client certificate.', }, - ], - }, - { - name: 'server_certificate_chain', - type: 'array', - description: 'Chain of trust for the server certificate.', - }, - { - name: 'client_certificate_chain', - type: 'array', - description: 'Chain of trust for the client certificate.', - }, - { - name: 'alert_types', - type: 'keyword', - description: 'An array containing the TLS alert type for every alert received.', - }, - { - name: 'fingerprints', - type: 'group', - description: 'Fingerprints for this TLS session.', - fields: [ { - name: 'ja3', - type: 'group', - description: 'JA3 TLS client fingerprint', - fields: [ - { - name: 'hash', - type: 'keyword', - description: 'The JA3 fingerprint hash for the client side.', - }, - { - name: 'str', - type: 'keyword', - description: 'The JA3 string used to calculate the hash.', - }, - ], + name: 'alert_types', + type: 'keyword', + description: 'An array containing the TLS alert type for every alert received.\n', }, ], }, ], }, + { + name: 'tls.handshake_completed', + type: 'alias', + path: 'tls.established', + }, + { + name: 'tls.client_hello.supported_ciphers', + type: 'alias', + path: 'tls.client.supported_ciphers', + }, + { + name: 'tls.server_hello.selected_cipher', + type: 'alias', + path: 'tls.cipher', + }, + { + name: 'tls.fingerprints.ja3', + type: 'alias', + path: 'tls.client.ja3', + }, + { + name: 'tls.resumption_method', + type: 'alias', + path: 'tls.detailed.resumption_method', + }, + { + name: 'tls.client_certificate_requested', + type: 'alias', + path: 'tls.detailed.client_certificate_requested', + }, + { + name: 'tls.client_hello.version', + type: 'alias', + path: 'tls.detailed.client_hello.version', + }, + { + name: 'tls.client_hello.session_id', + type: 'alias', + path: 'tls.detailed.client_hello.session_id', + }, + { + name: 'tls.client_hello.supported_compression_methods', + type: 'alias', + path: 'tls.detailed.client_hello.supported_compression_methods', + }, + { + name: 'tls.client_hello.extensions.server_name_indication', + type: 'alias', + path: 'tls.detailed.client_hello.extensions.server_name_indication', + }, + { + name: 'tls.client_hello.extensions.application_layer_protocol_negotiation', + type: 'alias', + path: 'tls.detailed.client_hello.extensions.application_layer_protocol_negotiation', + }, + { + name: 'tls.client_hello.extensions.session_ticket', + type: 'alias', + path: 'tls.detailed.client_hello.extensions.session_ticket', + }, + { + name: 'tls.client_hello.extensions.supported_versions', + type: 'alias', + path: 'tls.detailed.client_hello.extensions.supported_versions', + }, + { + name: 'tls.client_hello.extensions.supported_groups', + type: 'alias', + path: 'tls.detailed.client_hello.extensions.supported_groups', + }, + { + name: 'tls.client_hello.extensions.signature_algorithms', + type: 'alias', + path: 'tls.detailed.client_hello.extensions.signature_algorithms', + }, + { + name: 'tls.client_hello.extensions.ec_points_formats', + type: 'alias', + path: 'tls.detailed.client_hello.extensions.ec_points_formats', + }, + { + name: 'tls.client_hello.extensions._unparsed_', + type: 'alias', + path: 'tls.detailed.client_hello.extensions._unparsed_', + }, + { + name: 'tls.server_hello.version', + type: 'alias', + path: 'tls.detailed.server_hello.version', + }, + { + name: 'tls.server_hello.selected_compression_method', + type: 'alias', + path: 'tls.detailed.server_hello.selected_compression_method', + }, + { + name: 'tls.server_hello.session_id', + type: 'alias', + path: 'tls.detailed.server_hello.session_id', + }, + { + name: 'tls.server_hello.extensions.application_layer_protocol_negotiation', + type: 'alias', + path: 'tls.detailed.server_hello.extensions.application_layer_protocol_negotiation', + }, + { + name: 'tls.server_hello.extensions.session_ticket', + type: 'alias', + path: 'tls.detailed.server_hello.extensions.session_ticket', + }, + { + name: 'tls.server_hello.extensions.supported_versions', + type: 'alias', + path: 'tls.detailed.server_hello.extensions.supported_versions', + }, + { + name: 'tls.server_hello.extensions.ec_points_formats', + type: 'alias', + path: 'tls.detailed.server_hello.extensions.ec_points_formats', + }, + { + name: 'tls.server_hello.extensions._unparsed_', + type: 'alias', + path: 'tls.detailed.server_hello.extensions._unparsed_', + }, + { + name: 'tls.client_certificate.version', + type: 'alias', + path: 'tls.detailed.client_certificate.version', + }, + { + name: 'tls.client_certificate.serial_number', + type: 'alias', + path: 'tls.detailed.client_certificate.serial_number', + }, + { + name: 'tls.client_certificate.not_before', + type: 'alias', + path: 'tls.detailed.client_certificate.not_before', + }, + { + name: 'tls.client_certificate.not_after', + type: 'alias', + path: 'tls.detailed.client_certificate.not_after', + }, + { + name: 'tls.client_certificate.public_key_algorithm', + type: 'alias', + path: 'tls.detailed.client_certificate.public_key_algorithm', + }, + { + name: 'tls.client_certificate.public_key_size', + type: 'alias', + path: 'tls.detailed.client_certificate.public_key_size', + }, + { + name: 'tls.client_certificate.signature_algorithm', + type: 'alias', + path: 'tls.detailed.client_certificate.signature_algorithm', + }, + { + name: 'tls.client_certificate.alternative_names', + type: 'alias', + path: 'tls.detailed.client_certificate.alternative_names', + }, + { + name: 'tls.client_certificate.subject.country', + type: 'alias', + path: 'tls.detailed.client_certificate.subject.country', + }, + { + name: 'tls.client_certificate.subject.organization', + type: 'alias', + path: 'tls.detailed.client_certificate.subject.organization', + }, + { + name: 'tls.client_certificate.subject.organizational_unit', + type: 'alias', + path: 'tls.detailed.client_certificate.subject.organizational_unit', + }, + { + name: 'tls.client_certificate.subject.province', + type: 'alias', + path: 'tls.detailed.client_certificate.subject.province', + }, + { + name: 'tls.client_certificate.subject.common_name', + type: 'alias', + path: 'tls.detailed.client_certificate.subject.common_name', + }, + { + name: 'tls.client_certificate.subject.locality', + type: 'alias', + path: 'tls.detailed.client_certificate.subject.locality', + }, + { + name: 'tls.client_certificate.issuer.country', + type: 'alias', + path: 'tls.detailed.client_certificate.issuer.country', + }, + { + name: 'tls.client_certificate.issuer.organization', + type: 'alias', + path: 'tls.detailed.client_certificate.issuer.organization', + }, + { + name: 'tls.client_certificate.issuer.organizational_unit', + type: 'alias', + path: 'tls.detailed.client_certificate.issuer.organizational_unit', + }, + { + name: 'tls.client_certificate.issuer.province', + type: 'alias', + path: 'tls.detailed.client_certificate.issuer.province', + }, + { + name: 'tls.client_certificate.issuer.common_name', + type: 'alias', + path: 'tls.detailed.client_certificate.issuer.common_name', + }, + { + name: 'tls.client_certificate.issuer.locality', + type: 'alias', + path: 'tls.detailed.client_certificate.issuer.locality', + }, + { + name: 'tls.server_certificate.version', + type: 'alias', + path: 'tls.detailed.server_certificate.version', + }, + { + name: 'tls.server_certificate.serial_number', + type: 'alias', + path: 'tls.detailed.server_certificate.serial_number', + }, + { + name: 'tls.server_certificate.not_before', + type: 'alias', + path: 'tls.detailed.server_certificate.not_before', + }, + { + name: 'tls.server_certificate.not_after', + type: 'alias', + path: 'tls.detailed.server_certificate.not_after', + }, + { + name: 'tls.server_certificate.public_key_algorithm', + type: 'alias', + path: 'tls.detailed.server_certificate.public_key_algorithm', + }, + { + name: 'tls.server_certificate.public_key_size', + type: 'alias', + path: 'tls.detailed.server_certificate.public_key_size', + }, + { + name: 'tls.server_certificate.signature_algorithm', + type: 'alias', + path: 'tls.detailed.server_certificate.signature_algorithm', + }, + { + name: 'tls.server_certificate.alternative_names', + type: 'alias', + path: 'tls.detailed.server_certificate.alternative_names', + }, + { + name: 'tls.server_certificate.subject.country', + type: 'alias', + path: 'tls.detailed.server_certificate.subject.country', + }, + { + name: 'tls.server_certificate.subject.organization', + type: 'alias', + path: 'tls.detailed.server_certificate.subject.organization', + }, + { + name: 'tls.server_certificate.subject.organizational_unit', + type: 'alias', + path: 'tls.detailed.server_certificate.subject.organizational_unit', + }, + { + name: 'tls.server_certificate.subject.province', + type: 'alias', + path: 'tls.detailed.server_certificate.subject.province', + }, + { + name: 'tls.server_certificate.subject.common_name', + type: 'alias', + path: 'tls.detailed.server_certificate.subject.common_name', + }, + { + name: 'tls.server_certificate.subject.locality', + type: 'alias', + path: 'tls.detailed.server_certificate.subject.locality', + }, + { + name: 'tls.server_certificate.issuer.country', + type: 'alias', + path: 'tls.detailed.server_certificate.issuer.country', + }, + { + name: 'tls.server_certificate.issuer.organization', + type: 'alias', + path: 'tls.detailed.server_certificate.issuer.organization', + }, + { + name: 'tls.server_certificate.issuer.organizational_unit', + type: 'alias', + path: 'tls.detailed.server_certificate.issuer.organizational_unit', + }, + { + name: 'tls.server_certificate.issuer.province', + type: 'alias', + path: 'tls.detailed.server_certificate.issuer.province', + }, + { + name: 'tls.server_certificate.issuer.common_name', + type: 'alias', + path: 'tls.detailed.server_certificate.issuer.common_name', + }, + { + name: 'tls.server_certificate.issuer.locality', + type: 'alias', + path: 'tls.detailed.server_certificate.issuer.locality', + }, + { + name: 'tls.alert_types', + type: 'alias', + path: 'tls.detailed.alert_types', + }, ], }, ]; diff --git a/x-pack/legacy/plugins/siem/server/utils/beat_schema/index.test.ts b/x-pack/legacy/plugins/siem/server/utils/beat_schema/index.test.ts index 53ed7c26b877f..56ceca2b70e9c 100644 --- a/x-pack/legacy/plugins/siem/server/utils/beat_schema/index.test.ts +++ b/x-pack/legacy/plugins/siem/server/utils/beat_schema/index.test.ts @@ -17,175 +17,94 @@ describe('Schema Beat', () => { convertData[0].fields = isArray(convertData[0].fields) ? convertData[0].fields!.slice(0, 6) : []; + expect(convertSchemaToAssociativeArray(convertData)).toEqual({ '@timestamp': { description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', + 'Date/time when the event originated.\n\nThis is the date/time extracted from the event, typically representing when\nthe event was generated by the source.\n\nIf the event source has no original timestamp, this value is typically populated\nby the first time the event was received by the pipeline.\n\nRequired field for all events.', example: '2016-05-23T08:05:34.853Z', name: '@timestamp', type: 'date', }, - tags: { - description: 'List of keywords used to tag each event.', - example: '["production", "env2"]', - name: 'tags', - type: 'keyword', - }, labels: { description: - 'Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: `docker` and `k8s` labels.', - example: '{"env":"production","application":"foo-bar"}', + 'Custom key/value pairs.\n\nCan be used to add meta information to events. Should not contain nested objects.\nAll values are stored as keyword.\n\nExample: `docker` and `k8s` labels.', + example: '{"application": "foo-bar", "env": "production"}', name: 'labels', type: 'object', }, message: { description: - 'For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message.', + 'For log events the message field contains the log message, optimized\nfor viewing in a log viewer.\n\nFor structured logs without an original message field, other fields can be concatenated\nto form a human-readable summary of the event.\n\nIf multiple messages exist, they can be combined into one message.', example: 'Hello World', name: 'message', type: 'text', }, + tags: { + description: 'List of keywords used to tag each event.', + example: '["production", "env2"]', + name: 'tags', + type: 'keyword', + }, agent: { description: - 'The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken.', + 'The agent fields contain the data about the software entity, if\nany, that collects, detects, or observes events on a host, or takes measurements\non a host.\n\nExamples include Beats. Agents may also run on observers. ECS agent.* fields\nshall be populated with details of the agent running on the host or observer\nwhere the event happened or the measurement was taken.', name: 'agent', type: 'group', fields: { - 'agent.version': { - description: 'Version of the agent.', - example: '6.0.0-rc2', - name: 'version', + 'agent.ephemeral_id': { + description: + 'Ephemeral identifier of this agent (if one exists).\n\nThis id normally changes across restarts, but `agent.id` does not.', + example: '8a4f500f', + name: 'ephemeral_id', + type: 'keyword', + }, + 'agent.id': { + description: + 'Unique identifier of this agent (if one exists).\n\nExample: For Beats this would be beat.id.', + example: '8a4f500d', + name: 'id', type: 'keyword', }, 'agent.name': { description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', + 'Custom name of the agent.\n\nThis is a name that can be given to an agent. This can be helpful if for example\ntwo Filebeat instances are running on the same host but a human readable separation\nis needed on which Filebeat instance data is coming from.\n\nIf no name is given, the name is often left empty.', example: 'foo', name: 'name', type: 'keyword', }, 'agent.type': { description: - 'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.', + 'Type of the agent.\n\nThe agent type stays always the same and should be given by the agent used.\nIn case of Filebeat the agent would always be Filebeat also if two Filebeat\ninstances are run on the same machine.', example: 'filebeat', name: 'type', type: 'keyword', }, - 'agent.id': { - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', - name: 'id', - type: 'keyword', - }, - 'agent.ephemeral_id': { - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', - name: 'ephemeral_id', + 'agent.version': { + description: 'Version of the agent.', + example: '6.0.0-rc2', + name: 'version', type: 'keyword', }, }, }, - client: { + as: { description: - 'A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', - name: 'client', + 'An autonomous system (AS) is a collection of connected Internet Protocol\n(IP) routing prefixes under the control of one or more network operators on\nbehalf of a single administrative entity or domain that presents a common, clearly\ndefined routing policy to the internet.', + name: 'as', type: 'group', fields: { - 'client.address': { + 'as.number': { description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - name: 'address', - type: 'keyword', - }, - 'client.ip': { - description: - 'IP address of the client. Can be one or multiple IPv4 or IPv6 addresses.', - name: 'ip', - type: 'ip', - }, - 'client.port': { - description: 'Port of the client.', - name: 'port', + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + name: 'number', type: 'long', }, - 'client.mac': { - description: 'MAC address of the client.', - name: 'mac', - type: 'keyword', - }, - 'client.domain': { - description: 'Client domain.', - name: 'domain', - type: 'keyword', - }, - 'client.bytes': { - description: 'Bytes sent from the client to the server.', - example: 184, - format: 'bytes', - name: 'bytes', - type: 'long', - }, - 'client.packets': { - description: 'Packets sent from the client to the server.', - example: 12, - name: 'packets', - type: 'long', - }, - 'client.geo': { - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - name: 'geo', - type: 'group', - }, - 'client.geo.location': { - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - name: 'location', - type: 'geo_point', - }, - 'client.geo.continent_name': { - description: 'Name of the continent.', - example: 'North America', - name: 'continent_name', - type: 'keyword', - }, - 'client.geo.country_name': { - description: 'Country name.', - example: 'Canada', - name: 'country_name', - type: 'keyword', - }, - 'client.geo.region_name': { - description: 'Region name.', - example: 'Quebec', - name: 'region_name', - type: 'keyword', - }, - 'client.geo.city_name': { - description: 'City name.', - example: 'Montreal', - name: 'city_name', - type: 'keyword', - }, - 'client.geo.country_iso_code': { - description: 'Country ISO code.', - example: 'CA', - name: 'country_iso_code', - type: 'keyword', - }, - 'client.geo.region_iso_code': { - description: 'Region ISO code.', - example: 'CA-QC', - name: 'region_iso_code', - type: 'keyword', - }, - 'client.geo.name': { - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - name: 'name', + 'as.organization.name': { + description: 'Organization name.', + example: 'Google LLC', + name: 'organization.name', type: 'keyword', }, }, @@ -198,175 +117,94 @@ describe('Schema Beat', () => { convertData[0].fields = isArray(convertData[0].fields) ? convertData[0].fields!.slice(0, 6) : []; + expect(convertSchemaToAssociativeArray(convertData)).toEqual({ '@timestamp': { description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', + 'Date/time when the event originated.\n\nThis is the date/time extracted from the event, typically representing when\nthe event was generated by the source.\n\nIf the event source has no original timestamp, this value is typically populated\nby the first time the event was received by the pipeline.\n\nRequired field for all events.', example: '2016-05-23T08:05:34.853Z', name: '@timestamp', type: 'date', }, - tags: { - description: 'List of keywords used to tag each event.', - example: '["production", "env2"]', - name: 'tags', - type: 'keyword', - }, labels: { description: - 'Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: `docker` and `k8s` labels.', - example: '{"env":"production","application":"foo-bar"}', + 'Custom key/value pairs.\n\nCan be used to add meta information to events. Should not contain nested objects.\nAll values are stored as keyword.\n\nExample: `docker` and `k8s` labels.', + example: '{"application": "foo-bar", "env": "production"}', name: 'labels', type: 'object', }, message: { description: - 'For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message.', + 'For log events the message field contains the log message, optimized\nfor viewing in a log viewer.\n\nFor structured logs without an original message field, other fields can be concatenated\nto form a human-readable summary of the event.\n\nIf multiple messages exist, they can be combined into one message.', example: 'Hello World', name: 'message', type: 'text', }, + tags: { + description: 'List of keywords used to tag each event.', + example: '["production", "env2"]', + name: 'tags', + type: 'keyword', + }, agent: { description: - 'The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken.', + 'The agent fields contain the data about the software entity, if\nany, that collects, detects, or observes events on a host, or takes measurements\non a host.\n\nExamples include Beats. Agents may also run on observers. ECS agent.* fields\nshall be populated with details of the agent running on the host or observer\nwhere the event happened or the measurement was taken.', name: 'agent', type: 'group', fields: { - 'agent.version': { - description: 'Version of the agent.', - example: '6.0.0-rc2', - name: 'version', + 'agent.ephemeral_id': { + description: + 'Ephemeral identifier of this agent (if one exists).\n\nThis id normally changes across restarts, but `agent.id` does not.', + example: '8a4f500f', + name: 'ephemeral_id', + type: 'keyword', + }, + 'agent.id': { + description: + 'Unique identifier of this agent (if one exists).\n\nExample: For Beats this would be beat.id.', + example: '8a4f500d', + name: 'id', type: 'keyword', }, 'agent.name': { description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', + 'Custom name of the agent.\n\nThis is a name that can be given to an agent. This can be helpful if for example\ntwo Filebeat instances are running on the same host but a human readable separation\nis needed on which Filebeat instance data is coming from.\n\nIf no name is given, the name is often left empty.', example: 'foo', name: 'name', type: 'keyword', }, 'agent.type': { description: - 'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.', + 'Type of the agent.\n\nThe agent type stays always the same and should be given by the agent used.\nIn case of Filebeat the agent would always be Filebeat also if two Filebeat\ninstances are run on the same machine.', example: 'filebeat', name: 'type', type: 'keyword', }, - 'agent.id': { - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', - name: 'id', - type: 'keyword', - }, - 'agent.ephemeral_id': { - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', - name: 'ephemeral_id', + 'agent.version': { + description: 'Version of the agent.', + example: '6.0.0-rc2', + name: 'version', type: 'keyword', }, }, }, - client: { + as: { description: - 'A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', - name: 'client', + 'An autonomous system (AS) is a collection of connected Internet Protocol\n(IP) routing prefixes under the control of one or more network operators on\nbehalf of a single administrative entity or domain that presents a common, clearly\ndefined routing policy to the internet.', + name: 'as', type: 'group', fields: { - 'client.address': { + 'as.number': { description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - name: 'address', - type: 'keyword', - }, - 'client.ip': { - description: - 'IP address of the client. Can be one or multiple IPv4 or IPv6 addresses.', - name: 'ip', - type: 'ip', - }, - 'client.port': { - description: 'Port of the client.', - name: 'port', - type: 'long', - }, - 'client.mac': { - description: 'MAC address of the client.', - name: 'mac', - type: 'keyword', - }, - 'client.domain': { - description: 'Client domain.', - name: 'domain', - type: 'keyword', - }, - 'client.bytes': { - description: 'Bytes sent from the client to the server.', - example: 184, - format: 'bytes', - name: 'bytes', - type: 'long', - }, - 'client.packets': { - description: 'Packets sent from the client to the server.', - example: 12, - name: 'packets', + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + name: 'number', type: 'long', }, - 'client.geo': { - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - name: 'geo', - type: 'group', - }, - 'client.geo.location': { - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - name: 'location', - type: 'geo_point', - }, - 'client.geo.continent_name': { - description: 'Name of the continent.', - example: 'North America', - name: 'continent_name', - type: 'keyword', - }, - 'client.geo.country_name': { - description: 'Country name.', - example: 'Canada', - name: 'country_name', - type: 'keyword', - }, - 'client.geo.region_name': { - description: 'Region name.', - example: 'Quebec', - name: 'region_name', - type: 'keyword', - }, - 'client.geo.city_name': { - description: 'City name.', - example: 'Montreal', - name: 'city_name', - type: 'keyword', - }, - 'client.geo.country_iso_code': { - description: 'Country ISO code.', - example: 'CA', - name: 'country_iso_code', - type: 'keyword', - }, - 'client.geo.region_iso_code': { - description: 'Region ISO code.', - example: 'CA-QC', - name: 'region_iso_code', - type: 'keyword', - }, - 'client.geo.name': { - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - name: 'name', + 'as.organization.name': { + description: 'Organization name.', + example: 'Google LLC', + name: 'organization.name', type: 'keyword', }, }, @@ -379,175 +217,94 @@ describe('Schema Beat', () => { convertData[0].fields = isArray(convertData[0].fields) ? convertData[0].fields!.slice(0, 6) : []; + expect(convertSchemaToAssociativeArray(convertData)).toEqual({ '@timestamp': { description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', + 'Date/time when the event originated.\n\nThis is the date/time extracted from the event, typically representing when\nthe event was generated by the source.\n\nIf the event source has no original timestamp, this value is typically populated\nby the first time the event was received by the pipeline.\n\nRequired field for all events.', example: '2016-05-23T08:05:34.853Z', name: '@timestamp', type: 'date', }, - tags: { - description: 'List of keywords used to tag each event.', - example: '["production", "env2"]', - name: 'tags', - type: 'keyword', - }, labels: { description: - 'Key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: `docker` and `k8s` labels.', - example: '{"env":"production","application":"foo-bar"}', + 'Custom key/value pairs.\n\nCan be used to add meta information to events. Should not contain nested objects.\nAll values are stored as keyword.\n\nExample: `docker` and `k8s` labels.', + example: '{"application": "foo-bar", "env": "production"}', name: 'labels', type: 'object', }, message: { description: - 'For log events the message field contains the log message. In other use cases the message field can be used to concatenate different values which are then freely searchable. If multiple messages exist, they can be combined into one message.', + 'For log events the message field contains the log message, optimized\nfor viewing in a log viewer.\n\nFor structured logs without an original message field, other fields can be concatenated\nto form a human-readable summary of the event.\n\nIf multiple messages exist, they can be combined into one message.', example: 'Hello World', name: 'message', type: 'text', }, + tags: { + description: 'List of keywords used to tag each event.', + example: '["production", "env2"]', + name: 'tags', + type: 'keyword', + }, agent: { description: - 'The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken.', + 'The agent fields contain the data about the software entity, if\nany, that collects, detects, or observes events on a host, or takes measurements\non a host.\n\nExamples include Beats. Agents may also run on observers. ECS agent.* fields\nshall be populated with details of the agent running on the host or observer\nwhere the event happened or the measurement was taken.', name: 'agent', type: 'group', fields: { - 'agent.version': { - description: 'Version of the agent.', - example: '6.0.0-rc2', - name: 'version', + 'agent.ephemeral_id': { + description: + 'Ephemeral identifier of this agent (if one exists).\n\nThis id normally changes across restarts, but `agent.id` does not.', + example: '8a4f500f', + name: 'ephemeral_id', + type: 'keyword', + }, + 'agent.id': { + description: + 'Unique identifier of this agent (if one exists).\n\nExample: For Beats this would be beat.id.', + example: '8a4f500d', + name: 'id', type: 'keyword', }, 'agent.name': { description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', + 'Custom name of the agent.\n\nThis is a name that can be given to an agent. This can be helpful if for example\ntwo Filebeat instances are running on the same host but a human readable separation\nis needed on which Filebeat instance data is coming from.\n\nIf no name is given, the name is often left empty.', example: 'foo', name: 'name', type: 'keyword', }, 'agent.type': { description: - 'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.', + 'Type of the agent.\n\nThe agent type stays always the same and should be given by the agent used.\nIn case of Filebeat the agent would always be Filebeat also if two Filebeat\ninstances are run on the same machine.', example: 'filebeat', name: 'type', type: 'keyword', }, - 'agent.id': { - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', - name: 'id', - type: 'keyword', - }, - 'agent.ephemeral_id': { - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', - name: 'ephemeral_id', + 'agent.version': { + description: 'Version of the agent.', + example: '6.0.0-rc2', + name: 'version', type: 'keyword', }, }, }, - client: { + as: { description: - 'A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately.', - name: 'client', + 'An autonomous system (AS) is a collection of connected Internet Protocol\n(IP) routing prefixes under the control of one or more network operators on\nbehalf of a single administrative entity or domain that presents a common, clearly\ndefined routing policy to the internet.', + name: 'as', type: 'group', fields: { - 'client.address': { + 'as.number': { description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - name: 'address', - type: 'keyword', - }, - 'client.ip': { - description: - 'IP address of the client. Can be one or multiple IPv4 or IPv6 addresses.', - name: 'ip', - type: 'ip', - }, - 'client.port': { - description: 'Port of the client.', - name: 'port', - type: 'long', - }, - 'client.mac': { - description: 'MAC address of the client.', - name: 'mac', - type: 'keyword', - }, - 'client.domain': { - description: 'Client domain.', - name: 'domain', - type: 'keyword', - }, - 'client.bytes': { - description: 'Bytes sent from the client to the server.', - example: 184, - format: 'bytes', - name: 'bytes', + 'Unique number allocated to the autonomous system. The autonomous\nsystem number (ASN) uniquely identifies each network on the Internet.', + example: 15169, + name: 'number', type: 'long', }, - 'client.packets': { - description: 'Packets sent from the client to the server.', - example: 12, - name: 'packets', - type: 'long', - }, - 'client.geo': { - description: - 'Geo fields can carry data about a specific location related to an event or geo information derived from an IP field.', - name: 'geo', - type: 'group', - }, - 'client.geo.location': { - description: 'Longitude and latitude.', - example: '{ "lon": -73.614830, "lat": 45.505918 }', - name: 'location', - type: 'geo_point', - }, - 'client.geo.continent_name': { - description: 'Name of the continent.', - example: 'North America', - name: 'continent_name', - type: 'keyword', - }, - 'client.geo.country_name': { - description: 'Country name.', - example: 'Canada', - name: 'country_name', - type: 'keyword', - }, - 'client.geo.region_name': { - description: 'Region name.', - example: 'Quebec', - name: 'region_name', - type: 'keyword', - }, - 'client.geo.city_name': { - description: 'City name.', - example: 'Montreal', - name: 'city_name', - type: 'keyword', - }, - 'client.geo.country_iso_code': { - description: 'Country ISO code.', - example: 'CA', - name: 'country_iso_code', - type: 'keyword', - }, - 'client.geo.region_iso_code': { - description: 'Region ISO code.', - example: 'CA-QC', - name: 'region_iso_code', - type: 'keyword', - }, - 'client.geo.name': { - description: - 'User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation.', - example: 'boston-dc', - name: 'name', + 'as.organization.name': { + description: 'Organization name.', + example: 'Google LLC', + name: 'organization.name', type: 'keyword', }, }, @@ -562,40 +319,58 @@ describe('Schema Beat', () => { '_id', '_index', '@timestamp', - 'tags', 'labels', 'message', + 'tags', 'agent', + 'as', 'client', 'cloud', + 'code_signature', 'container', 'destination', + 'dll', + 'dns', 'ecs', 'error', 'event', 'file', + 'geo', 'group', + 'hash', 'host', 'http', + 'interface', 'log', 'network', 'observer', 'organization', 'os', + 'package', + 'pe', 'process', + 'registry', 'related', + 'rule', 'server', 'service', 'source', + 'threat', + 'tls', + 'tracing', 'url', 'user', 'user_agent', + 'vlan', + 'vulnerability', 'agent.hostname', 'beat.timezone', 'fields', 'beat.name', 'beat.hostname', + 'timeseries.instance', 'cloud.project.id', + 'cloud.image.id', 'meta.cloud.provider', 'meta.cloud.instance_id', 'meta.cloud.instance_name', @@ -605,55 +380,17 @@ describe('Schema Beat', () => { 'meta.cloud.region', 'docker', 'kubernetes', - 'type', - 'server.process.name', - 'server.process.args', - 'server.process.executable', - 'server.process.working_directory', - 'server.process.start', - 'client.process.name', - 'client.process.args', - 'client.process.executable', - 'client.process.working_directory', - 'client.process.start', - 'real_ip', - 'transport', - 'flow.final', - 'flow.id', - 'flow.vlan', - 'flow_id', - 'final', - 'vlan', - 'source.stats.net_bytes_total', - 'source.stats.net_packets_total', - 'dest.stats.net_bytes_total', - 'dest.stats.net_packets_total', - 'status', - 'method', - 'resource', - 'path', - 'query', - 'params', - 'notes', - 'request', - 'response', - 'bytes_in', - 'bytes_out', - 'amqp', - 'no_request', - 'cassandra', - 'dhcpv4', - 'dns', - 'icmp', - 'memcache', - 'mongodb', - 'mysql', - 'nfs', - 'rpc', - 'pgsql', - 'redis', - 'thrift', - 'tls', + 'jolokia.agent.version', + 'jolokia.agent.id', + 'jolokia.server.product', + 'jolokia.server.version', + 'jolokia.server.vendor', + 'jolokia.url', + 'jolokia.secured', + 'auditd', + 'geoip', + 'socket', + 'system.audit', ]); }); }); diff --git a/x-pack/legacy/plugins/siem/server/utils/beat_schema/index.ts b/x-pack/legacy/plugins/siem/server/utils/beat_schema/index.ts index a191bd835a7c7..3e9be4e265e63 100644 --- a/x-pack/legacy/plugins/siem/server/utils/beat_schema/index.ts +++ b/x-pack/legacy/plugins/siem/server/utils/beat_schema/index.ts @@ -106,19 +106,14 @@ export const getIndexSchemaDoc = memoize((index: string) => { ...extraSchemaField, ...convertSchemaToAssociativeArray(winlogbeatSchema), }; - } else if (index.match('ecs') != null) { - return { - ...extraSchemaField, - ...ecsSchema, - }; } - return {}; + return { + ...extraSchemaField, + ...convertSchemaToAssociativeArray(ecsSchema), + }; }); export const hasDocumentation = (index: string, path: string): boolean => { - if (index === 'unknown') { - return false; - } const splitPath = path.split('.'); const category = splitPath.length > 0 ? splitPath[0] : null; if (category === null) { @@ -131,16 +126,13 @@ export const hasDocumentation = (index: string, path: string): boolean => { }; export const getDocumentation = (index: string, path: string) => { - if (index === 'unknown') { - return ''; - } const splitPath = path.split('.'); const category = splitPath.length > 0 ? splitPath[0] : null; if (category === null) { - return ''; + return {}; } if (splitPath.length > 1) { - return get([category, 'fields', path], getIndexSchemaDoc(index)) || ''; + return get([category, 'fields', path], getIndexSchemaDoc(index)) || {}; } - return get(category, getIndexSchemaDoc(index)) || ''; + return get(category, getIndexSchemaDoc(index)) || {}; }; diff --git a/x-pack/legacy/plugins/siem/server/utils/beat_schema/type.ts b/x-pack/legacy/plugins/siem/server/utils/beat_schema/type.ts index f34519da34ee8..2b7be8f4b7539 100644 --- a/x-pack/legacy/plugins/siem/server/utils/beat_schema/type.ts +++ b/x-pack/legacy/plugins/siem/server/utils/beat_schema/type.ts @@ -12,25 +12,35 @@ export type IndexAlias = 'auditbeat' | 'filebeat' | 'packetbeat' | 'ecs' | 'winl */ export interface SchemaFields { + default_field: boolean; + default_fields: boolean; definition: string; + deprecated: string; description: string; doc_values: boolean; - example: string | number | object; + example: string | number | object | boolean; footnote: string; format: string; group: number; index: boolean; + ignore_above: number; input_format: string; level: string; migration: boolean; multi_fields: object[]; name: string; + norms: boolean; object_type: string; + object_type_mapping_type: string; + output_format: string; + output_precision: number; + overwrite: boolean; path: string; possible_values: string[] | number[]; release: string; required: boolean; reusable: object; + short: string; title: string; type: string; fields: Array>; @@ -48,33 +58,6 @@ export interface SchemaItem { export type Schema = Array>; -/* - * ECS Interface - * - */ - -interface EcsField { - description: string; - example: string; - footnote: string; - group: number; - level: string; - name: string; - required: boolean; - type: string; -} - -interface EcsNamespace { - description: string; - fields: Readonly>; - group: number; - name: string; - title: string; - type: string; -} - -export type EcsSchema = Readonly>; - /* * Associative Array Output Interface * diff --git a/x-pack/test/api_integration/apis/siem/sources.ts b/x-pack/test/api_integration/apis/siem/sources.ts index 0b147022c7cd5..e0db91449a8cc 100644 --- a/x-pack/test/api_integration/apis/siem/sources.ts +++ b/x-pack/test/api_integration/apis/siem/sources.ts @@ -30,7 +30,7 @@ export default function({ getService }: FtrProviderContext) { .then(resp => { const sourceStatus = resp.data.source.status; // test data in x-pack/test/functional/es_archives/auditbeat_test_data/data.json.gz - expect(sourceStatus.indexFields.length).to.be(395); + expect(sourceStatus.indexFields.length).to.be(397); expect(sourceStatus.indicesExist).to.be(true); }); }); From c92289d217c320778c8e39b99b3ebf60afc00c0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Loix?= Date: Tue, 7 Apr 2020 16:32:51 +0200 Subject: [PATCH 25/36] [ILM] Skip failing API integration test (#62779) --- .../apis/management/index_lifecycle_management/policies.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/x-pack/test/api_integration/apis/management/index_lifecycle_management/policies.js b/x-pack/test/api_integration/apis/management/index_lifecycle_management/policies.js index 9cb2e5ee54596..e41dd40bbd417 100644 --- a/x-pack/test/api_integration/apis/management/index_lifecycle_management/policies.js +++ b/x-pack/test/api_integration/apis/management/index_lifecycle_management/policies.js @@ -32,7 +32,9 @@ export default function({ getService }) { after(() => Promise.all([cleanUpEsResources(), cleanUpPolicies()])); describe('list', () => { - it('should have a default policy to manage the Watcher history indices', async () => { + // Disabled as the underline ES API has changed. Need to investigate + // Opened issue: https://github.com/elastic/kibana/issues/62778 + it.skip('should have a default policy to manage the Watcher history indices', async () => { const { body } = await loadPolicies().expect(200); const policy = body.find(policy => policy.name === DEFAULT_POLICY_NAME); From b7d05573e7023c890372facec66ec4d6730fc8fb Mon Sep 17 00:00:00 2001 From: Robert Oskamp Date: Tue, 7 Apr 2020 16:38:04 +0200 Subject: [PATCH 26/36] [ML] Disable functional tests --- x-pack/test/api_integration/apis/ml/index.ts | 5 ++++- x-pack/test/functional/apps/machine_learning/index.ts | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/x-pack/test/api_integration/apis/ml/index.ts b/x-pack/test/api_integration/apis/ml/index.ts index 4e21faa610bfe..bcba156a64f0e 100644 --- a/x-pack/test/api_integration/apis/ml/index.ts +++ b/x-pack/test/api_integration/apis/ml/index.ts @@ -9,7 +9,10 @@ import { FtrProviderContext } from '../../ftr_provider_context'; export default function({ getService, loadTestFile }: FtrProviderContext) { const ml = getService('ml'); - describe('Machine Learning', function() { + // ML tests need to be disabled in orde to get the ES snapshot with + // https://github.com/elastic/elasticsearch/pull/54713 promoted + // and should be re-enabled as part of https://github.com/elastic/kibana/pull/61980 + describe.skip('Machine Learning', function() { this.tags(['mlqa']); before(async () => { diff --git a/x-pack/test/functional/apps/machine_learning/index.ts b/x-pack/test/functional/apps/machine_learning/index.ts index 47c699e309491..143899a61ffb9 100644 --- a/x-pack/test/functional/apps/machine_learning/index.ts +++ b/x-pack/test/functional/apps/machine_learning/index.ts @@ -8,7 +8,10 @@ import { FtrProviderContext } from '../../ftr_provider_context'; export default function({ getService, loadTestFile }: FtrProviderContext) { const ml = getService('ml'); - describe('machine learning', function() { + // ML tests need to be disabled in orde to get the ES snapshot with + // https://github.com/elastic/elasticsearch/pull/54713 promoted + // and should be re-enabled as part of https://github.com/elastic/kibana/pull/61980 + describe.skip('machine learning', function() { this.tags('ciGroup3'); before(async () => { From 898504dc8f30c69d5be72ab6164b2c161dbac3ae Mon Sep 17 00:00:00 2001 From: Dmitry Lemeshko Date: Tue, 7 Apr 2020 17:40:27 +0300 Subject: [PATCH 27/36] FTR: Enable w3c for chromedriver (#62542) * enable w3c for chrome * update maps tests * update maps tests * update common_page * Revert "update maps tests" This reverts commit 31f43fd6788546cf76534e3eea2390e882be2283. * revert changes to maps tests * undo after removal * update expect range to pass on Windows, unskip tests for Firefox * print out value for discover brushing test * log first timestamp Co-authored-by: Elastic Machine --- test/functional/apps/discover/_discover.js | 6 +- test/functional/page_objects/common_page.ts | 66 ++++--------------- test/functional/page_objects/discover_page.ts | 6 +- test/functional/services/remote/webdriver.ts | 3 +- 4 files changed, 21 insertions(+), 60 deletions(-) diff --git a/test/functional/apps/discover/_discover.js b/test/functional/apps/discover/_discover.js index 850b2773b5025..4f357e2993b30 100644 --- a/test/functional/apps/discover/_discover.js +++ b/test/functional/apps/discover/_discover.js @@ -44,7 +44,6 @@ export default function({ getService, getPageObjects }) { }); describe('query', function() { - this.tags(['skipFirefox']); const queryName1 = 'Query # 1'; it('should show correct time range string by timepicker', async function() { @@ -100,9 +99,10 @@ export default function({ getService, getPageObjects }) { const newDurationHours = await PageObjects.timePicker.getTimeDurationInHours(); expect(Math.round(newDurationHours)).to.be(25); const rowData = await PageObjects.discover.getDocTableField(1); + log.debug(`The first timestamp value in doc table: ${rowData}`); expect(Date.parse(rowData)).to.be.within( - Date.parse('Sep 20, 2015 @ 22:00:00.000'), - Date.parse('Sep 20, 2015 @ 23:30:00.000') + Date.parse('Sep 20, 2015 @ 21:30:00.000'), + Date.parse('Sep 20, 2015 @ 23:00:00.000') ); }); diff --git a/test/functional/page_objects/common_page.ts b/test/functional/page_objects/common_page.ts index de4917ef2b1b3..f06baeb7a4167 100644 --- a/test/functional/page_objects/common_page.ts +++ b/test/functional/page_objects/common_page.ts @@ -43,42 +43,10 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo appConfig: {}; ensureCurrentUrl: boolean; shouldLoginIfPrompted: boolean; - shouldAcceptAlert: boolean; useActualUrl: boolean; } class CommonPage { - /** - * Navigates the browser window to provided URL - * @param url URL - * @param shouldAcceptAlert pass 'true' if browser alert should be accepted - */ - private static async navigateToUrlAndHandleAlert(url: string, shouldAcceptAlert: boolean) { - log.debug('Navigate to: ' + url); - try { - await browser.get(url); - } catch (navigationError) { - log.debug('Error navigating to url'); - const alert = await browser.getAlert(); - if (alert && alert.accept) { - if (shouldAcceptAlert) { - log.debug('Should accept alert'); - try { - await alert.accept(); - } catch (alertException) { - log.debug('Error accepting alert'); - throw alertException; - } - } else { - log.debug('Will not accept alert'); - throw navigationError; - } - } else { - throw navigationError; - } - } - } - /** * Returns Kibana host URL */ @@ -127,13 +95,7 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo } private async navigate(navigateProps: NavigateProps) { - const { - appConfig, - ensureCurrentUrl, - shouldLoginIfPrompted, - shouldAcceptAlert, - useActualUrl, - } = navigateProps; + const { appConfig, ensureCurrentUrl, shouldLoginIfPrompted, useActualUrl } = navigateProps; const appUrl = getUrl.noAuth(config.get('servers.kibana'), appConfig); await retry.try(async () => { @@ -141,7 +103,11 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo log.debug(`navigateToActualUrl ${appUrl}`); await browser.get(appUrl); } else { - await CommonPage.navigateToUrlAndHandleAlert(appUrl, shouldAcceptAlert); + log.debug(`navigateToUrl ${appUrl}`); + await browser.get(appUrl); + // accept alert if it pops up + const alert = await browser.getAlert(); + await alert?.accept(); } const currentUrl = shouldLoginIfPrompted @@ -167,7 +133,6 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo basePath = '', ensureCurrentUrl = true, shouldLoginIfPrompted = true, - shouldAcceptAlert = true, useActualUrl = false, } = {} ) { @@ -180,7 +145,6 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo appConfig, ensureCurrentUrl, shouldLoginIfPrompted, - shouldAcceptAlert, useActualUrl, }); } @@ -200,7 +164,6 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo basePath = '', ensureCurrentUrl = true, shouldLoginIfPrompted = true, - shouldAcceptAlert = true, useActualUrl = true, } = {} ) { @@ -214,7 +177,6 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo appConfig, ensureCurrentUrl, shouldLoginIfPrompted, - shouldAcceptAlert, useActualUrl, }); } @@ -228,18 +190,12 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo async navigateToActualUrl( appName: string, hash?: string, - { - basePath = '', - ensureCurrentUrl = true, - shouldLoginIfPrompted = true, - shouldAcceptAlert = true, - } = {} + { basePath = '', ensureCurrentUrl = true, shouldLoginIfPrompted = true } = {} ) { await this.navigateToUrl(appName, hash, { basePath, ensureCurrentUrl, shouldLoginIfPrompted, - shouldAcceptAlert, useActualUrl: true, }); } @@ -252,7 +208,7 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo async navigateToApp( appName: string, - { basePath = '', shouldLoginIfPrompted = true, shouldAcceptAlert = true, hash = '' } = {} + { basePath = '', shouldLoginIfPrompted = true, hash = '' } = {} ) { let appUrl: string; if (config.has(['apps', appName])) { @@ -274,7 +230,11 @@ export function CommonPageProvider({ getService, getPageObjects }: FtrProviderCo await retry.tryForTime(defaultTryTimeout * 2, async () => { let lastUrl = await retry.try(async () => { // since we're using hash URLs, always reload first to force re-render - await CommonPage.navigateToUrlAndHandleAlert(appUrl, shouldAcceptAlert); + log.debug('navigate to: ' + appUrl); + await browser.get(appUrl); + // accept alert if it pops up + const alert = await browser.getAlert(); + await alert?.accept(); await this.sleep(700); log.debug('returned from get, calling refresh'); await browser.refresh(); diff --git a/test/functional/page_objects/discover_page.ts b/test/functional/page_objects/discover_page.ts index 2377c32a80b5b..00bf87621864a 100644 --- a/test/functional/page_objects/discover_page.ts +++ b/test/functional/page_objects/discover_page.ts @@ -138,7 +138,7 @@ export function DiscoverPageProvider({ getService, getPageObjects }: FtrProvider await browser .getActions() - .move({ x: 200, y: 20, origin: el._webElement }) + .move({ x: 0, y: 20, origin: el._webElement }) .click() .perform(); } @@ -147,8 +147,8 @@ export function DiscoverPageProvider({ getService, getPageObjects }: FtrProvider const el = await elasticChart.getCanvas(); await browser.dragAndDrop( - { location: el, offset: { x: 200, y: 20 } }, - { location: el, offset: { x: 400, y: 30 } } + { location: el, offset: { x: -300, y: 20 } }, + { location: el, offset: { x: -100, y: 30 } } ); } diff --git a/test/functional/services/remote/webdriver.ts b/test/functional/services/remote/webdriver.ts index 382543822d8ac..3bf5b865aa7ba 100644 --- a/test/functional/services/remote/webdriver.ts +++ b/test/functional/services/remote/webdriver.ts @@ -107,9 +107,10 @@ async function attemptToCreateCommand( chromeOptions.push('headless', 'disable-gpu', 'remote-debugging-port=9222'); } chromeCapabilities.set('goog:chromeOptions', { - w3c: false, + w3c: true, args: chromeOptions, }); + chromeCapabilities.set('unexpectedAlertBehaviour', 'accept'); chromeCapabilities.set('goog:loggingPrefs', { browser: 'ALL' }); const session = await new Builder() From 2c4cc12b988ccbb8f8e2baf030331d27ad18a6d7 Mon Sep 17 00:00:00 2001 From: Corey Robertson Date: Tue, 7 Apr 2020 11:55:06 -0400 Subject: [PATCH 28/36] Removes Pitch Presentation Template from Canvas (#62688) * Removes Pitch Presentation Template from Canvas * Fix test * Keep translation to not fail i18n --- .../canvas_plugin_src/templates/index.ts | 4 ++-- .../canvas/i18n/templates/template_strings.ts | 19 +++++++++++-------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/x-pack/legacy/plugins/canvas/canvas_plugin_src/templates/index.ts b/x-pack/legacy/plugins/canvas/canvas_plugin_src/templates/index.ts index eba0b47f7dc13..88d2b904e6cb3 100644 --- a/x-pack/legacy/plugins/canvas/canvas_plugin_src/templates/index.ts +++ b/x-pack/legacy/plugins/canvas/canvas_plugin_src/templates/index.ts @@ -7,7 +7,7 @@ import { applyTemplateStrings } from '../../i18n/templates'; import darkTemplate from './theme_dark.json'; import lightTemplate from './theme_light.json'; -import pitchTemplate from './pitch_presentation.json'; +// import pitchTemplate from './pitch_presentation.json'; import statusTemplate from './status_report.json'; import summaryTemplate from './summary_report.json'; @@ -15,7 +15,7 @@ import summaryTemplate from './summary_report.json'; export const templateSpecs = applyTemplateStrings([ darkTemplate, lightTemplate, - pitchTemplate, + // pitchTemplate, statusTemplate, summaryTemplate, ]); diff --git a/x-pack/legacy/plugins/canvas/i18n/templates/template_strings.ts b/x-pack/legacy/plugins/canvas/i18n/templates/template_strings.ts index 5ab6a908641de..d8e4d51706be9 100644 --- a/x-pack/legacy/plugins/canvas/i18n/templates/template_strings.ts +++ b/x-pack/legacy/plugins/canvas/i18n/templates/template_strings.ts @@ -37,14 +37,6 @@ export const getTemplateStrings = (): TemplateStringDict => ({ defaultMessage: 'Light color themed presentation deck', }), }, - Pitch: { - name: i18n.translate('xpack.canvas.templates.pitchName', { - defaultMessage: 'Pitch', - }), - help: i18n.translate('xpack.canvas.templates.pitchHelp', { - defaultMessage: 'Branded presentation with large photos', - }), - }, Status: { name: i18n.translate('xpack.canvas.templates.statusName', { defaultMessage: 'Status', @@ -62,3 +54,14 @@ export const getTemplateStrings = (): TemplateStringDict => ({ }), }, }); + +export const getUnusedTemplateStrings = (): TemplateStringDict => ({ + Pitch: { + name: i18n.translate('xpack.canvas.templates.pitchName', { + defaultMessage: 'Pitch', + }), + help: i18n.translate('xpack.canvas.templates.pitchHelp', { + defaultMessage: 'Branded presentation with large photos', + }), + }, +}); From 406d7550be4c5b0ae6127bdc3f05398ca59ba1a4 Mon Sep 17 00:00:00 2001 From: Alison Goryachev Date: Tue, 7 Apr 2020 12:36:13 -0400 Subject: [PATCH 29/36] [Remote Clusters] Update callout and move server_name field (#62352) --- .../remote_cluster_form.test.js.snap | 210 +++++++++--------- .../remote_cluster_form.js | 84 ++++--- 2 files changed, 159 insertions(+), 135 deletions(-) diff --git a/x-pack/plugins/remote_clusters/public/application/sections/components/remote_cluster_form/__snapshots__/remote_cluster_form.test.js.snap b/x-pack/plugins/remote_clusters/public/application/sections/components/remote_cluster_form/__snapshots__/remote_cluster_form.test.js.snap index 4c109c557fdb0..1e6c2c4d289aa 100644 --- a/x-pack/plugins/remote_clusters/public/application/sections/components/remote_cluster_form/__snapshots__/remote_cluster_form.test.js.snap +++ b/x-pack/plugins/remote_clusters/public/application/sections/components/remote_cluster_form/__snapshots__/remote_cluster_form.test.js.snap @@ -350,7 +350,7 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u description={ @@ -367,7 +367,7 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u data-test-subj="remoteClusterFormConnectionModeToggle" label={ @@ -443,11 +443,11 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u className="euiTextColor euiTextColor--subdued" > - Use seed nodes by default, or switch to a single proxy address. + Use seed nodes by default, or switch to proxy mode. @@ -534,11 +534,11 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u onClick={[Function]} > - Use a single proxy address + Use proxy mode
@@ -687,23 +687,37 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u
+ + , + } + } /> } + isInvalid={false} label={ } @@ -711,28 +725,31 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u >
@@ -740,20 +757,19 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u
-
- + - +
- + + + , + } + } > - The number of socket connections to open per remote cluster. + A string sent in the server_name field of the TLS Server Name Indication extension if TLS is enabled. + + +
@@ -801,37 +845,23 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u
- - , - } - } + defaultMessage="The number of socket connections to open per remote cluster." + id="xpack.remoteClusters.remoteClusterForm.fieldSocketConnectionsHelpText" + values={Object {}} /> } - isInvalid={false} label={ } @@ -839,31 +869,28 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u >
@@ -871,19 +898,20 @@ exports[`RemoteClusterForm proxy mode renders correct connection settings when u
-
- + - +
- + - - , - } - } + defaultMessage="The number of socket connections to open per remote cluster." + id="xpack.remoteClusters.remoteClusterForm.fieldSocketConnectionsHelpText" + values={Object {}} > - A string sent in the server_name field of the TLS Server Name Indication extension if TLS is enabled. - - - + The number of socket connections to open per remote cluster.
@@ -1447,7 +1447,7 @@ Array [
- Use seed nodes by default, or switch to a single proxy address. + Use seed nodes by default, or switch to proxy mode.
- Use a single proxy address + Use proxy mode
diff --git a/x-pack/plugins/remote_clusters/public/application/sections/components/remote_cluster_form/remote_cluster_form.js b/x-pack/plugins/remote_clusters/public/application/sections/components/remote_cluster_form/remote_cluster_form.js index c98bd73bf83a0..a392cc9607784 100644 --- a/x-pack/plugins/remote_clusters/public/application/sections/components/remote_cluster_form/remote_cluster_form.js +++ b/x-pack/plugins/remote_clusters/public/application/sections/components/remote_cluster_form/remote_cluster_form.js @@ -405,30 +405,6 @@ export class RemoteClusterForm extends Component { /> - - } - helpText={ - - } - fullWidth - > - - this.onFieldsChange({ proxySocketConnections: Number(e.target.value) || null }) - } - fullWidth - /> - + + + } + helpText={ + + } + fullWidth + > + + this.onFieldsChange({ proxySocketConnections: Number(e.target.value) || null }) + } + fullWidth + /> + ); } @@ -498,14 +499,14 @@ export class RemoteClusterForm extends Component { <> } checked={mode === PROXY_MODE} @@ -519,15 +520,38 @@ export class RemoteClusterForm extends Component { <> } - iconType="pin" - size="s" - /> + > + + + + ), + searchString: ( + + + + ), + }} + /> + ) : null} From d70718426fa8a0a7f2bde2cb0e251a9f9d86c01d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Marcondes?= <55978943+cauemarcondes@users.noreply.github.com> Date: Tue, 7 Apr 2020 17:39:52 +0100 Subject: [PATCH 30/36] [APM] Change custom link from EuiListGroupItem to EuiLink (#62742) --- .../CustomLink/CustomLinkSection.tsx | 37 ++++++++++++------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/CustomLinkSection.tsx b/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/CustomLinkSection.tsx index 52befe37ffdae..bd00bcf600ffe 100644 --- a/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/CustomLinkSection.tsx +++ b/x-pack/legacy/plugins/apm/public/components/shared/TransactionActionMenu/CustomLink/CustomLinkSection.tsx @@ -3,14 +3,26 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import React from 'react'; +import { EuiLink, EuiText } from '@elastic/eui'; import Mustache from 'mustache'; +import React from 'react'; +import styled from 'styled-components'; import { CustomLink } from '../../../../../../../../plugins/apm/common/custom_link/custom_link_types'; import { Transaction } from '../../../../../../../../plugins/apm/typings/es_schemas/ui/transaction'; -import { - SectionLinks, - SectionLink -} from '../../../../../../../../plugins/observability/public'; +import { px, truncate, units } from '../../../../style/variables'; + +const LinkContainer = styled.li` + margin-top: ${px(units.half)}; + &:first-of-type { + margin-top: 0; + } +`; + +const TruncateText = styled(EuiText)` + font-weight: 500; + line-height: ${px(units.unit)}; + ${truncate(px(units.unit * 25))} +`; export const CustomLinkSection = ({ customLinks, @@ -19,7 +31,7 @@ export const CustomLinkSection = ({ customLinks: CustomLink[]; transaction: Transaction; }) => ( - +
    {customLinks.map(link => { let href = link.url; try { @@ -28,13 +40,12 @@ export const CustomLinkSection = ({ // ignores any error that happens } return ( - + + + {link.label} + + ); })} - +
); From 8ffc08f2f7bf1a017d4d875e9de869ecd2339d0d Mon Sep 17 00:00:00 2001 From: Chris Roberson Date: Tue, 7 Apr 2020 13:44:34 -0400 Subject: [PATCH 31/36] [REVERT THE REVERT] [Monitoring] Cluster state watch to Kibana alerting (#62793) * Revert "Revert "[Monitoring] Cluster state watch to Kibana alerting (#61685)"" This reverts commit f1bd3bdacb263b2754c04000070fe0f79ab5ed72. * Fix i18n error * Fix test --- .../plugins/monitoring/common/constants.ts | 8 +- .../public/components/alerts/alerts.js | 44 +- .../public/components/alerts/status.test.tsx | 8 +- .../public/components/alerts/status.tsx | 2 +- .../cluster/overview/alerts_panel.js | 81 ++- .../monitoring/public/views/alerts/index.js | 30 +- x-pack/plugins/monitoring/common/constants.ts | 8 +- .../server/alerts/cluster_state.test.ts | 186 ++++++ .../monitoring/server/alerts/cluster_state.ts | 134 ++++ .../plugins/monitoring/server/alerts/enums.ts | 16 + .../server/alerts/license_expiration.test.ts | 572 +++++------------- .../server/alerts/license_expiration.ts | 127 ++-- .../monitoring/server/alerts/types.d.ts | 62 +- .../lib/alerts/cluster_state.lib.test.ts | 70 +++ .../server/lib/alerts/cluster_state.lib.ts | 88 +++ .../lib/alerts/fetch_cluster_state.test.ts | 39 ++ .../server/lib/alerts/fetch_cluster_state.ts | 53 ++ .../server/lib/alerts/fetch_clusters.test.ts | 46 +- .../server/lib/alerts/fetch_clusters.ts | 41 +- .../server/lib/alerts/fetch_licenses.test.ts | 67 +- .../server/lib/alerts/fetch_licenses.ts | 16 +- .../server/lib/alerts/fetch_status.test.ts | 122 ++++ .../server/lib/alerts/fetch_status.ts | 100 ++- .../lib/alerts/get_prepared_alert.test.ts | 163 +++++ .../server/lib/alerts/get_prepared_alert.ts | 87 +++ .../lib/alerts/license_expiration.lib.test.ts | 23 +- .../lib/alerts/license_expiration.lib.ts | 52 +- .../lib/cluster/get_clusters_from_request.js | 12 +- x-pack/plugins/monitoring/server/plugin.ts | 12 + .../server/routes/api/v1/alerts/alerts.js | 53 +- 30 files changed, 1565 insertions(+), 757 deletions(-) create mode 100644 x-pack/plugins/monitoring/server/alerts/cluster_state.test.ts create mode 100644 x-pack/plugins/monitoring/server/alerts/cluster_state.ts create mode 100644 x-pack/plugins/monitoring/server/alerts/enums.ts create mode 100644 x-pack/plugins/monitoring/server/lib/alerts/cluster_state.lib.test.ts create mode 100644 x-pack/plugins/monitoring/server/lib/alerts/cluster_state.lib.ts create mode 100644 x-pack/plugins/monitoring/server/lib/alerts/fetch_cluster_state.test.ts create mode 100644 x-pack/plugins/monitoring/server/lib/alerts/fetch_cluster_state.ts create mode 100644 x-pack/plugins/monitoring/server/lib/alerts/fetch_status.test.ts create mode 100644 x-pack/plugins/monitoring/server/lib/alerts/get_prepared_alert.test.ts create mode 100644 x-pack/plugins/monitoring/server/lib/alerts/get_prepared_alert.ts diff --git a/x-pack/legacy/plugins/monitoring/common/constants.ts b/x-pack/legacy/plugins/monitoring/common/constants.ts index 9a4030f3eb214..3a4c7b71dcd03 100644 --- a/x-pack/legacy/plugins/monitoring/common/constants.ts +++ b/x-pack/legacy/plugins/monitoring/common/constants.ts @@ -239,11 +239,15 @@ export const ALERT_TYPE_PREFIX = 'monitoring_'; * This is the alert type id for the license expiration alert */ export const ALERT_TYPE_LICENSE_EXPIRATION = `${ALERT_TYPE_PREFIX}alert_type_license_expiration`; +/** + * This is the alert type id for the cluster state alert + */ +export const ALERT_TYPE_CLUSTER_STATE = `${ALERT_TYPE_PREFIX}alert_type_cluster_state`; /** * A listing of all alert types */ -export const ALERT_TYPES = [ALERT_TYPE_LICENSE_EXPIRATION]; +export const ALERT_TYPES = [ALERT_TYPE_LICENSE_EXPIRATION, ALERT_TYPE_CLUSTER_STATE]; /** * Matches the id for the built-in in email action type @@ -254,7 +258,7 @@ export const ALERT_ACTION_TYPE_EMAIL = '.email'; /** * The number of alerts that have been migrated */ -export const NUMBER_OF_MIGRATED_ALERTS = 1; +export const NUMBER_OF_MIGRATED_ALERTS = 2; /** * The advanced settings config name for the email address diff --git a/x-pack/legacy/plugins/monitoring/public/components/alerts/alerts.js b/x-pack/legacy/plugins/monitoring/public/components/alerts/alerts.js index 11fcef73a4b97..95c1af5549198 100644 --- a/x-pack/legacy/plugins/monitoring/public/components/alerts/alerts.js +++ b/x-pack/legacy/plugins/monitoring/public/components/alerts/alerts.js @@ -6,10 +6,15 @@ import React from 'react'; import chrome from '../../np_imports/ui/chrome'; -import { capitalize } from 'lodash'; +import { capitalize, get } from 'lodash'; import { formatDateTimeLocal } from '../../../common/formatting'; import { formatTimestampToDuration } from '../../../common'; -import { CALCULATE_DURATION_SINCE, EUI_SORT_DESCENDING } from '../../../common/constants'; +import { + CALCULATE_DURATION_SINCE, + EUI_SORT_DESCENDING, + ALERT_TYPE_LICENSE_EXPIRATION, + ALERT_TYPE_CLUSTER_STATE, +} from '../../../common/constants'; import { mapSeverity } from './map_severity'; import { FormattedAlert } from 'plugins/monitoring/components/alerts/formatted_alert'; import { EuiMonitoringTable } from 'plugins/monitoring/components/table'; @@ -21,6 +26,8 @@ const linkToCategories = { 'elasticsearch/indices': 'Elasticsearch Indices', 'kibana/instances': 'Kibana Instances', 'logstash/instances': 'Logstash Nodes', + [ALERT_TYPE_LICENSE_EXPIRATION]: 'License expiration', + [ALERT_TYPE_CLUSTER_STATE]: 'Cluster state', }; const getColumns = (kbnUrl, scope, timezone) => [ { @@ -94,19 +101,22 @@ const getColumns = (kbnUrl, scope, timezone) => [ }), field: 'message', sortable: true, - render: (message, alert) => ( - { - scope.$evalAsync(() => { - kbnUrl.changePath(target); - }); - }} - /> - ), + render: (_message, alert) => { + const message = get(alert, 'message.text', get(alert, 'message', '')); + return ( + { + scope.$evalAsync(() => { + kbnUrl.changePath(target); + }); + }} + /> + ); + }, }, { name: i18n.translate('xpack.monitoring.alerts.categoryColumnTitle', { @@ -148,8 +158,8 @@ const getColumns = (kbnUrl, scope, timezone) => [ export const Alerts = ({ alerts, angular, sorting, pagination, onTableChange }) => { const alertsFlattened = alerts.map(alert => ({ ...alert, - status: alert.metadata.severity, - category: alert.metadata.link, + status: get(alert, 'metadata.severity', get(alert, 'severity', 0)), + category: get(alert, 'metadata.link', get(alert, 'type', null)), })); const injector = chrome.dangerouslyGetActiveInjector(); diff --git a/x-pack/legacy/plugins/monitoring/public/components/alerts/status.test.tsx b/x-pack/legacy/plugins/monitoring/public/components/alerts/status.test.tsx index 258a5b68db372..d3cf4b463a2cc 100644 --- a/x-pack/legacy/plugins/monitoring/public/components/alerts/status.test.tsx +++ b/x-pack/legacy/plugins/monitoring/public/components/alerts/status.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { shallow } from 'enzyme'; import { kfetch } from 'ui/kfetch'; import { AlertsStatus, AlertsStatusProps } from './status'; -import { ALERT_TYPE_PREFIX } from '../../../common/constants'; +import { ALERT_TYPES } from '../../../common/constants'; import { getSetupModeState } from '../../lib/setup_mode'; import { mockUseEffects } from '../../jest.helpers'; @@ -63,11 +63,7 @@ describe('Status', () => { it('should render a success message if all alerts have been migrated and in setup mode', async () => { (kfetch as jest.Mock).mockReturnValue({ - data: [ - { - alertTypeId: ALERT_TYPE_PREFIX, - }, - ], + data: ALERT_TYPES.map(type => ({ alertTypeId: type })), }); (getSetupModeState as jest.Mock).mockReturnValue({ diff --git a/x-pack/legacy/plugins/monitoring/public/components/alerts/status.tsx b/x-pack/legacy/plugins/monitoring/public/components/alerts/status.tsx index 072a98b123452..5f5329bf7fff8 100644 --- a/x-pack/legacy/plugins/monitoring/public/components/alerts/status.tsx +++ b/x-pack/legacy/plugins/monitoring/public/components/alerts/status.tsx @@ -142,7 +142,7 @@ export const AlertsStatus: React.FC = (props: AlertsStatusPro ); } - const allMigrated = kibanaAlerts.length === NUMBER_OF_MIGRATED_ALERTS; + const allMigrated = kibanaAlerts.length >= NUMBER_OF_MIGRATED_ALERTS; if (allMigrated) { if (setupModeEnabled) { return ( diff --git a/x-pack/legacy/plugins/monitoring/public/components/cluster/overview/alerts_panel.js b/x-pack/legacy/plugins/monitoring/public/components/cluster/overview/alerts_panel.js index 8455fb8cf3088..d87ff98e79be0 100644 --- a/x-pack/legacy/plugins/monitoring/public/components/cluster/overview/alerts_panel.js +++ b/x-pack/legacy/plugins/monitoring/public/components/cluster/overview/alerts_panel.js @@ -6,14 +6,12 @@ import React, { Fragment } from 'react'; import moment from 'moment-timezone'; -import chrome from '../../../np_imports/ui/chrome'; import { FormattedAlert } from 'plugins/monitoring/components/alerts/formatted_alert'; import { mapSeverity } from 'plugins/monitoring/components/alerts/map_severity'; import { formatTimestampToDuration } from '../../../../common/format_timestamp_to_duration'; import { CALCULATE_DURATION_SINCE, KIBANA_ALERTING_ENABLED, - ALERT_TYPE_LICENSE_EXPIRATION, CALCULATE_DURATION_UNTIL, } from '../../../../common/constants'; import { formatDateTimeLocal } from '../../../../common/formatting'; @@ -31,6 +29,37 @@ import { EuiLink, } from '@elastic/eui'; +function replaceTokens(alert) { + if (!alert.message.tokens) { + return alert.message.text; + } + + let text = alert.message.text; + + for (const token of alert.message.tokens) { + if (token.type === 'time') { + text = text.replace( + token.startToken, + token.isRelative + ? formatTimestampToDuration(alert.expirationTime, CALCULATE_DURATION_UNTIL) + : moment.tz(alert.expirationTime, moment.tz.guess()).format('LLL z') + ); + } else if (token.type === 'link') { + const linkPart = new RegExp(`${token.startToken}(.+?)${token.endToken}`).exec(text); + // TODO: we assume this is at the end, which works for now but will not always work + const nonLinkText = text.replace(linkPart[0], ''); + text = ( + + {nonLinkText} + {linkPart[1]} + + ); + } + } + + return text; +} + export function AlertsPanel({ alerts, changeUrl }) { const goToAlerts = () => changeUrl('/alerts'); @@ -58,9 +87,6 @@ export function AlertsPanel({ alerts, changeUrl }) { severityIcon.iconType = 'check'; } - const injector = chrome.dangerouslyGetActiveInjector(); - const timezone = injector.get('config').get('dateFormat:tz'); - return ( @@ -96,14 +122,7 @@ export function AlertsPanel({ alerts, changeUrl }) { const alertsList = KIBANA_ALERTING_ENABLED ? alerts.map((alert, idx) => { const callOutProps = mapSeverity(alert.severity); - let message = alert.message - // scan message prefix and replace relative times - // \w: Matches any alphanumeric character from the basic Latin alphabet, including the underscore. Equivalent to [A-Za-z0-9_]. - .replace( - '#relative', - formatTimestampToDuration(alert.expirationTime, CALCULATE_DURATION_UNTIL) - ) - .replace('#absolute', moment.tz(alert.expirationTime, moment.tz.guess()).format('LLL z')); + const message = replaceTokens(alert); if (!alert.isFiring) { callOutProps.title = i18n.translate( @@ -118,22 +137,30 @@ export function AlertsPanel({ alerts, changeUrl }) { ); callOutProps.color = 'success'; callOutProps.iconType = 'check'; - } else { - if (alert.type === ALERT_TYPE_LICENSE_EXPIRATION) { - message = ( - - {message} -   - Please update your license - - ); - } } return ( - -

{message}

-
+ + +

{message}

+ +

+ +

+
+
+ +
); }) : alerts.map((item, index) => ( diff --git a/x-pack/legacy/plugins/monitoring/public/views/alerts/index.js b/x-pack/legacy/plugins/monitoring/public/views/alerts/index.js index 7c065a78a8af9..62cc985887e9f 100644 --- a/x-pack/legacy/plugins/monitoring/public/views/alerts/index.js +++ b/x-pack/legacy/plugins/monitoring/public/views/alerts/index.js @@ -18,25 +18,37 @@ import { Alerts } from '../../components/alerts'; import { MonitoringViewBaseEuiTableController } from '../base_eui_table_controller'; import { FormattedMessage } from '@kbn/i18n/react'; import { EuiPage, EuiPageBody, EuiPageContent, EuiSpacer, EuiLink } from '@elastic/eui'; -import { CODE_PATH_ALERTS } from '../../../common/constants'; +import { CODE_PATH_ALERTS, KIBANA_ALERTING_ENABLED } from '../../../common/constants'; function getPageData($injector) { const globalState = $injector.get('globalState'); const $http = $injector.get('$http'); const Private = $injector.get('Private'); - const url = `../api/monitoring/v1/clusters/${globalState.cluster_uuid}/legacy_alerts`; + const url = KIBANA_ALERTING_ENABLED + ? `../api/monitoring/v1/alert_status` + : `../api/monitoring/v1/clusters/${globalState.cluster_uuid}/legacy_alerts`; const timeBounds = timefilter.getBounds(); + const data = { + timeRange: { + min: timeBounds.min.toISOString(), + max: timeBounds.max.toISOString(), + }, + }; + + if (!KIBANA_ALERTING_ENABLED) { + data.ccs = globalState.ccs; + } return $http - .post(url, { - ccs: globalState.ccs, - timeRange: { - min: timeBounds.min.toISOString(), - max: timeBounds.max.toISOString(), - }, + .post(url, data) + .then(response => { + const result = get(response, 'data', []); + if (KIBANA_ALERTING_ENABLED) { + return result.alerts; + } + return result; }) - .then(response => get(response, 'data', [])) .catch(err => { const ajaxErrorHandlers = Private(ajaxErrorHandlersProvider); return ajaxErrorHandlers(err); diff --git a/x-pack/plugins/monitoring/common/constants.ts b/x-pack/plugins/monitoring/common/constants.ts index 9a4030f3eb214..3a4c7b71dcd03 100644 --- a/x-pack/plugins/monitoring/common/constants.ts +++ b/x-pack/plugins/monitoring/common/constants.ts @@ -239,11 +239,15 @@ export const ALERT_TYPE_PREFIX = 'monitoring_'; * This is the alert type id for the license expiration alert */ export const ALERT_TYPE_LICENSE_EXPIRATION = `${ALERT_TYPE_PREFIX}alert_type_license_expiration`; +/** + * This is the alert type id for the cluster state alert + */ +export const ALERT_TYPE_CLUSTER_STATE = `${ALERT_TYPE_PREFIX}alert_type_cluster_state`; /** * A listing of all alert types */ -export const ALERT_TYPES = [ALERT_TYPE_LICENSE_EXPIRATION]; +export const ALERT_TYPES = [ALERT_TYPE_LICENSE_EXPIRATION, ALERT_TYPE_CLUSTER_STATE]; /** * Matches the id for the built-in in email action type @@ -254,7 +258,7 @@ export const ALERT_ACTION_TYPE_EMAIL = '.email'; /** * The number of alerts that have been migrated */ -export const NUMBER_OF_MIGRATED_ALERTS = 1; +export const NUMBER_OF_MIGRATED_ALERTS = 2; /** * The advanced settings config name for the email address diff --git a/x-pack/plugins/monitoring/server/alerts/cluster_state.test.ts b/x-pack/plugins/monitoring/server/alerts/cluster_state.test.ts new file mode 100644 index 0000000000000..6a9ca88437347 --- /dev/null +++ b/x-pack/plugins/monitoring/server/alerts/cluster_state.test.ts @@ -0,0 +1,186 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { Logger } from 'src/core/server'; +import { savedObjectsClientMock } from 'src/core/server/mocks'; +import { getClusterState } from './cluster_state'; +import { AlertServices } from '../../../alerting/server'; +import { ALERT_TYPE_CLUSTER_STATE } from '../../common/constants'; +import { AlertCommonParams, AlertCommonState, AlertClusterStatePerClusterState } from './types'; +import { getPreparedAlert } from '../lib/alerts/get_prepared_alert'; +import { executeActions } from '../lib/alerts/cluster_state.lib'; +import { AlertClusterStateState } from './enums'; + +jest.mock('../lib/alerts/cluster_state.lib', () => ({ + executeActions: jest.fn(), + getUiMessage: jest.fn(), +})); + +jest.mock('../lib/alerts/get_prepared_alert', () => ({ + getPreparedAlert: jest.fn(() => { + return { + emailAddress: 'foo@foo.com', + }; + }), +})); + +interface MockServices { + callCluster: jest.Mock; + alertInstanceFactory: jest.Mock; + savedObjectsClient: jest.Mock; +} + +describe('getClusterState', () => { + const services: MockServices | AlertServices = { + callCluster: jest.fn(), + alertInstanceFactory: jest.fn(), + savedObjectsClient: savedObjectsClientMock.create(), + }; + + const params: AlertCommonParams = { + dateFormat: 'YYYY', + timezone: 'UTC', + }; + + const emailAddress = 'foo@foo.com'; + const clusterUuid = 'kdksdfj434'; + const clusterName = 'monitoring_test'; + const cluster = { clusterUuid, clusterName }; + + async function setupAlert( + previousState: AlertClusterStateState, + newState: AlertClusterStateState + ): Promise { + const logger: Logger = { + warn: jest.fn(), + log: jest.fn(), + debug: jest.fn(), + trace: jest.fn(), + error: jest.fn(), + fatal: jest.fn(), + info: jest.fn(), + get: jest.fn(), + }; + const getLogger = (): Logger => logger; + const ccrEnabled = false; + (getPreparedAlert as jest.Mock).mockImplementation(() => ({ + emailAddress, + data: [ + { + state: newState, + clusterUuid, + }, + ], + clusters: [cluster], + })); + + const alert = getClusterState(null as any, null as any, getLogger, ccrEnabled); + const state: AlertCommonState = { + [clusterUuid]: { + state: previousState, + ui: { + isFiring: false, + severity: 0, + message: null, + resolvedMS: 0, + lastCheckedMS: 0, + triggeredMS: 0, + }, + } as AlertClusterStatePerClusterState, + }; + + return (await alert.executor({ services, params, state } as any)) as AlertCommonState; + } + + afterEach(() => { + (executeActions as jest.Mock).mockClear(); + }); + + it('should configure the alert properly', () => { + const alert = getClusterState(null as any, null as any, jest.fn(), false); + expect(alert.id).toBe(ALERT_TYPE_CLUSTER_STATE); + expect(alert.actionGroups).toEqual([{ id: 'default', name: 'Default' }]); + }); + + it('should alert if green -> yellow', async () => { + const result = await setupAlert(AlertClusterStateState.Green, AlertClusterStateState.Yellow); + expect(executeActions).toHaveBeenCalledWith( + undefined, + cluster, + AlertClusterStateState.Yellow, + emailAddress + ); + const clusterResult = result[clusterUuid] as AlertClusterStatePerClusterState; + expect(clusterResult.state).toBe(AlertClusterStateState.Yellow); + expect(clusterResult.ui.isFiring).toBe(true); + expect(clusterResult.ui.resolvedMS).toBe(0); + }); + + it('should alert if yellow -> green', async () => { + const result = await setupAlert(AlertClusterStateState.Yellow, AlertClusterStateState.Green); + expect(executeActions).toHaveBeenCalledWith( + undefined, + cluster, + AlertClusterStateState.Green, + emailAddress, + true + ); + const clusterResult = result[clusterUuid] as AlertClusterStatePerClusterState; + expect(clusterResult.state).toBe(AlertClusterStateState.Green); + expect(clusterResult.ui.resolvedMS).toBeGreaterThan(0); + }); + + it('should alert if green -> red', async () => { + const result = await setupAlert(AlertClusterStateState.Green, AlertClusterStateState.Red); + expect(executeActions).toHaveBeenCalledWith( + undefined, + cluster, + AlertClusterStateState.Red, + emailAddress + ); + const clusterResult = result[clusterUuid] as AlertClusterStatePerClusterState; + expect(clusterResult.state).toBe(AlertClusterStateState.Red); + expect(clusterResult.ui.isFiring).toBe(true); + expect(clusterResult.ui.resolvedMS).toBe(0); + }); + + it('should alert if red -> green', async () => { + const result = await setupAlert(AlertClusterStateState.Red, AlertClusterStateState.Green); + expect(executeActions).toHaveBeenCalledWith( + undefined, + cluster, + AlertClusterStateState.Green, + emailAddress, + true + ); + const clusterResult = result[clusterUuid] as AlertClusterStatePerClusterState; + expect(clusterResult.state).toBe(AlertClusterStateState.Green); + expect(clusterResult.ui.resolvedMS).toBeGreaterThan(0); + }); + + it('should not alert if red -> yellow', async () => { + const result = await setupAlert(AlertClusterStateState.Red, AlertClusterStateState.Yellow); + expect(executeActions).not.toHaveBeenCalled(); + const clusterResult = result[clusterUuid] as AlertClusterStatePerClusterState; + expect(clusterResult.state).toBe(AlertClusterStateState.Red); + expect(clusterResult.ui.resolvedMS).toBe(0); + }); + + it('should not alert if yellow -> red', async () => { + const result = await setupAlert(AlertClusterStateState.Yellow, AlertClusterStateState.Red); + expect(executeActions).not.toHaveBeenCalled(); + const clusterResult = result[clusterUuid] as AlertClusterStatePerClusterState; + expect(clusterResult.state).toBe(AlertClusterStateState.Yellow); + expect(clusterResult.ui.resolvedMS).toBe(0); + }); + + it('should not alert if green -> green', async () => { + const result = await setupAlert(AlertClusterStateState.Green, AlertClusterStateState.Green); + expect(executeActions).not.toHaveBeenCalled(); + const clusterResult = result[clusterUuid] as AlertClusterStatePerClusterState; + expect(clusterResult.state).toBe(AlertClusterStateState.Green); + expect(clusterResult.ui.resolvedMS).toBe(0); + }); +}); diff --git a/x-pack/plugins/monitoring/server/alerts/cluster_state.ts b/x-pack/plugins/monitoring/server/alerts/cluster_state.ts new file mode 100644 index 0000000000000..9a5805b8af7ce --- /dev/null +++ b/x-pack/plugins/monitoring/server/alerts/cluster_state.ts @@ -0,0 +1,134 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import moment from 'moment-timezone'; +import { i18n } from '@kbn/i18n'; +import { Logger, ICustomClusterClient, UiSettingsServiceStart } from 'src/core/server'; +import { ALERT_TYPE_CLUSTER_STATE } from '../../common/constants'; +import { AlertType } from '../../../alerting/server'; +import { executeActions, getUiMessage } from '../lib/alerts/cluster_state.lib'; +import { + AlertCommonExecutorOptions, + AlertCommonState, + AlertClusterStatePerClusterState, + AlertCommonCluster, +} from './types'; +import { AlertClusterStateState } from './enums'; +import { getPreparedAlert } from '../lib/alerts/get_prepared_alert'; +import { fetchClusterState } from '../lib/alerts/fetch_cluster_state'; + +export const getClusterState = ( + getUiSettingsService: () => Promise, + monitoringCluster: ICustomClusterClient, + getLogger: (...scopes: string[]) => Logger, + ccsEnabled: boolean +): AlertType => { + const logger = getLogger(ALERT_TYPE_CLUSTER_STATE); + return { + id: ALERT_TYPE_CLUSTER_STATE, + name: 'Monitoring Alert - Cluster Status', + actionGroups: [ + { + id: 'default', + name: i18n.translate('xpack.monitoring.alerts.clusterState.actionGroups.default', { + defaultMessage: 'Default', + }), + }, + ], + defaultActionGroupId: 'default', + async executor({ + services, + params, + state, + }: AlertCommonExecutorOptions): Promise { + logger.debug( + `Firing alert with params: ${JSON.stringify(params)} and state: ${JSON.stringify(state)}` + ); + + const preparedAlert = await getPreparedAlert( + ALERT_TYPE_CLUSTER_STATE, + getUiSettingsService, + monitoringCluster, + logger, + ccsEnabled, + services, + fetchClusterState + ); + + if (!preparedAlert) { + return state; + } + + const { emailAddress, data: states, clusters } = preparedAlert; + + const result: AlertCommonState = { ...state }; + const defaultAlertState: AlertClusterStatePerClusterState = { + state: AlertClusterStateState.Green, + ui: { + isFiring: false, + message: null, + severity: 0, + resolvedMS: 0, + triggeredMS: 0, + lastCheckedMS: 0, + }, + }; + + for (const clusterState of states) { + const alertState: AlertClusterStatePerClusterState = + (state[clusterState.clusterUuid] as AlertClusterStatePerClusterState) || + defaultAlertState; + const cluster = clusters.find( + (c: AlertCommonCluster) => c.clusterUuid === clusterState.clusterUuid + ); + if (!cluster) { + logger.warn(`Unable to find cluster for clusterUuid='${clusterState.clusterUuid}'`); + continue; + } + const isNonGreen = clusterState.state !== AlertClusterStateState.Green; + const severity = clusterState.state === AlertClusterStateState.Red ? 2100 : 1100; + + const ui = alertState.ui; + let triggered = ui.triggeredMS; + let resolved = ui.resolvedMS; + let message = ui.message || {}; + let lastState = alertState.state; + const instance = services.alertInstanceFactory(ALERT_TYPE_CLUSTER_STATE); + + if (isNonGreen) { + if (lastState === AlertClusterStateState.Green) { + logger.debug(`Cluster state changed from green to ${clusterState.state}`); + executeActions(instance, cluster, clusterState.state, emailAddress); + lastState = clusterState.state; + triggered = moment().valueOf(); + } + message = getUiMessage(clusterState.state); + resolved = 0; + } else if (!isNonGreen && lastState !== AlertClusterStateState.Green) { + logger.debug(`Cluster state changed from ${lastState} to green`); + executeActions(instance, cluster, clusterState.state, emailAddress, true); + lastState = clusterState.state; + message = getUiMessage(clusterState.state, true); + resolved = moment().valueOf(); + } + + result[clusterState.clusterUuid] = { + state: lastState, + ui: { + message, + isFiring: isNonGreen, + severity, + resolvedMS: resolved, + triggeredMS: triggered, + lastCheckedMS: moment().valueOf(), + }, + } as AlertClusterStatePerClusterState; + } + + return result; + }, + }; +}; diff --git a/x-pack/plugins/monitoring/server/alerts/enums.ts b/x-pack/plugins/monitoring/server/alerts/enums.ts new file mode 100644 index 0000000000000..ccff588743af1 --- /dev/null +++ b/x-pack/plugins/monitoring/server/alerts/enums.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export enum AlertClusterStateState { + Green = 'green', + Red = 'red', + Yellow = 'yellow', +} + +export enum AlertCommonPerClusterMessageTokenType { + Time = 'time', + Link = 'link', +} diff --git a/x-pack/plugins/monitoring/server/alerts/license_expiration.test.ts b/x-pack/plugins/monitoring/server/alerts/license_expiration.test.ts index 0773af6e7f070..92047e300bc1f 100644 --- a/x-pack/plugins/monitoring/server/alerts/license_expiration.test.ts +++ b/x-pack/plugins/monitoring/server/alerts/license_expiration.test.ts @@ -6,42 +6,31 @@ import moment from 'moment-timezone'; import { getLicenseExpiration } from './license_expiration'; -import { - ALERT_TYPE_LICENSE_EXPIRATION, - MONITORING_CONFIG_ALERTING_EMAIL_ADDRESS, -} from '../../common/constants'; +import { ALERT_TYPE_LICENSE_EXPIRATION } from '../../common/constants'; import { Logger } from 'src/core/server'; -import { AlertServices, AlertInstance } from '../../../alerting/server'; +import { AlertServices } from '../../../alerting/server'; import { savedObjectsClientMock } from 'src/core/server/mocks'; import { - AlertState, - AlertClusterState, - AlertParams, - LicenseExpirationAlertExecutorOptions, + AlertCommonParams, + AlertCommonState, + AlertLicensePerClusterState, + AlertLicense, } from './types'; -import { SavedObject, SavedObjectAttributes } from 'src/core/server'; -import { SavedObjectsClientContract } from 'src/core/server'; - -function fillLicense(license: any, clusterUuid?: string) { - return { - hits: { - hits: [ - { - _source: { - license, - cluster_uuid: clusterUuid, - }, - }, - ], - }, - }; -} - -const clusterUuid = 'a4545jhjb'; -const params: AlertParams = { - dateFormat: 'YYYY', - timezone: 'UTC', -}; +import { executeActions } from '../lib/alerts/license_expiration.lib'; +import { PreparedAlert, getPreparedAlert } from '../lib/alerts/get_prepared_alert'; + +jest.mock('../lib/alerts/license_expiration.lib', () => ({ + executeActions: jest.fn(), + getUiMessage: jest.fn(), +})); + +jest.mock('../lib/alerts/get_prepared_alert', () => ({ + getPreparedAlert: jest.fn(() => { + return { + emailAddress: 'foo@foo.com', + }; + }), +})); interface MockServices { callCluster: jest.Mock; @@ -49,428 +38,169 @@ interface MockServices { savedObjectsClient: jest.Mock; } -const alertExecutorOptions: LicenseExpirationAlertExecutorOptions = { - alertId: '', - startedAt: new Date(), - services: { - callCluster: (path: string, opts: any) => new Promise(resolve => resolve()), - alertInstanceFactory: (id: string) => new AlertInstance(), - savedObjectsClient: {} as jest.Mocked, - }, - params: {}, - state: {}, - spaceId: '', - name: '', - tags: [], - previousStartedAt: null, - createdBy: null, - updatedBy: null, -}; - describe('getLicenseExpiration', () => { - const emailAddress = 'foo@foo.com'; - const getUiSettingsService: any = () => ({ - asScopedToClient: (): any => ({ - get: () => new Promise(resolve => resolve(emailAddress)), - }), - }); - const monitoringCluster: any = null; - const logger: Logger = { - warn: jest.fn(), - log: jest.fn(), - debug: jest.fn(), - trace: jest.fn(), - error: jest.fn(), - fatal: jest.fn(), - info: jest.fn(), - get: jest.fn(), + const services: MockServices | AlertServices = { + callCluster: jest.fn(), + alertInstanceFactory: jest.fn(), + savedObjectsClient: savedObjectsClientMock.create(), }; - const getLogger = (): Logger => logger; - const ccrEnabled = false; - afterEach(() => { - (logger.warn as jest.Mock).mockClear(); - }); - - it('should have the right id and actionGroups', () => { - const alert = getLicenseExpiration( - getUiSettingsService, - monitoringCluster, - getLogger, - ccrEnabled - ); - expect(alert.id).toBe(ALERT_TYPE_LICENSE_EXPIRATION); - expect(alert.actionGroups).toEqual([{ id: 'default', name: 'Default' }]); - }); + const params: AlertCommonParams = { + dateFormat: 'YYYY', + timezone: 'UTC', + }; - it('should return the state if no license is provided', async () => { - const alert = getLicenseExpiration( - getUiSettingsService, - monitoringCluster, - getLogger, - ccrEnabled - ); + const emailAddress = 'foo@foo.com'; + const clusterUuid = 'kdksdfj434'; + const clusterName = 'monitoring_test'; + const dateFormat = 'YYYY-MM-DD'; + const cluster = { clusterUuid, clusterName }; + const defaultUiState = { + isFiring: false, + severity: 0, + message: null, + resolvedMS: 0, + lastCheckedMS: 0, + triggeredMS: 0, + }; - const services: MockServices | AlertServices = { - callCluster: jest.fn(), - alertInstanceFactory: jest.fn(), - savedObjectsClient: savedObjectsClientMock.create(), + async function setupAlert( + license: AlertLicense | null, + expiredCheckDateMS: number, + preparedAlertResponse: PreparedAlert | null | undefined = undefined + ): Promise { + const logger: Logger = { + warn: jest.fn(), + log: jest.fn(), + debug: jest.fn(), + trace: jest.fn(), + error: jest.fn(), + fatal: jest.fn(), + info: jest.fn(), + get: jest.fn(), }; - const state = { foo: 1 }; - - const result = await alert.executor({ - ...alertExecutorOptions, - services, - params, - state, - }); - - expect(result).toEqual(state); - }); + const getLogger = (): Logger => logger; + const ccrEnabled = false; + (getPreparedAlert as jest.Mock).mockImplementation(() => { + if (preparedAlertResponse !== undefined) { + return preparedAlertResponse; + } - it('should log a warning if no email is provided', async () => { - const customGetUiSettingsService: any = () => ({ - asScopedToClient: () => ({ - get: () => null, - }), + return { + emailAddress, + data: [license], + clusters: [cluster], + dateFormat, + }; }); - const alert = getLicenseExpiration( - customGetUiSettingsService, - monitoringCluster, - getLogger, - ccrEnabled - ); - const services = { - callCluster: jest.fn( - (method: string, { filterPath }): Promise => { - return new Promise(resolve => { - if (filterPath.includes('hits.hits._source.license.*')) { - resolve( - fillLicense({ - status: 'good', - type: 'basic', - expiry_date_in_millis: moment() - .add(7, 'days') - .valueOf(), - }) - ); - } - resolve({}); - }); - } - ), - alertInstanceFactory: jest.fn(), - savedObjectsClient: savedObjectsClientMock.create(), + const alert = getLicenseExpiration(null as any, null as any, getLogger, ccrEnabled); + const state: AlertCommonState = { + [clusterUuid]: { + expiredCheckDateMS, + ui: { ...defaultUiState }, + } as AlertLicensePerClusterState, }; - const state = {}; + return (await alert.executor({ services, params, state } as any)) as AlertCommonState; + } - await alert.executor({ - ...alertExecutorOptions, - services, - params, - state, - }); - - expect((logger.warn as jest.Mock).mock.calls.length).toBe(1); - expect(logger.warn).toHaveBeenCalledWith( - `Unable to send email for ${ALERT_TYPE_LICENSE_EXPIRATION} because there is no email configured.` - ); + afterEach(() => { + (executeActions as jest.Mock).mockClear(); + (getPreparedAlert as jest.Mock).mockClear(); }); - it('should fire actions if going to expire', async () => { - const scheduleActions = jest.fn(); - const alertInstanceFactory = jest.fn( - (id: string): AlertInstance => { - const instance = new AlertInstance(); - instance.scheduleActions = scheduleActions; - return instance; - } - ); + it('should have the right id and actionGroups', () => { + const alert = getLicenseExpiration(null as any, null as any, jest.fn(), false); + expect(alert.id).toBe(ALERT_TYPE_LICENSE_EXPIRATION); + expect(alert.actionGroups).toEqual([{ id: 'default', name: 'Default' }]); + }); - const alert = getLicenseExpiration( - getUiSettingsService, - monitoringCluster, - getLogger, - ccrEnabled - ); + it('should return the state if no license is provided', async () => { + const result = await setupAlert(null, 0, null); + expect(result[clusterUuid].ui).toEqual(defaultUiState); + }); - const savedObjectsClient = savedObjectsClientMock.create(); - savedObjectsClient.get.mockReturnValue( - new Promise(resolve => { - const savedObject: SavedObject = { - id: '', - type: '', - references: [], - attributes: { - [MONITORING_CONFIG_ALERTING_EMAIL_ADDRESS]: emailAddress, - }, - }; - resolve(savedObject); - }) - ); - const services = { - callCluster: jest.fn( - (method: string, { filterPath }): Promise => { - return new Promise(resolve => { - if (filterPath.includes('hits.hits._source.license.*')) { - resolve( - fillLicense( - { - status: 'active', - type: 'gold', - expiry_date_in_millis: moment() - .add(7, 'days') - .valueOf(), - }, - clusterUuid - ) - ); - } - resolve({}); - }); - } - ), - alertInstanceFactory, - savedObjectsClient, + it('should fire actions if going to expire', async () => { + const expiryDateMS = moment() + .add(7, 'days') + .valueOf(); + const license = { + status: 'active', + type: 'gold', + expiryDateMS, + clusterUuid, }; - - const state = {}; - - const result: AlertState = (await alert.executor({ - ...alertExecutorOptions, - services, - params, - state, - })) as AlertState; - - const newState: AlertClusterState = result[clusterUuid] as AlertClusterState; - + const result = await setupAlert(license, 0); + const newState = result[clusterUuid] as AlertLicensePerClusterState; expect(newState.expiredCheckDateMS > 0).toBe(true); - expect(scheduleActions.mock.calls.length).toBe(1); - expect(scheduleActions.mock.calls[0][1].subject).toBe( - 'NEW X-Pack Monitoring: License Expiration' + expect(executeActions).toHaveBeenCalledWith( + undefined, + cluster, + moment.utc(expiryDateMS), + dateFormat, + emailAddress ); - expect(scheduleActions.mock.calls[0][1].to).toBe(emailAddress); }); it('should fire actions if the user fixed their license', async () => { - const scheduleActions = jest.fn(); - const alertInstanceFactory = jest.fn( - (id: string): AlertInstance => { - const instance = new AlertInstance(); - instance.scheduleActions = scheduleActions; - return instance; - } - ); - const alert = getLicenseExpiration( - getUiSettingsService, - monitoringCluster, - getLogger, - ccrEnabled - ); - - const savedObjectsClient = savedObjectsClientMock.create(); - savedObjectsClient.get.mockReturnValue( - new Promise(resolve => { - const savedObject: SavedObject = { - id: '', - type: '', - references: [], - attributes: { - [MONITORING_CONFIG_ALERTING_EMAIL_ADDRESS]: emailAddress, - }, - }; - resolve(savedObject); - }) - ); - const services = { - callCluster: jest.fn( - (method: string, { filterPath }): Promise => { - return new Promise(resolve => { - if (filterPath.includes('hits.hits._source.license.*')) { - resolve( - fillLicense( - { - status: 'active', - type: 'gold', - expiry_date_in_millis: moment() - .add(120, 'days') - .valueOf(), - }, - clusterUuid - ) - ); - } - resolve({}); - }); - } - ), - alertInstanceFactory, - savedObjectsClient, - }; - - const state: AlertState = { - [clusterUuid]: { - expiredCheckDateMS: moment() - .subtract(1, 'day') - .valueOf(), - ui: { isFiring: true, severity: 0, message: null, resolvedMS: 0, expirationTime: 0 }, - }, + const expiryDateMS = moment() + .add(365, 'days') + .valueOf(); + const license = { + status: 'active', + type: 'gold', + expiryDateMS, + clusterUuid, }; - - const result: AlertState = (await alert.executor({ - ...alertExecutorOptions, - services, - params, - state, - })) as AlertState; - - const newState: AlertClusterState = result[clusterUuid] as AlertClusterState; + const result = await setupAlert(license, 100); + const newState = result[clusterUuid] as AlertLicensePerClusterState; expect(newState.expiredCheckDateMS).toBe(0); - expect(scheduleActions.mock.calls.length).toBe(1); - expect(scheduleActions.mock.calls[0][1].subject).toBe( - 'RESOLVED X-Pack Monitoring: License Expiration' + expect(executeActions).toHaveBeenCalledWith( + undefined, + cluster, + moment.utc(expiryDateMS), + dateFormat, + emailAddress, + true ); - expect(scheduleActions.mock.calls[0][1].to).toBe(emailAddress); }); it('should not fire actions for trial license that expire in more than 14 days', async () => { - const scheduleActions = jest.fn(); - const alertInstanceFactory = jest.fn( - (id: string): AlertInstance => { - const instance = new AlertInstance(); - instance.scheduleActions = scheduleActions; - return instance; - } - ); - const alert = getLicenseExpiration( - getUiSettingsService, - monitoringCluster, - getLogger, - ccrEnabled - ); - - const savedObjectsClient = savedObjectsClientMock.create(); - savedObjectsClient.get.mockReturnValue( - new Promise(resolve => { - const savedObject: SavedObject = { - id: '', - type: '', - references: [], - attributes: { - [MONITORING_CONFIG_ALERTING_EMAIL_ADDRESS]: emailAddress, - }, - }; - resolve(savedObject); - }) - ); - const services = { - callCluster: jest.fn( - (method: string, { filterPath }): Promise => { - return new Promise(resolve => { - if (filterPath.includes('hits.hits._source.license.*')) { - resolve( - fillLicense( - { - status: 'active', - type: 'trial', - expiry_date_in_millis: moment() - .add(15, 'days') - .valueOf(), - }, - clusterUuid - ) - ); - } - resolve({}); - }); - } - ), - alertInstanceFactory, - savedObjectsClient, + const expiryDateMS = moment() + .add(20, 'days') + .valueOf(); + const license = { + status: 'active', + type: 'trial', + expiryDateMS, + clusterUuid, }; - - const state = {}; - const result: AlertState = (await alert.executor({ - ...alertExecutorOptions, - services, - params, - state, - })) as AlertState; - - const newState: AlertClusterState = result[clusterUuid] as AlertClusterState; - expect(newState.expiredCheckDateMS).toBe(undefined); - expect(scheduleActions).not.toHaveBeenCalled(); + const result = await setupAlert(license, 0); + const newState = result[clusterUuid] as AlertLicensePerClusterState; + expect(newState.expiredCheckDateMS).toBe(0); + expect(executeActions).not.toHaveBeenCalled(); }); it('should fire actions for trial license that in 14 days or less', async () => { - const scheduleActions = jest.fn(); - const alertInstanceFactory = jest.fn( - (id: string): AlertInstance => { - const instance = new AlertInstance(); - instance.scheduleActions = scheduleActions; - return instance; - } - ); - const alert = getLicenseExpiration( - getUiSettingsService, - monitoringCluster, - getLogger, - ccrEnabled - ); - - const savedObjectsClient = savedObjectsClientMock.create(); - savedObjectsClient.get.mockReturnValue( - new Promise(resolve => { - const savedObject: SavedObject = { - id: '', - type: '', - references: [], - attributes: { - [MONITORING_CONFIG_ALERTING_EMAIL_ADDRESS]: emailAddress, - }, - }; - resolve(savedObject); - }) - ); - const services = { - callCluster: jest.fn( - (method: string, { filterPath }): Promise => { - return new Promise(resolve => { - if (filterPath.includes('hits.hits._source.license.*')) { - resolve( - fillLicense( - { - status: 'active', - type: 'trial', - expiry_date_in_millis: moment() - .add(13, 'days') - .valueOf(), - }, - clusterUuid - ) - ); - } - resolve({}); - }); - } - ), - alertInstanceFactory, - savedObjectsClient, + const expiryDateMS = moment() + .add(7, 'days') + .valueOf(); + const license = { + status: 'active', + type: 'trial', + expiryDateMS, + clusterUuid, }; - - const state = {}; - const result: AlertState = (await alert.executor({ - ...alertExecutorOptions, - services, - params, - state, - })) as AlertState; - - const newState: AlertClusterState = result[clusterUuid] as AlertClusterState; + const result = await setupAlert(license, 0); + const newState = result[clusterUuid] as AlertLicensePerClusterState; expect(newState.expiredCheckDateMS > 0).toBe(true); - expect(scheduleActions.mock.calls.length).toBe(1); + expect(executeActions).toHaveBeenCalledWith( + undefined, + cluster, + moment.utc(expiryDateMS), + dateFormat, + emailAddress + ); }); }); diff --git a/x-pack/plugins/monitoring/server/alerts/license_expiration.ts b/x-pack/plugins/monitoring/server/alerts/license_expiration.ts index 93397ff3641ae..2e5356150086b 100644 --- a/x-pack/plugins/monitoring/server/alerts/license_expiration.ts +++ b/x-pack/plugins/monitoring/server/alerts/license_expiration.ts @@ -5,24 +5,20 @@ */ import moment from 'moment-timezone'; -import { get } from 'lodash'; import { Logger, ICustomClusterClient, UiSettingsServiceStart } from 'src/core/server'; import { i18n } from '@kbn/i18n'; -import { ALERT_TYPE_LICENSE_EXPIRATION, INDEX_PATTERN_ELASTICSEARCH } from '../../common/constants'; +import { ALERT_TYPE_LICENSE_EXPIRATION } from '../../common/constants'; import { AlertType } from '../../../../plugins/alerting/server'; import { fetchLicenses } from '../lib/alerts/fetch_licenses'; -import { fetchDefaultEmailAddress } from '../lib/alerts/fetch_default_email_address'; -import { fetchClusters } from '../lib/alerts/fetch_clusters'; -import { fetchAvailableCcs } from '../lib/alerts/fetch_available_ccs'; import { - AlertLicense, - AlertState, - AlertClusterState, - AlertClusterUiState, - LicenseExpirationAlertExecutorOptions, + AlertCommonState, + AlertLicensePerClusterState, + AlertCommonExecutorOptions, + AlertCommonCluster, + AlertLicensePerClusterUiState, } from './types'; -import { getCcsIndexPattern } from '../lib/alerts/get_ccs_index_pattern'; import { executeActions, getUiMessage } from '../lib/alerts/license_expiration.lib'; +import { getPreparedAlert } from '../lib/alerts/get_prepared_alert'; const EXPIRES_DAYS = [60, 30, 14, 7]; @@ -32,14 +28,6 @@ export const getLicenseExpiration = ( getLogger: (...scopes: string[]) => Logger, ccsEnabled: boolean ): AlertType => { - async function getCallCluster(services: any): Promise { - if (!monitoringCluster) { - return services.callCluster; - } - - return monitoringCluster.callAsInternalUser; - } - const logger = getLogger(ALERT_TYPE_LICENSE_EXPIRATION); return { id: ALERT_TYPE_LICENSE_EXPIRATION, @@ -53,54 +41,50 @@ export const getLicenseExpiration = ( }, ], defaultActionGroupId: 'default', - async executor({ - services, - params, - state, - }: LicenseExpirationAlertExecutorOptions): Promise { + async executor({ services, params, state }: AlertCommonExecutorOptions): Promise { logger.debug( `Firing alert with params: ${JSON.stringify(params)} and state: ${JSON.stringify(state)}` ); - const callCluster = await getCallCluster(services); - - // Support CCS use cases by querying to find available remote clusters - // and then adding those to the index pattern we are searching against - let esIndexPattern = INDEX_PATTERN_ELASTICSEARCH; - if (ccsEnabled) { - const availableCcs = await fetchAvailableCcs(callCluster); - if (availableCcs.length > 0) { - esIndexPattern = getCcsIndexPattern(esIndexPattern, availableCcs); - } - } - - const clusters = await fetchClusters(callCluster, esIndexPattern); + const preparedAlert = await getPreparedAlert( + ALERT_TYPE_LICENSE_EXPIRATION, + getUiSettingsService, + monitoringCluster, + logger, + ccsEnabled, + services, + fetchLicenses + ); - // Fetch licensing information from cluster_stats documents - const licenses: AlertLicense[] = await fetchLicenses(callCluster, clusters, esIndexPattern); - if (licenses.length === 0) { - logger.warn(`No license found for ${ALERT_TYPE_LICENSE_EXPIRATION}.`); + if (!preparedAlert) { return state; } - const uiSettings = (await getUiSettingsService()).asScopedToClient( - services.savedObjectsClient - ); - const dateFormat: string = await uiSettings.get('dateFormat'); - const timezone: string = await uiSettings.get('dateFormat:tz'); - const emailAddress = await fetchDefaultEmailAddress(uiSettings); - if (!emailAddress) { - // TODO: we can do more here - logger.warn( - `Unable to send email for ${ALERT_TYPE_LICENSE_EXPIRATION} because there is no email configured.` - ); - return; - } + const { emailAddress, data: licenses, clusters, dateFormat } = preparedAlert; - const result: AlertState = { ...state }; + const result: AlertCommonState = { ...state }; + const defaultAlertState: AlertLicensePerClusterState = { + expiredCheckDateMS: 0, + ui: { + isFiring: false, + message: null, + severity: 0, + resolvedMS: 0, + lastCheckedMS: 0, + triggeredMS: 0, + }, + }; for (const license of licenses) { - const licenseState: AlertClusterState = state[license.clusterUuid] || {}; + const alertState: AlertLicensePerClusterState = + (state[license.clusterUuid] as AlertLicensePerClusterState) || defaultAlertState; + const cluster = clusters.find( + (c: AlertCommonCluster) => c.clusterUuid === license.clusterUuid + ); + if (!cluster) { + logger.warn(`Unable to find cluster for clusterUuid='${license.clusterUuid}'`); + continue; + } const $expiry = moment.utc(license.expiryDateMS); let isExpired = false; let severity = 0; @@ -123,31 +107,26 @@ export const getLicenseExpiration = ( } } - const ui: AlertClusterUiState = get(licenseState, 'ui', { - isFiring: false, - message: null, - severity: 0, - resolvedMS: 0, - expirationTime: 0, - }); + const ui = alertState.ui; + let triggered = ui.triggeredMS; let resolved = ui.resolvedMS; let message = ui.message; - let expiredCheckDate = licenseState.expiredCheckDateMS; + let expiredCheckDate = alertState.expiredCheckDateMS; const instance = services.alertInstanceFactory(ALERT_TYPE_LICENSE_EXPIRATION); if (isExpired) { - if (!licenseState.expiredCheckDateMS) { + if (!alertState.expiredCheckDateMS) { logger.debug(`License will expire soon, sending email`); - executeActions(instance, license, $expiry, dateFormat, emailAddress); - expiredCheckDate = moment().valueOf(); + executeActions(instance, cluster, $expiry, dateFormat, emailAddress); + expiredCheckDate = triggered = moment().valueOf(); } - message = getUiMessage(license, timezone); + message = getUiMessage(); resolved = 0; - } else if (!isExpired && licenseState.expiredCheckDateMS) { + } else if (!isExpired && alertState.expiredCheckDateMS) { logger.debug(`License expiration has been resolved, sending email`); - executeActions(instance, license, $expiry, dateFormat, emailAddress, true); + executeActions(instance, cluster, $expiry, dateFormat, emailAddress, true); expiredCheckDate = 0; - message = getUiMessage(license, timezone, true); + message = getUiMessage(true); resolved = moment().valueOf(); } @@ -159,8 +138,10 @@ export const getLicenseExpiration = ( isFiring: expiredCheckDate > 0, severity, resolvedMS: resolved, - }, - }; + triggeredMS: triggered, + lastCheckedMS: moment().valueOf(), + } as AlertLicensePerClusterUiState, + } as AlertLicensePerClusterState; } return result; diff --git a/x-pack/plugins/monitoring/server/alerts/types.d.ts b/x-pack/plugins/monitoring/server/alerts/types.d.ts index ff47d6f2ad4dc..b689d008b51a7 100644 --- a/x-pack/plugins/monitoring/server/alerts/types.d.ts +++ b/x-pack/plugins/monitoring/server/alerts/types.d.ts @@ -5,41 +5,79 @@ */ import { Moment } from 'moment'; import { AlertExecutorOptions } from '../../../alerting/server'; +import { AlertClusterStateState, AlertCommonPerClusterMessageTokenType } from './enums'; export interface AlertLicense { status: string; type: string; expiryDateMS: number; clusterUuid: string; - clusterName: string; } -export interface AlertState { - [clusterUuid: string]: AlertClusterState; +export interface AlertClusterState { + state: AlertClusterStateState; + clusterUuid: string; +} + +export interface AlertCommonState { + [clusterUuid: string]: AlertCommonPerClusterState; } -export interface AlertClusterState { - expiredCheckDateMS: number | Moment; - ui: AlertClusterUiState; +export interface AlertCommonPerClusterState { + ui: AlertCommonPerClusterUiState; } -export interface AlertClusterUiState { +export interface AlertClusterStatePerClusterState extends AlertCommonPerClusterState { + state: AlertClusterStateState; +} + +export interface AlertLicensePerClusterState extends AlertCommonPerClusterState { + expiredCheckDateMS: number; +} + +export interface AlertCommonPerClusterUiState { isFiring: boolean; severity: number; - message: string | null; + message: AlertCommonPerClusterMessage | null; resolvedMS: number; + lastCheckedMS: number; + triggeredMS: number; +} + +export interface AlertCommonPerClusterMessage { + text: string; // Do this. #link this is a link #link + tokens?: AlertCommonPerClusterMessageToken[]; +} + +export interface AlertCommonPerClusterMessageToken { + startToken: string; + endToken?: string; + type: AlertCommonPerClusterMessageTokenType; +} + +export interface AlertCommonPerClusterMessageLinkToken extends AlertCommonPerClusterMessageToken { + url?: string; +} + +export interface AlertCommonPerClusterMessageTimeToken extends AlertCommonPerClusterMessageToken { + isRelative: boolean; + isAbsolute: boolean; +} + +export interface AlertLicensePerClusterUiState extends AlertCommonPerClusterUiState { expirationTime: number; } -export interface AlertCluster { +export interface AlertCommonCluster { clusterUuid: string; + clusterName: string; } -export interface LicenseExpirationAlertExecutorOptions extends AlertExecutorOptions { - state: AlertState; +export interface AlertCommonExecutorOptions extends AlertExecutorOptions { + state: AlertCommonState; } -export interface AlertParams { +export interface AlertCommonParams { dateFormat: string; timezone: string; } diff --git a/x-pack/plugins/monitoring/server/lib/alerts/cluster_state.lib.test.ts b/x-pack/plugins/monitoring/server/lib/alerts/cluster_state.lib.test.ts new file mode 100644 index 0000000000000..81e375734cc50 --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/alerts/cluster_state.lib.test.ts @@ -0,0 +1,70 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { executeActions, getUiMessage } from './cluster_state.lib'; +import { AlertClusterStateState } from '../../alerts/enums'; +import { AlertCommonPerClusterMessageLinkToken } from '../../alerts/types'; + +describe('clusterState lib', () => { + describe('executeActions', () => { + const clusterName = 'clusterA'; + const instance: any = { scheduleActions: jest.fn() }; + const license: any = { clusterName }; + const status = AlertClusterStateState.Green; + const emailAddress = 'test@test.com'; + + beforeEach(() => { + instance.scheduleActions.mockClear(); + }); + + it('should schedule actions when firing', () => { + executeActions(instance, license, status, emailAddress, false); + expect(instance.scheduleActions).toHaveBeenCalledWith('default', { + subject: 'NEW X-Pack Monitoring: Cluster Status', + message: `Allocate missing replica shards for cluster '${clusterName}'`, + to: emailAddress, + }); + }); + + it('should have a different message for red state', () => { + executeActions(instance, license, AlertClusterStateState.Red, emailAddress, false); + expect(instance.scheduleActions).toHaveBeenCalledWith('default', { + subject: 'NEW X-Pack Monitoring: Cluster Status', + message: `Allocate missing primary and replica shards for cluster '${clusterName}'`, + to: emailAddress, + }); + }); + + it('should schedule actions when resolved', () => { + executeActions(instance, license, status, emailAddress, true); + expect(instance.scheduleActions).toHaveBeenCalledWith('default', { + subject: 'RESOLVED X-Pack Monitoring: Cluster Status', + message: `This cluster alert has been resolved: Allocate missing replica shards for cluster '${clusterName}'`, + to: emailAddress, + }); + }); + }); + + describe('getUiMessage', () => { + it('should return a message when firing', () => { + const message = getUiMessage(AlertClusterStateState.Red, false); + expect(message.text).toBe( + `Elasticsearch cluster status is red. #start_linkAllocate missing primary and replica shards#end_link` + ); + expect(message.tokens && message.tokens.length).toBe(1); + expect(message.tokens && message.tokens[0].startToken).toBe('#start_link'); + expect(message.tokens && message.tokens[0].endToken).toBe('#end_link'); + expect( + message.tokens && (message.tokens[0] as AlertCommonPerClusterMessageLinkToken).url + ).toBe('elasticsearch/indices'); + }); + + it('should return a message when resolved', () => { + const message = getUiMessage(AlertClusterStateState.Green, true); + expect(message.text).toBe(`Elasticsearch cluster status is green.`); + expect(message.tokens).not.toBeDefined(); + }); + }); +}); diff --git a/x-pack/plugins/monitoring/server/lib/alerts/cluster_state.lib.ts b/x-pack/plugins/monitoring/server/lib/alerts/cluster_state.lib.ts new file mode 100644 index 0000000000000..ae66d603507ca --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/alerts/cluster_state.lib.ts @@ -0,0 +1,88 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { i18n } from '@kbn/i18n'; +import { AlertInstance } from '../../../../alerting/server'; +import { + AlertCommonCluster, + AlertCommonPerClusterMessage, + AlertCommonPerClusterMessageLinkToken, +} from '../../alerts/types'; +import { AlertClusterStateState, AlertCommonPerClusterMessageTokenType } from '../../alerts/enums'; + +const RESOLVED_SUBJECT = i18n.translate('xpack.monitoring.alerts.clusterStatus.resolvedSubject', { + defaultMessage: 'RESOLVED X-Pack Monitoring: Cluster Status', +}); + +const NEW_SUBJECT = i18n.translate('xpack.monitoring.alerts.clusterStatus.newSubject', { + defaultMessage: 'NEW X-Pack Monitoring: Cluster Status', +}); + +const RED_STATUS_MESSAGE = i18n.translate('xpack.monitoring.alerts.clusterStatus.redMessage', { + defaultMessage: 'Allocate missing primary and replica shards', +}); + +const YELLOW_STATUS_MESSAGE = i18n.translate( + 'xpack.monitoring.alerts.clusterStatus.yellowMessage', + { + defaultMessage: 'Allocate missing replica shards', + } +); + +export function executeActions( + instance: AlertInstance, + cluster: AlertCommonCluster, + status: AlertClusterStateState, + emailAddress: string, + resolved: boolean = false +) { + const message = + status === AlertClusterStateState.Red ? RED_STATUS_MESSAGE : YELLOW_STATUS_MESSAGE; + if (resolved) { + instance.scheduleActions('default', { + subject: RESOLVED_SUBJECT, + message: `This cluster alert has been resolved: ${message} for cluster '${cluster.clusterName}'`, + to: emailAddress, + }); + } else { + instance.scheduleActions('default', { + subject: NEW_SUBJECT, + message: `${message} for cluster '${cluster.clusterName}'`, + to: emailAddress, + }); + } +} + +export function getUiMessage( + status: AlertClusterStateState, + resolved: boolean = false +): AlertCommonPerClusterMessage { + if (resolved) { + return { + text: i18n.translate('xpack.monitoring.alerts.clusterStatus.ui.resolvedMessage', { + defaultMessage: `Elasticsearch cluster status is green.`, + }), + }; + } + const message = + status === AlertClusterStateState.Red ? RED_STATUS_MESSAGE : YELLOW_STATUS_MESSAGE; + return { + text: i18n.translate('xpack.monitoring.alerts.clusterStatus.ui.firingMessage', { + defaultMessage: `Elasticsearch cluster status is {status}. #start_link{message}#end_link`, + values: { + status, + message, + }, + }), + tokens: [ + { + startToken: '#start_link', + endToken: '#end_link', + type: AlertCommonPerClusterMessageTokenType.Link, + url: 'elasticsearch/indices', + } as AlertCommonPerClusterMessageLinkToken, + ], + }; +} diff --git a/x-pack/plugins/monitoring/server/lib/alerts/fetch_cluster_state.test.ts b/x-pack/plugins/monitoring/server/lib/alerts/fetch_cluster_state.test.ts new file mode 100644 index 0000000000000..642ae3c39a027 --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/alerts/fetch_cluster_state.test.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { fetchClusterState } from './fetch_cluster_state'; + +describe('fetchClusterState', () => { + it('should return the cluster state', async () => { + const status = 'green'; + const clusterUuid = 'sdfdsaj34434'; + const callCluster = jest.fn(() => ({ + hits: { + hits: [ + { + _source: { + cluster_state: { + status, + }, + cluster_uuid: clusterUuid, + }, + }, + ], + }, + })); + + const clusters = [{ clusterUuid, clusterName: 'foo' }]; + const index = '.monitoring-es-*'; + + const state = await fetchClusterState(callCluster, clusters, index); + expect(state).toEqual([ + { + state: status, + clusterUuid, + }, + ]); + }); +}); diff --git a/x-pack/plugins/monitoring/server/lib/alerts/fetch_cluster_state.ts b/x-pack/plugins/monitoring/server/lib/alerts/fetch_cluster_state.ts new file mode 100644 index 0000000000000..66ea30d5f2e96 --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/alerts/fetch_cluster_state.ts @@ -0,0 +1,53 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { get } from 'lodash'; +import { AlertCommonCluster, AlertClusterState } from '../../alerts/types'; + +export async function fetchClusterState( + callCluster: any, + clusters: AlertCommonCluster[], + index: string +): Promise { + const params = { + index, + filterPath: ['hits.hits._source.cluster_state.status', 'hits.hits._source.cluster_uuid'], + body: { + size: 1, + sort: [{ timestamp: { order: 'desc' } }], + query: { + bool: { + filter: [ + { + terms: { + cluster_uuid: clusters.map(cluster => cluster.clusterUuid), + }, + }, + { + term: { + type: 'cluster_stats', + }, + }, + { + range: { + timestamp: { + gte: 'now-2m', + }, + }, + }, + ], + }, + }, + }, + }; + + const response = await callCluster('search', params); + return get(response, 'hits.hits', []).map((hit: any) => { + return { + state: get(hit, '_source.cluster_state.status'), + clusterUuid: get(hit, '_source.cluster_uuid'), + }; + }); +} diff --git a/x-pack/plugins/monitoring/server/lib/alerts/fetch_clusters.test.ts b/x-pack/plugins/monitoring/server/lib/alerts/fetch_clusters.test.ts index 78eb9773df15f..7a9b61f37707b 100644 --- a/x-pack/plugins/monitoring/server/lib/alerts/fetch_clusters.test.ts +++ b/x-pack/plugins/monitoring/server/lib/alerts/fetch_clusters.test.ts @@ -6,21 +6,51 @@ import { fetchClusters } from './fetch_clusters'; describe('fetchClusters', () => { + const clusterUuid = '1sdfds734'; + const clusterName = 'monitoring'; + it('return a list of clusters', async () => { const callCluster = jest.fn().mockImplementation(() => ({ - aggregations: { - clusters: { - buckets: [ - { - key: 'clusterA', + hits: { + hits: [ + { + _source: { + cluster_uuid: clusterUuid, + cluster_name: clusterName, + }, + }, + ], + }, + })); + const index = '.monitoring-es-*'; + const result = await fetchClusters(callCluster, index); + expect(result).toEqual([{ clusterUuid, clusterName }]); + }); + + it('return the metadata name if available', async () => { + const metadataName = 'custom-monitoring'; + const callCluster = jest.fn().mockImplementation(() => ({ + hits: { + hits: [ + { + _source: { + cluster_uuid: clusterUuid, + cluster_name: clusterName, + cluster_settings: { + cluster: { + metadata: { + display_name: metadataName, + }, + }, + }, }, - ], - }, + }, + ], }, })); const index = '.monitoring-es-*'; const result = await fetchClusters(callCluster, index); - expect(result).toEqual([{ clusterUuid: 'clusterA' }]); + expect(result).toEqual([{ clusterUuid, clusterName: metadataName }]); }); it('should limit the time period in the query', async () => { diff --git a/x-pack/plugins/monitoring/server/lib/alerts/fetch_clusters.ts b/x-pack/plugins/monitoring/server/lib/alerts/fetch_clusters.ts index 8ef7339618a2c..d1513ac16fb15 100644 --- a/x-pack/plugins/monitoring/server/lib/alerts/fetch_clusters.ts +++ b/x-pack/plugins/monitoring/server/lib/alerts/fetch_clusters.ts @@ -4,18 +4,21 @@ * you may not use this file except in compliance with the Elastic License. */ import { get } from 'lodash'; -import { AlertCluster } from '../../alerts/types'; +import { AlertCommonCluster } from '../../alerts/types'; -interface AggregationResult { - key: string; -} - -export async function fetchClusters(callCluster: any, index: string): Promise { +export async function fetchClusters( + callCluster: any, + index: string +): Promise { const params = { index, - filterPath: 'aggregations.clusters.buckets', + filterPath: [ + 'hits.hits._source.cluster_settings.cluster.metadata.display_name', + 'hits.hits._source.cluster_uuid', + 'hits.hits._source.cluster_name', + ], body: { - size: 0, + size: 1000, query: { bool: { filter: [ @@ -34,19 +37,21 @@ export async function fetchClusters(callCluster: any, index: string): Promise ({ - clusterUuid: bucket.key, - })); + return get(response, 'hits.hits', []).map((hit: any) => { + const clusterName: string = + get(hit, '_source.cluster_settings.cluster.metadata.display_name') || + get(hit, '_source.cluster_name') || + get(hit, '_source.cluster_uuid'); + return { + clusterUuid: get(hit, '_source.cluster_uuid'), + clusterName, + }; + }); } diff --git a/x-pack/plugins/monitoring/server/lib/alerts/fetch_licenses.test.ts b/x-pack/plugins/monitoring/server/lib/alerts/fetch_licenses.test.ts index dd6c074e68b1f..9dcb4ffb82a5f 100644 --- a/x-pack/plugins/monitoring/server/lib/alerts/fetch_licenses.test.ts +++ b/x-pack/plugins/monitoring/server/lib/alerts/fetch_licenses.test.ts @@ -6,28 +6,28 @@ import { fetchLicenses } from './fetch_licenses'; describe('fetchLicenses', () => { + const clusterName = 'MyCluster'; + const clusterUuid = 'clusterA'; + const license = { + status: 'active', + expiry_date_in_millis: 1579532493876, + type: 'basic', + }; + it('return a list of licenses', async () => { - const clusterName = 'MyCluster'; - const clusterUuid = 'clusterA'; - const license = { - status: 'active', - expiry_date_in_millis: 1579532493876, - type: 'basic', - }; const callCluster = jest.fn().mockImplementation(() => ({ hits: { hits: [ { _source: { license, - cluster_name: clusterName, cluster_uuid: clusterUuid, }, }, ], }, })); - const clusters = [{ clusterUuid }]; + const clusters = [{ clusterUuid, clusterName }]; const index = '.monitoring-es-*'; const result = await fetchLicenses(callCluster, clusters, index); expect(result).toEqual([ @@ -36,15 +36,13 @@ describe('fetchLicenses', () => { type: license.type, expiryDateMS: license.expiry_date_in_millis, clusterUuid, - clusterName, }, ]); }); it('should only search for the clusters provided', async () => { - const clusterUuid = 'clusterA'; const callCluster = jest.fn(); - const clusters = [{ clusterUuid }]; + const clusters = [{ clusterUuid, clusterName }]; const index = '.monitoring-es-*'; await fetchLicenses(callCluster, clusters, index); const params = callCluster.mock.calls[0][1]; @@ -52,54 +50,11 @@ describe('fetchLicenses', () => { }); it('should limit the time period in the query', async () => { - const clusterUuid = 'clusterA'; const callCluster = jest.fn(); - const clusters = [{ clusterUuid }]; + const clusters = [{ clusterUuid, clusterName }]; const index = '.monitoring-es-*'; await fetchLicenses(callCluster, clusters, index); const params = callCluster.mock.calls[0][1]; expect(params.body.query.bool.filter[2].range.timestamp.gte).toBe('now-2m'); }); - - it('should give priority to the metadata name', async () => { - const clusterName = 'MyCluster'; - const clusterUuid = 'clusterA'; - const license = { - status: 'active', - expiry_date_in_millis: 1579532493876, - type: 'basic', - }; - const callCluster = jest.fn().mockImplementation(() => ({ - hits: { - hits: [ - { - _source: { - license, - cluster_name: 'fakeName', - cluster_uuid: clusterUuid, - cluster_settings: { - cluster: { - metadata: { - display_name: clusterName, - }, - }, - }, - }, - }, - ], - }, - })); - const clusters = [{ clusterUuid }]; - const index = '.monitoring-es-*'; - const result = await fetchLicenses(callCluster, clusters, index); - expect(result).toEqual([ - { - status: license.status, - type: license.type, - expiryDateMS: license.expiry_date_in_millis, - clusterUuid, - clusterName, - }, - ]); - }); }); diff --git a/x-pack/plugins/monitoring/server/lib/alerts/fetch_licenses.ts b/x-pack/plugins/monitoring/server/lib/alerts/fetch_licenses.ts index 31a68e8aa9c3e..5b05c907e796e 100644 --- a/x-pack/plugins/monitoring/server/lib/alerts/fetch_licenses.ts +++ b/x-pack/plugins/monitoring/server/lib/alerts/fetch_licenses.ts @@ -4,21 +4,16 @@ * you may not use this file except in compliance with the Elastic License. */ import { get } from 'lodash'; -import { AlertLicense, AlertCluster } from '../../alerts/types'; +import { AlertLicense, AlertCommonCluster } from '../../alerts/types'; export async function fetchLicenses( callCluster: any, - clusters: AlertCluster[], + clusters: AlertCommonCluster[], index: string ): Promise { const params = { index, - filterPath: [ - 'hits.hits._source.license.*', - 'hits.hits._source.cluster_settings.cluster.metadata.display_name', - 'hits.hits._source.cluster_uuid', - 'hits.hits._source.cluster_name', - ], + filterPath: ['hits.hits._source.license.*', 'hits.hits._source.cluster_uuid'], body: { size: 1, sort: [{ timestamp: { order: 'desc' } }], @@ -50,17 +45,12 @@ export async function fetchLicenses( const response = await callCluster('search', params); return get(response, 'hits.hits', []).map((hit: any) => { - const clusterName: string = - get(hit, '_source.cluster_settings.cluster.metadata.display_name') || - get(hit, '_source.cluster_name') || - get(hit, '_source.cluster_uuid'); const rawLicense: any = get(hit, '_source.license', {}); const license: AlertLicense = { status: rawLicense.status, type: rawLicense.type, expiryDateMS: rawLicense.expiry_date_in_millis, clusterUuid: get(hit, '_source.cluster_uuid'), - clusterName, }; return license; }); diff --git a/x-pack/plugins/monitoring/server/lib/alerts/fetch_status.test.ts b/x-pack/plugins/monitoring/server/lib/alerts/fetch_status.test.ts new file mode 100644 index 0000000000000..a3bcb61afacd6 --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/alerts/fetch_status.test.ts @@ -0,0 +1,122 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { fetchStatus } from './fetch_status'; +import { AlertCommonPerClusterState } from '../../alerts/types'; + +describe('fetchStatus', () => { + const alertType = 'monitoringTest'; + const log = { warn: jest.fn() }; + const start = 0; + const end = 0; + const id = 1; + const defaultUiState = { + isFiring: false, + severity: 0, + message: null, + resolvedMS: 0, + lastCheckedMS: 0, + triggeredMS: 0, + }; + const alertsClient = { + find: jest.fn(() => ({ + total: 1, + data: [ + { + id, + }, + ], + })), + getAlertState: jest.fn(() => ({ + alertTypeState: { + state: { + ui: defaultUiState, + } as AlertCommonPerClusterState, + }, + })), + }; + + afterEach(() => { + (alertsClient.find as jest.Mock).mockClear(); + (alertsClient.getAlertState as jest.Mock).mockClear(); + }); + + it('should fetch from the alerts client', async () => { + const status = await fetchStatus(alertsClient as any, [alertType], start, end, log as any); + expect(status).toEqual([]); + }); + + it('should return alerts that are firing', async () => { + alertsClient.getAlertState = jest.fn(() => ({ + alertTypeState: { + state: { + ui: { + ...defaultUiState, + isFiring: true, + }, + } as AlertCommonPerClusterState, + }, + })); + + const status = await fetchStatus(alertsClient as any, [alertType], start, end, log as any); + expect(status.length).toBe(1); + expect(status[0].type).toBe(alertType); + expect(status[0].isFiring).toBe(true); + }); + + it('should return alerts that have been resolved in the time period', async () => { + alertsClient.getAlertState = jest.fn(() => ({ + alertTypeState: { + state: { + ui: { + ...defaultUiState, + resolvedMS: 1500, + }, + } as AlertCommonPerClusterState, + }, + })); + + const customStart = 1000; + const customEnd = 2000; + + const status = await fetchStatus( + alertsClient as any, + [alertType], + customStart, + customEnd, + log as any + ); + expect(status.length).toBe(1); + expect(status[0].type).toBe(alertType); + expect(status[0].isFiring).toBe(false); + }); + + it('should pass in the right filter to the alerts client', async () => { + await fetchStatus(alertsClient as any, [alertType], start, end, log as any); + expect((alertsClient.find as jest.Mock).mock.calls[0][0].options.filter).toBe( + `alert.attributes.alertTypeId:${alertType}` + ); + }); + + it('should return nothing if no alert state is found', async () => { + alertsClient.getAlertState = jest.fn(() => ({ + alertTypeState: null, + })) as any; + + const status = await fetchStatus(alertsClient as any, [alertType], start, end, log as any); + expect(status).toEqual([]); + }); + + it('should return nothing if no alerts are found', async () => { + alertsClient.find = jest.fn(() => ({ + total: 0, + data: [], + })) as any; + + const status = await fetchStatus(alertsClient as any, [alertType], start, end, log as any); + expect(status).toEqual([]); + }); +}); diff --git a/x-pack/plugins/monitoring/server/lib/alerts/fetch_status.ts b/x-pack/plugins/monitoring/server/lib/alerts/fetch_status.ts index 9f7c1d5a994d2..bf6ee965d3b2f 100644 --- a/x-pack/plugins/monitoring/server/lib/alerts/fetch_status.ts +++ b/x-pack/plugins/monitoring/server/lib/alerts/fetch_status.ts @@ -4,81 +4,53 @@ * you may not use this file except in compliance with the Elastic License. */ import moment from 'moment'; -import { get } from 'lodash'; -import { AlertClusterState } from '../../alerts/types'; -import { ALERT_TYPES, LOGGING_TAG } from '../../../common/constants'; +import { Logger } from '../../../../../../src/core/server'; +import { AlertCommonPerClusterState } from '../../alerts/types'; +import { AlertsClient } from '../../../../alerting/server'; export async function fetchStatus( - callCluster: any, + alertsClient: AlertsClient, + alertTypes: string[], start: number, end: number, - clusterUuid: string, - server: any + log: Logger ): Promise { - // TODO: this shouldn't query task manager directly but rather - // use an api exposed by the alerting/actions plugin - // See https://github.com/elastic/kibana/issues/48442 const statuses = await Promise.all( - ALERT_TYPES.map( + alertTypes.map( type => new Promise(async (resolve, reject) => { - try { - const params = { - index: '.kibana_task_manager', - filterPath: ['hits.hits._source.task.state'], - body: { - size: 1, - sort: [{ updated_at: { order: 'desc' } }], - query: { - bool: { - filter: [ - { - term: { - 'task.taskType': `alerting:${type}`, - }, - }, - ], - }, - }, - }, - }; - - const response = await callCluster('search', params); - const state = get(response, 'hits.hits[0]._source.task.state', '{}'); - const clusterState: AlertClusterState = get( - JSON.parse(state), - `alertTypeState.${clusterUuid}`, - { - expiredCheckDateMS: 0, - ui: { - isFiring: false, - message: null, - severity: 0, - resolvedMS: 0, - expirationTime: 0, - }, - } - ); - const isInBetween = moment(clusterState.ui.resolvedMS).isBetween(start, end); - if (clusterState.ui.isFiring || isInBetween) { - return resolve({ - type, - ...clusterState.ui, - }); - } + // We need to get the id from the alertTypeId + const alerts = await alertsClient.find({ + options: { + filter: `alert.attributes.alertTypeId:${type}`, + }, + }); + if (alerts.total === 0) { return resolve(false); - } catch (err) { - const reason = get(err, 'body.error.type'); - if (reason === 'index_not_found_exception') { - server.log( - ['error', LOGGING_TAG], - `Unable to fetch alerts. Alerts depends on task manager, which has not been started yet.` - ); - } else { - server.log(['error', LOGGING_TAG], err.message); - } + } + + if (alerts.total !== 1) { + log.warn(`Found more than one alert for type ${type} which is unexpected.`); + } + + const id = alerts.data[0].id; + + // Now that we have the id, we can get the state + const states = await alertsClient.getAlertState({ id }); + if (!states || !states.alertTypeState) { + log.warn(`No alert states found for type ${type} which is unexpected.`); return resolve(false); } + + const state = Object.values(states.alertTypeState)[0] as AlertCommonPerClusterState; + const isInBetween = moment(state.ui.resolvedMS).isBetween(start, end); + if (state.ui.isFiring || isInBetween) { + return resolve({ + type, + ...state.ui, + }); + } + return resolve(false); }) ) ); diff --git a/x-pack/plugins/monitoring/server/lib/alerts/get_prepared_alert.test.ts b/x-pack/plugins/monitoring/server/lib/alerts/get_prepared_alert.test.ts new file mode 100644 index 0000000000000..1840a2026a753 --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/alerts/get_prepared_alert.test.ts @@ -0,0 +1,163 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { getPreparedAlert } from './get_prepared_alert'; +import { fetchClusters } from './fetch_clusters'; +import { fetchDefaultEmailAddress } from './fetch_default_email_address'; + +jest.mock('./fetch_clusters', () => ({ + fetchClusters: jest.fn(), +})); + +jest.mock('./fetch_default_email_address', () => ({ + fetchDefaultEmailAddress: jest.fn(), +})); + +describe('getPreparedAlert', () => { + const uiSettings = { get: jest.fn() }; + const alertType = 'test'; + const getUiSettingsService = async () => ({ + asScopedToClient: () => uiSettings, + }); + const monitoringCluster = null; + const logger = { warn: jest.fn() }; + const ccsEnabled = false; + const services = { + callCluster: jest.fn(), + savedObjectsClient: null, + }; + const emailAddress = 'foo@foo.com'; + const data = [{ foo: 1 }]; + const dataFetcher = () => data; + const clusterName = 'MonitoringCluster'; + const clusterUuid = 'sdf34sdf'; + const clusters = [{ clusterName, clusterUuid }]; + + afterEach(() => { + (uiSettings.get as jest.Mock).mockClear(); + (services.callCluster as jest.Mock).mockClear(); + (fetchClusters as jest.Mock).mockClear(); + (fetchDefaultEmailAddress as jest.Mock).mockClear(); + }); + + beforeEach(() => { + (fetchClusters as jest.Mock).mockImplementation(() => clusters); + (fetchDefaultEmailAddress as jest.Mock).mockImplementation(() => emailAddress); + }); + + it('should return fields as expected', async () => { + (uiSettings.get as jest.Mock).mockImplementation(() => { + return emailAddress; + }); + + const alert = await getPreparedAlert( + alertType, + getUiSettingsService as any, + monitoringCluster as any, + logger as any, + ccsEnabled, + services as any, + dataFetcher as any + ); + + expect(alert && alert.emailAddress).toBe(emailAddress); + expect(alert && alert.data).toBe(data); + }); + + it('should add ccs if specified', async () => { + const ccsClusterName = 'remoteCluster'; + (services.callCluster as jest.Mock).mockImplementation(() => { + return { + [ccsClusterName]: { + connected: true, + }, + }; + }); + + await getPreparedAlert( + alertType, + getUiSettingsService as any, + monitoringCluster as any, + logger as any, + true, + services as any, + dataFetcher as any + ); + + expect((fetchClusters as jest.Mock).mock.calls[0][1].includes(ccsClusterName)).toBe(true); + }); + + it('should ignore ccs if no remote clusters are available', async () => { + const ccsClusterName = 'remoteCluster'; + (services.callCluster as jest.Mock).mockImplementation(() => { + return { + [ccsClusterName]: { + connected: false, + }, + }; + }); + + await getPreparedAlert( + alertType, + getUiSettingsService as any, + monitoringCluster as any, + logger as any, + true, + services as any, + dataFetcher as any + ); + + expect((fetchClusters as jest.Mock).mock.calls[0][1].includes(ccsClusterName)).toBe(false); + }); + + it('should pass in the clusters into the data fetcher', async () => { + const customDataFetcher = jest.fn(() => data); + + await getPreparedAlert( + alertType, + getUiSettingsService as any, + monitoringCluster as any, + logger as any, + true, + services as any, + customDataFetcher as any + ); + + expect((customDataFetcher as jest.Mock).mock.calls[0][1]).toBe(clusters); + }); + + it('should return nothing if the data fetcher returns nothing', async () => { + const customDataFetcher = jest.fn(() => []); + + const result = await getPreparedAlert( + alertType, + getUiSettingsService as any, + monitoringCluster as any, + logger as any, + true, + services as any, + customDataFetcher as any + ); + + expect(result).toBe(null); + }); + + it('should return nothing if there is no email address', async () => { + (fetchDefaultEmailAddress as jest.Mock).mockImplementation(() => null); + + const result = await getPreparedAlert( + alertType, + getUiSettingsService as any, + monitoringCluster as any, + logger as any, + true, + services as any, + dataFetcher as any + ); + + expect(result).toBe(null); + }); +}); diff --git a/x-pack/plugins/monitoring/server/lib/alerts/get_prepared_alert.ts b/x-pack/plugins/monitoring/server/lib/alerts/get_prepared_alert.ts new file mode 100644 index 0000000000000..83a9e26e4c589 --- /dev/null +++ b/x-pack/plugins/monitoring/server/lib/alerts/get_prepared_alert.ts @@ -0,0 +1,87 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { Logger, ICustomClusterClient, UiSettingsServiceStart } from 'kibana/server'; +import { CallCluster } from 'src/legacy/core_plugins/elasticsearch'; +import { AlertServices } from '../../../../alerting/server'; +import { AlertCommonCluster } from '../../alerts/types'; +import { INDEX_PATTERN_ELASTICSEARCH } from '../../../common/constants'; +import { fetchAvailableCcs } from './fetch_available_ccs'; +import { getCcsIndexPattern } from './get_ccs_index_pattern'; +import { fetchClusters } from './fetch_clusters'; +import { fetchDefaultEmailAddress } from './fetch_default_email_address'; + +export interface PreparedAlert { + emailAddress: string; + clusters: AlertCommonCluster[]; + data: any[]; + timezone: string; + dateFormat: string; +} + +async function getCallCluster( + monitoringCluster: ICustomClusterClient, + services: Pick +): Promise { + if (!monitoringCluster) { + return services.callCluster; + } + + return monitoringCluster.callAsInternalUser; +} + +export async function getPreparedAlert( + alertType: string, + getUiSettingsService: () => Promise, + monitoringCluster: ICustomClusterClient, + logger: Logger, + ccsEnabled: boolean, + services: Pick, + dataFetcher: ( + callCluster: CallCluster, + clusters: AlertCommonCluster[], + esIndexPattern: string + ) => Promise +): Promise { + const callCluster = await getCallCluster(monitoringCluster, services); + + // Support CCS use cases by querying to find available remote clusters + // and then adding those to the index pattern we are searching against + let esIndexPattern = INDEX_PATTERN_ELASTICSEARCH; + if (ccsEnabled) { + const availableCcs = await fetchAvailableCcs(callCluster); + if (availableCcs.length > 0) { + esIndexPattern = getCcsIndexPattern(esIndexPattern, availableCcs); + } + } + + const clusters = await fetchClusters(callCluster, esIndexPattern); + + // Fetch the specific data + const data = await dataFetcher(callCluster, clusters, esIndexPattern); + if (data.length === 0) { + logger.warn(`No data found for ${alertType}.`); + return null; + } + + const uiSettings = (await getUiSettingsService()).asScopedToClient(services.savedObjectsClient); + const dateFormat: string = await uiSettings.get('dateFormat'); + const timezone: string = await uiSettings.get('dateFormat:tz'); + const emailAddress = await fetchDefaultEmailAddress(uiSettings); + if (!emailAddress) { + // TODO: we can do more here + logger.warn(`Unable to send email for ${alertType} because there is no email configured.`); + return null; + } + + return { + emailAddress, + data, + clusters, + dateFormat, + timezone, + }; +} diff --git a/x-pack/plugins/monitoring/server/lib/alerts/license_expiration.lib.test.ts b/x-pack/plugins/monitoring/server/lib/alerts/license_expiration.lib.test.ts index 1a2eb1e44be84..b99208bdde2c8 100644 --- a/x-pack/plugins/monitoring/server/lib/alerts/license_expiration.lib.test.ts +++ b/x-pack/plugins/monitoring/server/lib/alerts/license_expiration.lib.test.ts @@ -39,17 +39,26 @@ describe('licenseExpiration lib', () => { }); describe('getUiMessage', () => { - const timezone = 'Europe/London'; - const license: any = { expiryDateMS: moment.tz('2020-01-20 08:00:00', timezone).utc() }; - it('should return a message when firing', () => { - const message = getUiMessage(license, timezone, false); - expect(message).toBe(`This cluster's license is going to expire in #relative at #absolute.`); + const message = getUiMessage(false); + expect(message.text).toBe( + `This cluster's license is going to expire in #relative at #absolute. #start_linkPlease update your license.#end_link` + ); + // LOL How do I avoid this in TS???? + if (!message.tokens) { + return expect(false).toBe(true); + } + expect(message.tokens.length).toBe(3); + expect(message.tokens[0].startToken).toBe('#relative'); + expect(message.tokens[1].startToken).toBe('#absolute'); + expect(message.tokens[2].startToken).toBe('#start_link'); + expect(message.tokens[2].endToken).toBe('#end_link'); }); it('should return a message when resolved', () => { - const message = getUiMessage(license, timezone, true); - expect(message).toBe(`This cluster's license is active.`); + const message = getUiMessage(true); + expect(message.text).toBe(`This cluster's license is active.`); + expect(message.tokens).not.toBeDefined(); }); }); }); diff --git a/x-pack/plugins/monitoring/server/lib/alerts/license_expiration.lib.ts b/x-pack/plugins/monitoring/server/lib/alerts/license_expiration.lib.ts index 41b68d69bbd25..cfe9f02b9bd6a 100644 --- a/x-pack/plugins/monitoring/server/lib/alerts/license_expiration.lib.ts +++ b/x-pack/plugins/monitoring/server/lib/alerts/license_expiration.lib.ts @@ -6,7 +6,13 @@ import { Moment } from 'moment-timezone'; import { i18n } from '@kbn/i18n'; import { AlertInstance } from '../../../../alerting/server'; -import { AlertLicense } from '../../alerts/types'; +import { + AlertCommonPerClusterMessageLinkToken, + AlertCommonPerClusterMessageTimeToken, + AlertCommonCluster, + AlertCommonPerClusterMessage, +} from '../../alerts/types'; +import { AlertCommonPerClusterMessageTokenType } from '../../alerts/enums'; const RESOLVED_SUBJECT = i18n.translate( 'xpack.monitoring.alerts.licenseExpiration.resolvedSubject', @@ -21,7 +27,7 @@ const NEW_SUBJECT = i18n.translate('xpack.monitoring.alerts.licenseExpiration.ne export function executeActions( instance: AlertInstance, - license: AlertLicense, + cluster: AlertCommonCluster, $expiry: Moment, dateFormat: string, emailAddress: string, @@ -31,14 +37,14 @@ export function executeActions( instance.scheduleActions('default', { subject: RESOLVED_SUBJECT, message: `This cluster alert has been resolved: Cluster '${ - license.clusterName + cluster.clusterName }' license was going to expire on ${$expiry.format(dateFormat)}.`, to: emailAddress, }); } else { instance.scheduleActions('default', { subject: NEW_SUBJECT, - message: `Cluster '${license.clusterName}' license is going to expire on ${$expiry.format( + message: `Cluster '${cluster.clusterName}' license is going to expire on ${$expiry.format( dateFormat )}. Please update your license.`, to: emailAddress, @@ -46,13 +52,37 @@ export function executeActions( } } -export function getUiMessage(license: AlertLicense, timezone: string, resolved: boolean = false) { +export function getUiMessage(resolved: boolean = false): AlertCommonPerClusterMessage { if (resolved) { - return i18n.translate('xpack.monitoring.alerts.licenseExpiration.ui.resolvedMessage', { - defaultMessage: `This cluster's license is active.`, - }); + return { + text: i18n.translate('xpack.monitoring.alerts.licenseExpiration.ui.resolvedMessage', { + defaultMessage: `This cluster's license is active.`, + }), + }; } - return i18n.translate('xpack.monitoring.alerts.licenseExpiration.ui.firingMessage', { - defaultMessage: `This cluster's license is going to expire in #relative at #absolute.`, - }); + return { + text: i18n.translate('xpack.monitoring.alerts.licenseExpiration.ui.firingMessage', { + defaultMessage: `This cluster's license is going to expire in #relative at #absolute. #start_linkPlease update your license.#end_link`, + }), + tokens: [ + { + startToken: '#relative', + type: AlertCommonPerClusterMessageTokenType.Time, + isRelative: true, + isAbsolute: false, + } as AlertCommonPerClusterMessageTimeToken, + { + startToken: '#absolute', + type: AlertCommonPerClusterMessageTokenType.Time, + isAbsolute: true, + isRelative: false, + } as AlertCommonPerClusterMessageTimeToken, + { + startToken: '#start_link', + endToken: '#end_link', + type: AlertCommonPerClusterMessageTokenType.Link, + url: 'license', + } as AlertCommonPerClusterMessageLinkToken, + ], + }; } diff --git a/x-pack/plugins/monitoring/server/lib/cluster/get_clusters_from_request.js b/x-pack/plugins/monitoring/server/lib/cluster/get_clusters_from_request.js index c5091c36c3bbe..1bddede52207b 100644 --- a/x-pack/plugins/monitoring/server/lib/cluster/get_clusters_from_request.js +++ b/x-pack/plugins/monitoring/server/lib/cluster/get_clusters_from_request.js @@ -29,6 +29,7 @@ import { CODE_PATH_BEATS, CODE_PATH_APM, KIBANA_ALERTING_ENABLED, + ALERT_TYPES, } from '../../../common/constants'; import { getApmsForClusters } from '../apm/get_apms_for_clusters'; import { i18n } from '@kbn/i18n'; @@ -102,15 +103,8 @@ export async function getClustersFromRequest( if (isInCodePath(codePaths, [CODE_PATH_ALERTS])) { if (KIBANA_ALERTING_ENABLED) { - const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('monitoring'); - const callCluster = (...args) => callWithRequest(req, ...args); - cluster.alerts = await fetchStatus( - callCluster, - start, - end, - cluster.cluster_uuid, - req.server - ); + const alertsClient = req.getAlertsClient ? req.getAlertsClient() : null; + cluster.alerts = await fetchStatus(alertsClient, ALERT_TYPES, start, end, req.logger); } else { cluster.alerts = await alertsClusterSearch( req, diff --git a/x-pack/plugins/monitoring/server/plugin.ts b/x-pack/plugins/monitoring/server/plugin.ts index 24d8bcaa4397c..784226dca66fe 100644 --- a/x-pack/plugins/monitoring/server/plugin.ts +++ b/x-pack/plugins/monitoring/server/plugin.ts @@ -47,6 +47,7 @@ import { PluginSetupContract as AlertingPluginSetupContract, } from '../../alerting/server'; import { getLicenseExpiration } from './alerts/license_expiration'; +import { getClusterState } from './alerts/cluster_state'; import { InfraPluginSetup } from '../../infra/server'; export interface LegacyAPI { @@ -154,6 +155,17 @@ export class Plugin { config.ui.ccs.enabled ) ); + plugins.alerting.registerType( + getClusterState( + async () => { + const coreStart = (await core.getStartServices())[0]; + return coreStart.uiSettings; + }, + cluster, + this.getLogger, + config.ui.ccs.enabled + ) + ); } // Initialize telemetry diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/alerts.js b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/alerts.js index 56922bd8e87e2..d5a43d32f600a 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/alerts.js +++ b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/alerts.js @@ -8,8 +8,12 @@ import { schema } from '@kbn/config-schema'; import { isFunction } from 'lodash'; import { ALERT_TYPE_LICENSE_EXPIRATION, + ALERT_TYPE_CLUSTER_STATE, MONITORING_CONFIG_ALERTING_EMAIL_ADDRESS, + ALERT_TYPES, } from '../../../../../common/constants'; +import { handleError } from '../../../../lib/errors'; +import { fetchStatus } from '../../../../lib/alerts/fetch_status'; async function createAlerts(req, alertsClient, { selectedEmailActionId }) { const createdAlerts = []; @@ -17,7 +21,21 @@ async function createAlerts(req, alertsClient, { selectedEmailActionId }) { // Create alerts const ALERT_TYPES = { [ALERT_TYPE_LICENSE_EXPIRATION]: { - schedule: { interval: '10s' }, + schedule: { interval: '1m' }, + actions: [ + { + group: 'default', + id: selectedEmailActionId, + params: { + subject: '{{context.subject}}', + message: `{{context.message}}`, + to: ['{{context.to}}'], + }, + }, + ], + }, + [ALERT_TYPE_CLUSTER_STATE]: { + schedule: { interval: '1m' }, actions: [ { group: 'default', @@ -86,4 +104,37 @@ export function createKibanaAlertsRoute(server) { return { alerts, emailResponse }; }, }); + + server.route({ + method: 'POST', + path: '/api/monitoring/v1/alert_status', + config: { + validate: { + payload: schema.object({ + timeRange: schema.object({ + min: schema.string(), + max: schema.string(), + }), + }), + }, + }, + async handler(req, headers) { + const alertsClient = isFunction(req.getAlertsClient) ? req.getAlertsClient() : null; + if (!alertsClient) { + return headers.response().code(404); + } + + const start = req.payload.timeRange.min; + const end = req.payload.timeRange.max; + let alerts; + + try { + alerts = await fetchStatus(alertsClient, ALERT_TYPES, start, end, req.logger); + } catch (err) { + throw handleError(err, req); + } + + return { alerts }; + }, + }); } From 879dadff31f7b44f61334ce952b00f450764e41c Mon Sep 17 00:00:00 2001 From: Zacqary Adam Xeper Date: Tue, 7 Apr 2020 12:55:42 -0500 Subject: [PATCH 32/36] [Metrics Alerts] Dynamically fetch index pattern (#62708) * Fetch index pattern dynamically from alert executor * Fix fetching of non-default pattern --- .../alerting/metrics/expression.tsx | 79 +++++++++---------- .../alerting/metrics/validation.tsx | 5 +- .../metric_threshold_executor.test.ts | 22 +++++- .../metric_threshold_executor.ts | 41 ++++++++-- .../register_metric_threshold_alert_type.ts | 2 +- .../alerting/metric_threshold/test_mocks.ts | 19 +++++ .../lib/alerting/metric_threshold/types.ts | 2 +- .../infra/server/lib/sources/sources.ts | 2 +- 8 files changed, 117 insertions(+), 55 deletions(-) diff --git a/x-pack/plugins/infra/public/components/alerting/metrics/expression.tsx b/x-pack/plugins/infra/public/components/alerting/metrics/expression.tsx index cd3ba43c3607c..0903787dd05c4 100644 --- a/x-pack/plugins/infra/public/components/alerting/metrics/expression.tsx +++ b/x-pack/plugins/infra/public/components/alerting/metrics/expression.tsx @@ -17,6 +17,11 @@ import { import { IFieldType } from 'src/plugins/data/public'; import { FormattedMessage } from '@kbn/i18n/react'; import { i18n } from '@kbn/i18n'; +import { + MetricExpressionParams, + Comparator, + // eslint-disable-next-line @kbn/eslint/no-restricted-paths +} from '../../../../server/lib/alerting/metric_threshold/types'; import { euiStyled } from '../../../../../observability/public'; import { WhenExpression, @@ -36,16 +41,6 @@ import { MetricsExplorerSeries } from '../../../../common/http_api/metrics_explo import { useSource } from '../../../containers/source'; import { MetricsExplorerGroupBy } from '../../metrics_explorer/group_by'; -export interface MetricExpression { - aggType?: string; - metric?: string; - comparator?: Comparator; - threshold?: number[]; - timeSize?: number; - timeUnit?: TimeUnit; - indexPattern?: string; -} - interface AlertContextMeta { currentOptions?: Partial; series?: MetricsExplorerSeries; @@ -57,14 +52,35 @@ interface Props { criteria: MetricExpression[]; groupBy?: string; filterQuery?: string; + sourceId?: string; }; alertsContext: AlertsContextValue; setAlertParams(key: string, value: any): void; setAlertProperty(key: string, value: any): void; } -type Comparator = '>' | '>=' | 'between' | '<' | '<='; type TimeUnit = 's' | 'm' | 'h' | 'd'; +type MetricExpression = Omit & { + metric?: string; +}; + +enum AGGREGATION_TYPES { + COUNT = 'count', + AVERAGE = 'avg', + SUM = 'sum', + MIN = 'min', + MAX = 'max', + RATE = 'rate', + CARDINALITY = 'cardinality', +} + +const defaultExpression = { + aggType: AGGREGATION_TYPES.AVERAGE, + comparator: Comparator.GT, + threshold: [], + timeSize: 1, + timeUnit: 'm', +} as MetricExpression; export const Expressions: React.FC = props => { const { setAlertParams, alertParams, errors, alertsContext } = props; @@ -87,18 +103,6 @@ export const Expressions: React.FC = props => { } }, [alertsContext.metadata]); - const defaultExpression = useMemo( - () => ({ - aggType: AGGREGATION_TYPES.AVERAGE, - comparator: '>', - threshold: [], - timeSize: 1, - timeUnit: 'm', - indexPattern: source?.configuration.metricAlias, - }), - [source] - ); - const updateParams = useCallback( (id, e: MetricExpression) => { const exp = alertParams.criteria ? alertParams.criteria.slice() : []; @@ -112,7 +116,7 @@ export const Expressions: React.FC = props => { const exp = alertParams.criteria.slice(); exp.push(defaultExpression); setAlertParams('criteria', exp); - }, [setAlertParams, alertParams.criteria, defaultExpression]); + }, [setAlertParams, alertParams.criteria]); const removeExpression = useCallback( (id: number) => { @@ -179,11 +183,10 @@ export const Expressions: React.FC = props => { 'criteria', md.currentOptions.metrics.map(metric => ({ metric: metric.field, - comparator: '>', + comparator: Comparator.GT, threshold: [], timeSize, timeUnit, - indexPattern: source?.configuration.metricAlias, aggType: metric.aggregation, })) ); @@ -201,6 +204,7 @@ export const Expressions: React.FC = props => { setAlertParams('groupBy', md.currentOptions.groupBy); } + setAlertParams('sourceId', source?.id); } }, [alertsContext.metadata, defaultExpression, source]); // eslint-disable-line react-hooks/exhaustive-deps @@ -325,17 +329,22 @@ const StyledExpression = euiStyled.div` export const ExpressionRow: React.FC = props => { const { setAlertParams, expression, errors, expressionId, remove, fields, canDelete } = props; - const { aggType = AGGREGATION_TYPES.MAX, metric, comparator = '>', threshold = [] } = expression; + const { + aggType = AGGREGATION_TYPES.MAX, + metric, + comparator = Comparator.GT, + threshold = [], + } = expression; const updateAggType = useCallback( (at: string) => { - setAlertParams(expressionId, { ...expression, aggType: at }); + setAlertParams(expressionId, { ...expression, aggType: at as MetricExpression['aggType'] }); }, [expressionId, expression, setAlertParams] ); const updateMetric = useCallback( - (m?: string) => { + (m?: MetricExpression['metric']) => { setAlertParams(expressionId, { ...expression, metric: m }); }, [expressionId, expression, setAlertParams] @@ -384,7 +393,7 @@ export const ExpressionRow: React.FC = props => { )} '} + thresholdComparator={comparator || Comparator.GT} threshold={threshold} onChangeSelectedThresholdComparator={updateComparator} onChangeSelectedThreshold={updateThreshold} @@ -411,16 +420,6 @@ export const ExpressionRow: React.FC = props => { ); }; -enum AGGREGATION_TYPES { - COUNT = 'count', - AVERAGE = 'avg', - SUM = 'sum', - MIN = 'min', - MAX = 'max', - RATE = 'rate', - CARDINALITY = 'cardinality', -} - export const aggregationType: { [key: string]: any } = { avg: { text: i18n.translate('xpack.infra.metrics.alertFlyout.aggregationText.avg', { diff --git a/x-pack/plugins/infra/public/components/alerting/metrics/validation.tsx b/x-pack/plugins/infra/public/components/alerting/metrics/validation.tsx index 0f5b07f8c0e13..55365c3d4c2ba 100644 --- a/x-pack/plugins/infra/public/components/alerting/metrics/validation.tsx +++ b/x-pack/plugins/infra/public/components/alerting/metrics/validation.tsx @@ -6,15 +6,14 @@ import { i18n } from '@kbn/i18n'; // eslint-disable-next-line @kbn/eslint/no-restricted-paths - -import { MetricExpression } from './expression'; +import { MetricExpressionParams } from '../../../../server/lib/alerting/metric_threshold/types'; // eslint-disable-next-line @kbn/eslint/no-restricted-paths import { ValidationResult } from '../../../../../triggers_actions_ui/public/types'; export function validateMetricThreshold({ criteria, }: { - criteria: MetricExpression[]; + criteria: MetricExpressionParams[]; }): ValidationResult { const validationResult = { errors: {} }; const errors: { diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts index 09f1702349542..38cd0cec145f9 100644 --- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts +++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts @@ -16,7 +16,8 @@ const executor = createMetricThresholdExecutor('test') as (opts: { const alertInstances = new Map(); const services = { - callCluster(_: string, { body }: any) { + callCluster(_: string, { body, index }: any) { + if (index === 'alternatebeat-*') return mocks.changedSourceIdResponse; const metric = body.query.bool.filter[1]?.exists.field; if (body.aggs.groupings) { if (body.aggs.groupings.composite.after) { @@ -55,6 +56,13 @@ const services = { }, }; }, + savedObjectsClient: { + get(_: string, sourceId: string) { + if (sourceId === 'alternate') + return { id: 'alternate', attributes: { metricAlias: 'alternatebeat-*' } }; + return { id: 'default', attributes: { metricAlias: 'metricbeat-*' } }; + }, + }, }; const baseCriterion = { @@ -62,15 +70,15 @@ const baseCriterion = { metric: 'test.metric.1', timeSize: 1, timeUnit: 'm', - indexPattern: 'metricbeat-*', }; describe('The metric threshold alert type', () => { describe('querying the entire infrastructure', () => { const instanceID = 'test-*'; - const execute = (comparator: Comparator, threshold: number[]) => + const execute = (comparator: Comparator, threshold: number[], sourceId: string = 'default') => executor({ services, params: { + sourceId, criteria: [ { ...baseCriterion, @@ -134,6 +142,14 @@ describe('The metric threshold alert type', () => { expect(mostRecentAction.action.thresholdOf.condition0).toStrictEqual([0.75]); expect(mostRecentAction.action.metricOf.condition0).toBe('test.metric.1'); }); + test('fetches the index pattern dynamically', async () => { + await execute(Comparator.LT, [17], 'alternate'); + expect(alertInstances.get(instanceID).mostRecentAction.id).toBe(FIRED_ACTIONS.id); + expect(alertInstances.get(instanceID).state.alertState).toBe(AlertStates.ALERT); + await execute(Comparator.LT, [1.5], 'alternate'); + expect(alertInstances.get(instanceID).mostRecentAction).toBe(undefined); + expect(alertInstances.get(instanceID).state.alertState).toBe(AlertStates.OK); + }); }); describe('querying with a groupBy parameter', () => { diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.ts index 60bba61b75ef1..c5ea65f7a4d1a 100644 --- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.ts +++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.ts @@ -5,6 +5,8 @@ */ import { mapValues } from 'lodash'; import { i18n } from '@kbn/i18n'; +import { convertSavedObjectToSavedSourceConfiguration } from '../../sources/sources'; +import { infraSourceConfigurationSavedObjectType } from '../../sources/saved_object_mappings'; import { InfraDatabaseSearchResponse } from '../../adapters/framework/adapter_types'; import { createAfterKeyHandler } from '../../../utils/create_afterkey_handler'; import { getAllCompositeData } from '../../../utils/get_all_composite_data'; @@ -15,6 +17,7 @@ import { getIntervalInSeconds } from '../../../utils/get_interval_in_seconds'; import { getDateHistogramOffset } from '../../snapshot/query_helpers'; const TOTAL_BUCKETS = 5; +const DEFAULT_INDEX_PATTERN = 'metricbeat-*'; interface Aggregation { aggregatedIntervals: { @@ -165,18 +168,42 @@ export const getElasticsearchMetricQuery = ( }; }; +const getIndexPattern: ( + services: AlertServices, + sourceId?: string +) => Promise = async function({ savedObjectsClient }, sourceId = 'default') { + try { + const sourceConfiguration = await savedObjectsClient.get( + infraSourceConfigurationSavedObjectType, + sourceId + ); + const { metricAlias } = convertSavedObjectToSavedSourceConfiguration( + sourceConfiguration + ).configuration; + return metricAlias || DEFAULT_INDEX_PATTERN; + } catch (e) { + if (e.output.statusCode === 404) { + return DEFAULT_INDEX_PATTERN; + } else { + throw e; + } + } +}; + const getMetric: ( services: AlertServices, params: MetricExpressionParams, + index: string, groupBy: string | undefined, filterQuery: string | undefined ) => Promise> = async function( - { callCluster }, + { savedObjectsClient, callCluster }, params, + index, groupBy, filterQuery ) { - const { indexPattern, aggType } = params; + const { aggType } = params; const searchBody = getElasticsearchMetricQuery(params, groupBy, filterQuery); try { @@ -189,7 +216,7 @@ const getMetric: ( response => response.aggregations?.groupings?.after_key ); const compositeBuckets = (await getAllCompositeData( - body => callCluster('search', { body, index: indexPattern }), + body => callCluster('search', { body, index }), searchBody, bucketSelector, afterKeyHandler @@ -204,7 +231,7 @@ const getMetric: ( } const result = await callCluster('search', { body: searchBody, - index: indexPattern, + index, }); return { '*': getCurrentValueFromAggregations(result.aggregations, aggType) }; } catch (e) { @@ -236,16 +263,18 @@ const mapToConditionsLookup = ( export const createMetricThresholdExecutor = (alertUUID: string) => async function({ services, params }: AlertExecutorOptions) { - const { criteria, groupBy, filterQuery } = params as { + const { criteria, groupBy, filterQuery, sourceId } = params as { criteria: MetricExpressionParams[]; groupBy: string | undefined; filterQuery: string | undefined; + sourceId?: string; }; const alertResults = await Promise.all( criteria.map(criterion => (async () => { - const currentValues = await getMetric(services, criterion, groupBy, filterQuery); + const index = await getIndexPattern(services, sourceId); + const currentValues = await getMetric(services, criterion, index, groupBy, filterQuery); const { threshold, comparator } = criterion; const comparisonFunction = comparatorMap[comparator]; return mapValues(currentValues, value => ({ diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/register_metric_threshold_alert_type.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/register_metric_threshold_alert_type.ts index 2ab3a3322661d..8808219cabaa7 100644 --- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/register_metric_threshold_alert_type.ts +++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/register_metric_threshold_alert_type.ts @@ -29,7 +29,6 @@ export async function registerMetricThresholdAlertType(alertingPlugin: PluginSet ]), timeUnit: schema.string(), timeSize: schema.number(), - indexPattern: schema.string(), }; const nonCountCriterion = schema.object({ @@ -89,6 +88,7 @@ export async function registerMetricThresholdAlertType(alertingPlugin: PluginSet criteria: schema.arrayOf(schema.oneOf([countCriterion, nonCountCriterion])), groupBy: schema.maybe(schema.string()), filterQuery: schema.maybe(schema.string()), + sourceId: schema.string(), }), }, defaultActionGroupId: FIRED_ACTIONS.id, diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts index e87ffcfb2b912..66e0a363c8983 100644 --- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts +++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts @@ -26,6 +26,17 @@ const bucketsB = [ }, ]; +const bucketsC = [ + { + doc_count: 2, + aggregatedValue: { value: 0.5 }, + }, + { + doc_count: 3, + aggregatedValue: { value: 16.0 }, + }, +]; + export const basicMetricResponse = { aggregations: { aggregatedIntervals: { @@ -108,3 +119,11 @@ export const compositeEndResponse = { aggregations: {}, hits: { total: { value: 0 } }, }; + +export const changedSourceIdResponse = { + aggregations: { + aggregatedIntervals: { + buckets: bucketsC, + }, + }, +}; diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/types.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/types.ts index 557a071ec9175..abed691f109c0 100644 --- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/types.ts +++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/types.ts @@ -28,7 +28,7 @@ export type TimeUnit = 's' | 'm' | 'h' | 'd'; interface BaseMetricExpressionParams { timeSize: number; timeUnit: TimeUnit; - indexPattern: string; + sourceId?: string; threshold: number[]; comparator: Comparator; } diff --git a/x-pack/plugins/infra/server/lib/sources/sources.ts b/x-pack/plugins/infra/server/lib/sources/sources.ts index 5b9207a88e6e4..c7ff6c9638204 100644 --- a/x-pack/plugins/infra/server/lib/sources/sources.ts +++ b/x-pack/plugins/infra/server/lib/sources/sources.ts @@ -231,7 +231,7 @@ const mergeSourceConfiguration = ( first ); -const convertSavedObjectToSavedSourceConfiguration = (savedObject: unknown) => +export const convertSavedObjectToSavedSourceConfiguration = (savedObject: unknown) => pipe( SourceConfigurationSavedObjectRuntimeType.decode(savedObject), map(savedSourceConfiguration => ({ From a8f84f87afa90c635d4acbf6dfa2aaa562cb219c Mon Sep 17 00:00:00 2001 From: Yuliia Naumenko Date: Tue, 7 Apr 2020 10:56:48 -0700 Subject: [PATCH 33/36] Improve UX for index document code editor to have similar UX as webhook (#62724) * Improve UX for index document code editor to have similar UX as webhook's * Fixed jest tests * Fixed codestyle issue --- .../builtin_action_types/es_index.test.tsx | 9 +- .../builtin_action_types/es_index.tsx | 87 +++++++++++++++---- .../components/builtin_action_types/types.ts | 2 +- .../public/application/lib/use_x_json_mode.ts | 25 ++++++ 4 files changed, 103 insertions(+), 20 deletions(-) create mode 100644 x-pack/plugins/triggers_actions_ui/public/application/lib/use_x_json_mode.ts diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/es_index.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/es_index.test.tsx index 6ce954f61bcdb..d83396f200829 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/es_index.test.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/es_index.test.tsx @@ -134,7 +134,7 @@ describe('IndexParamsFields renders', () => { ActionParamsProps >; const actionParams = { - documents: ['test'], + documents: [{ test: 123 }], }; const wrapper = mountWithIntl( { .find('[data-test-subj="actionIndexDoc"]') .first() .prop('value') - ).toBe('"test"'); + ).toBe(`{ + "test": 123 +}`); + expect( + wrapper.find('[data-test-subj="indexDocumentAddVariableButton"]').length > 0 + ).toBeTruthy(); }); }); diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/es_index.tsx b/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/es_index.tsx index d631882e1f581..56d9f40e40021 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/es_index.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/es_index.tsx @@ -14,6 +14,10 @@ import { EuiSelect, EuiTitle, EuiIconTip, + EuiPopover, + EuiButtonIcon, + EuiContextMenuPanel, + EuiContextMenuItem, } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import { i18n } from '@kbn/i18n'; @@ -31,6 +35,7 @@ import { getIndexOptions, getIndexPatterns, } from '../../../common/index_controls'; +import { useXJsonMode } from '../../lib/use_x_json_mode'; export function getActionType(): ActionTypeModel { return { @@ -271,9 +276,29 @@ const IndexParamsFields: React.FunctionComponent { const { documents } = actionParams; - + const { xJsonMode, convertToJson, setXJson, xJson } = useXJsonMode( + documents && documents.length > 0 ? documents[0] : null + ); + const [isVariablesPopoverOpen, setIsVariablesPopoverOpen] = useState(false); + const messageVariablesItems = messageVariables?.map((variable: string, i: number) => ( + { + const value = (xJson ?? '').concat(` {{${variable}}}`); + setXJson(value); + // Keep the documents in sync with the editor content + onDocumentsChange(convertToJson(value)); + setIsVariablesPopoverOpen(false); + }} + > + {`{{${variable}}}`} + + )); function onDocumentsChange(updatedDocuments: string) { try { const documentsJSON = JSON.parse(updatedDocuments); @@ -291,27 +316,55 @@ const IndexParamsFields: React.FunctionComponent setIsVariablesPopoverOpen(true)} + iconType="indexOpen" + title={i18n.translate( + 'xpack.triggersActionsUI.components.builtinActionTypes.indexAction.addVariableTitle', + { + defaultMessage: 'Add variable', + } + )} + aria-label={i18n.translate( + 'xpack.triggersActionsUI.components.builtinActionTypes.indexAction.addVariablePopoverButton', + { + defaultMessage: 'Add variable', + } + )} + /> + } + isOpen={isVariablesPopoverOpen} + closePopover={() => setIsVariablesPopoverOpen(false)} + panelPaddingSize="none" + anchorPosition="downLeft" + > + + + } > 0 ? documents[0] : {}, null, 2)} - onChange={onDocumentsChange} - width="100%" - height="auto" - minLines={6} - maxLines={30} - isReadOnly={false} - setOptions={{ - showLineNumbers: true, - tabSize: 2, - }} - editorProps={{ - $blockScrolling: Infinity, + aria-label={i18n.translate( + 'xpack.triggersActionsUI.components.builtinActionTypes.indexAction.jsonDocAriaLabel', + { + defaultMessage: 'Code editor', + } + )} + value={xJson} + onChange={(xjson: string) => { + setXJson(xjson); + // Keep the documents in sync with the editor content + onDocumentsChange(convertToJson(xjson)); }} - showGutter={true} />
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/types.ts b/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/types.ts index fd35db4304275..84d8b6e8caede 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/types.ts +++ b/x-pack/plugins/triggers_actions_ui/public/application/components/builtin_action_types/types.ts @@ -39,7 +39,7 @@ export interface PagerDutyActionParams { } export interface IndexActionParams { - documents: string[]; + documents: Array>; } export enum ServerLogLevelOptions { diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/use_x_json_mode.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/use_x_json_mode.ts new file mode 100644 index 0000000000000..b677924724ffe --- /dev/null +++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/use_x_json_mode.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { useState } from 'react'; +import { XJsonMode } from '../../../../../../src/plugins/es_ui_shared/console_lang/ace/modes/x_json'; +import { + collapseLiteralStrings, + expandLiteralStrings, +} from '../../../../../../src/plugins/es_ui_shared/console_lang/lib'; +// @ts-ignore +export const xJsonMode = new XJsonMode(); +export const useXJsonMode = (json: Record | null) => { + const [xJson, setXJson] = useState( + json === null ? '' : expandLiteralStrings(JSON.stringify(json, null, 2)) + ); + + return { + xJson, + setXJson, + xJsonMode, + convertToJson: collapseLiteralStrings, + }; +}; From 20dc67df71ebe90ddb501da9be1fc6d36be68ed3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Marcondes?= <55978943+cauemarcondes@users.noreply.github.com> Date: Tue, 7 Apr 2020 19:18:35 +0100 Subject: [PATCH 34/36] [APM] Agent span_frames_min_duration configuration input cannot handle 0 or -1 (#62777) * changing duration min value for span_frames_min_duration * adding min property to number field --- .../SettingsPage/SettingFormRow.tsx | 1 + .../agent_configuration/amount_and_unit.ts | 3 +- .../runtime_types/duration_rt.test.ts | 44 ++++++++++++++++--- .../runtime_types/duration_rt.ts | 44 ++++++++++--------- .../__snapshots__/index.test.ts.snap | 1 + .../setting_definitions/general_settings.ts | 5 ++- .../setting_definitions/types.d.ts | 1 + 7 files changed, 71 insertions(+), 28 deletions(-) diff --git a/x-pack/legacy/plugins/apm/public/components/app/Settings/AgentConfigurations/AgentConfigurationCreateEdit/SettingsPage/SettingFormRow.tsx b/x-pack/legacy/plugins/apm/public/components/app/Settings/AgentConfigurations/AgentConfigurationCreateEdit/SettingsPage/SettingFormRow.tsx index b1959e4d68aa4..30c772bf5f634 100644 --- a/x-pack/legacy/plugins/apm/public/components/app/Settings/AgentConfigurations/AgentConfigurationCreateEdit/SettingsPage/SettingFormRow.tsx +++ b/x-pack/legacy/plugins/apm/public/components/app/Settings/AgentConfigurations/AgentConfigurationCreateEdit/SettingsPage/SettingFormRow.tsx @@ -90,6 +90,7 @@ function FormRow({ onChange( setting.key, diff --git a/x-pack/plugins/apm/common/agent_configuration/amount_and_unit.ts b/x-pack/plugins/apm/common/agent_configuration/amount_and_unit.ts index 447e529c9c199..d6520ae150539 100644 --- a/x-pack/plugins/apm/common/agent_configuration/amount_and_unit.ts +++ b/x-pack/plugins/apm/common/agent_configuration/amount_and_unit.ts @@ -10,7 +10,8 @@ interface AmountAndUnit { } export function amountAndUnitToObject(value: string): AmountAndUnit { - const [, amount = '', unit = ''] = value.match(/(\d+)?(\w+)?/) || []; + // matches any postive and negative number and its unit. + const [, amount = '', unit = ''] = value.match(/(^-?\d+)?(\w+)?/) || []; return { amount, unit }; } diff --git a/x-pack/plugins/apm/common/agent_configuration/runtime_types/duration_rt.test.ts b/x-pack/plugins/apm/common/agent_configuration/runtime_types/duration_rt.test.ts index a83ee9262cad6..98d0cb5f028c3 100644 --- a/x-pack/plugins/apm/common/agent_configuration/runtime_types/duration_rt.test.ts +++ b/x-pack/plugins/apm/common/agent_configuration/runtime_types/duration_rt.test.ts @@ -10,24 +10,56 @@ * you may not use this file except in compliance with the Elastic License. */ -import { durationRt } from './duration_rt'; +import { durationRt, getDurationRt } from './duration_rt'; import { isRight } from 'fp-ts/lib/Either'; describe('durationRt', () => { describe('it should not accept', () => { - [undefined, null, '', 0, 'foo', true, false, '100', 's', 'm', '0h'].map( + [ + undefined, + null, + '', + 0, + 'foo', + true, + false, + '100', + 's', + 'm', + '0ms', + '-1ms' + ].map(input => { + it(`${JSON.stringify(input)}`, () => { + expect(isRight(durationRt.decode(input))).toBe(false); + }); + }); + }); + + describe('it should accept', () => { + ['1000ms', '2s', '3m', '1s'].map(input => { + it(`${JSON.stringify(input)}`, () => { + expect(isRight(durationRt.decode(input))).toBe(true); + }); + }); + }); +}); + +describe('getDurationRt', () => { + const customDurationRt = getDurationRt({ min: -1 }); + describe('it should not accept', () => { + [undefined, null, '', 0, 'foo', true, false, '100', 's', 'm', '-2ms'].map( input => { it(`${JSON.stringify(input)}`, () => { - expect(isRight(durationRt.decode(input))).toBe(false); + expect(isRight(customDurationRt.decode(input))).toBe(false); }); } ); }); - describe('It should accept', () => { - ['1000ms', '2s', '3m'].map(input => { + describe('it should accept', () => { + ['1000ms', '2s', '3m', '1s', '-1s', '0ms'].map(input => { it(`${JSON.stringify(input)}`, () => { - expect(isRight(durationRt.decode(input))).toBe(true); + expect(isRight(customDurationRt.decode(input))).toBe(true); }); }); }); diff --git a/x-pack/plugins/apm/common/agent_configuration/runtime_types/duration_rt.ts b/x-pack/plugins/apm/common/agent_configuration/runtime_types/duration_rt.ts index 383fd69be9a78..b691276854fb0 100644 --- a/x-pack/plugins/apm/common/agent_configuration/runtime_types/duration_rt.ts +++ b/x-pack/plugins/apm/common/agent_configuration/runtime_types/duration_rt.ts @@ -10,24 +10,28 @@ import { amountAndUnitToObject } from '../amount_and_unit'; export const DURATION_UNITS = ['ms', 's', 'm']; -export const durationRt = new t.Type( - 'durationRt', - t.string.is, - (input, context) => { - return either.chain(t.string.validate(input, context), inputAsString => { - const { amount, unit } = amountAndUnitToObject(inputAsString); - const amountAsInt = parseInt(amount, 10); - const isValidUnit = DURATION_UNITS.includes(unit); - const isValid = amountAsInt > 0 && isValidUnit; +export function getDurationRt({ min }: { min: number }) { + return new t.Type( + 'durationRt', + t.string.is, + (input, context) => { + return either.chain(t.string.validate(input, context), inputAsString => { + const { amount, unit } = amountAndUnitToObject(inputAsString); + const amountAsInt = parseInt(amount, 10); + const isValidUnit = DURATION_UNITS.includes(unit); + const isValid = amountAsInt >= min && isValidUnit; - return isValid - ? t.success(inputAsString) - : t.failure( - input, - context, - `Must have numeric amount and a valid unit (${DURATION_UNITS})` - ); - }); - }, - t.identity -); + return isValid + ? t.success(inputAsString) + : t.failure( + input, + context, + `Must have numeric amount and a valid unit (${DURATION_UNITS})` + ); + }); + }, + t.identity + ); +} + +export const durationRt = getDurationRt({ min: 1 }); diff --git a/x-pack/plugins/apm/common/agent_configuration/setting_definitions/__snapshots__/index.test.ts.snap b/x-pack/plugins/apm/common/agent_configuration/setting_definitions/__snapshots__/index.test.ts.snap index 4b74b07fc8e27..bc435179762a2 100644 --- a/x-pack/plugins/apm/common/agent_configuration/setting_definitions/__snapshots__/index.test.ts.snap +++ b/x-pack/plugins/apm/common/agent_configuration/setting_definitions/__snapshots__/index.test.ts.snap @@ -118,6 +118,7 @@ Array [ }, Object { "key": "span_frames_min_duration", + "min": -1, "type": "duration", "units": Array [ "ms", diff --git a/x-pack/plugins/apm/common/agent_configuration/setting_definitions/general_settings.ts b/x-pack/plugins/apm/common/agent_configuration/setting_definitions/general_settings.ts index 152db37a1bff3..f1d11c5c70c2b 100644 --- a/x-pack/plugins/apm/common/agent_configuration/setting_definitions/general_settings.ts +++ b/x-pack/plugins/apm/common/agent_configuration/setting_definitions/general_settings.ts @@ -8,6 +8,7 @@ import { i18n } from '@kbn/i18n'; import { getIntegerRt } from '../runtime_types/integer_rt'; import { captureBodyRt } from '../runtime_types/capture_body_rt'; import { RawSettingDefinition } from './types'; +import { getDurationRt } from '../runtime_types/duration_rt'; /* * Settings added here will show up in the UI and will be validated on the client and server @@ -143,6 +144,7 @@ export const generalSettings: RawSettingDefinition[] = [ { key: 'span_frames_min_duration', type: 'duration', + validation: getDurationRt({ min: -1 }), defaultValue: '5ms', label: i18n.translate('xpack.apm.agentConfig.spanFramesMinDuration.label', { defaultMessage: 'Span frames minimum duration' @@ -154,7 +156,8 @@ export const generalSettings: RawSettingDefinition[] = [ 'In its default settings, the APM agent will collect a stack trace with every recorded span.\nWhile this is very helpful to find the exact place in your code that causes the span, collecting this stack trace does have some overhead. \nWhen setting this option to a negative value, like `-1ms`, stack traces will be collected for all spans. Setting it to a positive value, e.g. `5ms`, will limit stack trace collection to spans with durations equal to or longer than the given value, e.g. 5 milliseconds.\n\nTo disable stack trace collection for spans completely, set the value to `0ms`.' } ), - excludeAgents: ['js-base', 'rum-js', 'nodejs'] + excludeAgents: ['js-base', 'rum-js', 'nodejs'], + min: -1 }, // STACK_TRACE_LIMIT diff --git a/x-pack/plugins/apm/common/agent_configuration/setting_definitions/types.d.ts b/x-pack/plugins/apm/common/agent_configuration/setting_definitions/types.d.ts index 6b584fc7e2048..282ced346dda0 100644 --- a/x-pack/plugins/apm/common/agent_configuration/setting_definitions/types.d.ts +++ b/x-pack/plugins/apm/common/agent_configuration/setting_definitions/types.d.ts @@ -91,6 +91,7 @@ interface BytesSetting extends BaseSetting { interface DurationSetting extends BaseSetting { type: 'duration'; units?: string[]; + min?: number; } export type RawSettingDefinition = From 5e1708f8844b4388894f1d1c7a20402f5c7cf47b Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Tue, 7 Apr 2020 11:27:02 -0700 Subject: [PATCH 35/36] [APM] docs: add service map information (#62671) --- docs/apm/images/service-maps-java.png | Bin 0 -> 537050 bytes docs/apm/images/service-maps.png | Bin 0 -> 494889 bytes docs/apm/service-maps.asciidoc | 48 ++++++++++++++++++++++++++ docs/apm/using-the-apm-ui.asciidoc | 2 ++ 4 files changed, 50 insertions(+) create mode 100644 docs/apm/images/service-maps-java.png create mode 100644 docs/apm/images/service-maps.png create mode 100644 docs/apm/service-maps.asciidoc diff --git a/docs/apm/images/service-maps-java.png b/docs/apm/images/service-maps-java.png new file mode 100644 index 0000000000000000000000000000000000000000..e1a42f4c76e12f57f19ebf85628b4eff89168430 GIT binary patch literal 537050 zcmeFZby$>LyEi;^Nr{3W2$IqzAdMnjD&0zVcOwW0(%m2>H7GUofPi!}4BcHLISerH zj`w}<{rK$t?&o{&=dbUNJ;!m)wPy8NXZ_A|tz$mEQk5gbr@{vS0E7ziFW&$F_{#tQ z)-f(NDrdd0?T-v=Y3WxA($aLVTpTT|?aToH`H#t|IIq-q$b)WuC!}8};mRm(tHh}S zSRdB{@W-EPytpg>gtsuyMB2<53;I41H|4(Jz1LqkWb7ia=059uZKjI~s^%iM`!Yiy z_WiKU8#W}GF1eNIIuh8QeVZ#x0dRRH$1(gKg4Rpk$N0MA<}|d6QRGl4NH$;=K+GX* zP?|rCD&ZNiey zZqB5_7fVJ`JfA5b>X$GP`rOW(no`sv0Wsdbt&qa;>CL8M;@7mq!Fc73WXm6H2j~*| zl#*&BWRiW2-y3EUIfgzFWgfp{J-F+gR2|UvWIB+|F|HbJw_|*HzdG61{CygUIV`L6 z5<$PIp=|xWTJVu1ol`%H)(&?Hg5C9F4Sn*>b;a8v!;FWO^X$?@Ta%0O8=`~Dp|Yxc zxHug_L?+M4DyC}CgnS2LUnN( znf>gpqxBm6?q|d7>PjG5`&H80+-W1gT<;7SR;LC}A_Q-Lm%hiQkY{~T+Y z@ccc-GS4&YjCNKhA_H`2yNVNq82UmUaSLYWviO4!bhtS2kMRo$D4%b}ajs+X($PL4 z!4LnO_wosrV))BAYCY`AFvYw#U(jbUAX0MqWTV2{_>*|zK|XoUw+T-vWjh$t@E^95 z|Gbli#=n9ZCkLmbQ`qT|0d7_JzzW+1$vkduNL7dDio*qy*n9LR_wNy!f2x+|eZ`@H z$%dC4mXN2F7x~)!3!4T_85Sg_DSB6yFkd47n-zXWOue*kzVzrfD=rb7R`gaP!(fRZ zhnL1uOS161@UbNxvriH~$k#r;Grh~RlO~f!uS{7?H4)Sp(HOPU+0tY3?P&$m6wSl; zDqR+DQ%#`nJWck#RZgqgaeH8fckZm(IWIQgQsc06-e0L-BU%|=by&G{qCH~sVrU_g zz|9S%SRwdnei3rPf1!U7aQ)fv>M0P* zJNB7XW6i{7y-bORCffFH^{MsIYO?%SOA+iwtvZ_g3n@t<#I)sh4jk!$^ z#Ni8JDcL0Fr0y>D+5O$*U6x5$X{^<&r_=)UPpbu{tf?m(KJ(^%oTweWGr4X}ZgU6` ztC~@I{#u!p13$GoqdL|leq65m4QHvH4R&3qPulErnyK+gm$AqRy$a1zcfIn=u+O@q z)3qG4*t5KP6bCi+!Gh|URjpdhs#huJIN8=B0V00cCfPpO%_6z(J59k&=}nn#nQpn; z`Db>go7 zOHKRg2Wu+o{On}vkL&usl~p&HM%P*BSn9!Q+pIC>8fJ0r*z6sqzt=m|znIIe&z|6& z5HF4@)>Z*q%2k`rZp=bv&!#8#I}Zr$crxRknofK=r(B{opsA)l7Z!7wbi3ou z;biCRw`R81(u*My~4?^Ida0X zoKZHh#V@%dBpx6oen?tK4;JW@>v-GgXXzQZ7^uvLUj$u@UmS)~;th}inRc1*$ubk2 z6r2?x3Jk6oTMpTCsrwlQN%I0DE{m()+M9brBN>4{!L#VY@7Gw)B^GGg^rv?pP?@Fe%3>XiGj|OKl_&M+rHIyFjh*{Ts zioBx;-OxIQt&2BGG$uFFQgm~QwCR|BvpPCs5>%Sv+8H6}zp`faVfD10<6AQ?PdVeT z|Q`PKVW}Ad}v+53e?sw)MI3A z0{yTZI)sfa5rAPjdo3PUvyR;@tL02YOy*3+Q_fIBWXDnXG3~v*i78Jzr@61T3?2nm zrcmZ36&ytY#S=wep^@47h7WB;UIWdQ1ocL&uB>yd(G4nXmCa%;E#A#D=h1Uu4P3TE ztxN4G*yz$XkDl=CmTZs*;-GBK{%f-te2eyj3F!fb+vk4ciVMQ zTC7*qRCu`;Fm`i@@fwF~vH?0tJt^6cPYz6m54~dPwNT=)R;4F>X0TWn{W3<(KNlHrDt#ok5Q`(hD^V91b2~5Dv`uiR zgwWor;#~UPCaz`1e$ON(lwSfrFAl4u2<@kZBp)pcy3}(E+|~Jy2p@yIkB;x1(QiMp zSp0N$#>gXjZCXHDem{tzx4IWcYKS=K+qWk_h}(yU`_H)Ji-kp1y67KIFl`pRIGO?g z3aA|- zVs7r>YUSuAPJHnmm4W9Zuj>i`kTd;y&=lS<{zUaZZLOi>rlX=PV(Mtm_0G)E#GK2^ z-sx9A05LBSRMOtu?H!$$y`6)rh?hA1A2mc!>0jC0^mKnzakCYt*HL*zC++BBPA9jtxw$!saC3WldUAR4b2++La`Orc3v=`Ear5zU zqH1uudONti^Wt=HW%#p`|LEtXxvQy*wUe8*qXXTqe&3lmy1R+f)BhUiKR|{=M+OHvD5u-G7Y9E5OJ1`A``6lk+lxOp z`j1@HPD|j6asMaPB=BEO5{{z?Np1a7O#}5tvDvQ=Is*0esY2dSz)O>%#eiSm5Gq}9!4}2jFK*J=F z`g>o&w&-|wU(SOP>JJ<2--Eet*K%C#1r8qv0nl;j{@zzmDge!Zn}nJ4Z%zR<>91J8 z`|Yh-CxRVC;3|X6YG0SAzdwFECtDod^Y?kNS@;dly>%k~eh)$VK>*-f2dz_C(#H3IJ|m9PXG4^^=o66$?1aj&fnty8yu5|ns3PQ zSCYTq6b*#p5D<>~-{maSgfZ{a1wBj(|L|`#ZNS1^ZW2#>@%IGd*XroL0MO?1#5i95 z{if}lQUK^d$GyKTMF8~YsQF@VynFm_G<85jZ*U+k{<}&5wN_j8OI3^O(Io06Jr*8}P#qpK4 zBq3gxo|}j?UJcJVriIG`;9=fn&tCm2yII{}P{d zNl9Ted{mZ6$4O-R*rBB(K#jh|ZIHzH5r*GWJdORkY3zF6-X}RcV6I*&$c$z{xK#hB zPJ%opMupzV7WdTt=QSbeccvg;+m=V(N&mEG|7@1Yj>OK~PYCQhkJW-K=)!Mo&6pmy59mhEtVwq62)6{sS-pK(UG)Z84#Iz65jh@z7 zZbaXuTs@P19Q3d%_Yo1%zd~UVjVSz*_Atzp0Mn^6zgO@#szn$Eqex{7N2=Bz-tv18 zCsZ;x5#X9ByMjMCB28KX3NfA5&L%oL{v|5qr9go)*G?z9V1UE3do#b2)|cd zM=e_Y`IOv0>;c_5mdV|ABox!hwJz)76;9tHk_H(}!E_!iRatlIMov%T*kH~Q6%g{?yvl9Z4IQ?as zL^HYw^+}-M*`2DL|Xq1p$Ch5Ta6 zllIrYm60f;oIM_zl*c5XU(=YnN?Ce{Hm`rf1dt*L_CDEEny}!!K7Syw&+m=cxEqkl z`#*7h!x+lJ_z`OvhvF`;N6+woBmR37ISGq9`7l?tP=n3;EFJqY1o;ktF#)*rUrl?6 zyb;OJ>vNsU0~7Dnk1W?*rp*5XQ#uv=p-xBW{%=G>DGlXtbKI^<6wfxCwQay<0q~SS zJOIf@DUgHs`U&@sMjru((_**%=|zFq|A{%5E$*T^lFU&-Z#Y`>UVieMa>HdtZDJbH z07-;C%E55n^B;hrR5Iu7T>u?s@Wz04uZKDz92|I?IH=2~5PXf0)`{Z!9|`h{paEi@ ze}^Ey8;$?cuLO#A{_?a4>}CroM{6_|+Dhv^46Vmdh@Qc*F}-+1bu(a;4-(9Rw= za`EFX8&P<8ME+wLQb{NcEc-EP7`LkoMKqla^R-3PLRw|gWdEUy|6A%8VFdozz5l9O z|5;cnTMb*hUK7zuaDZ9Gk~WLEtVd9b`zWjC zh_MFVAWG&@*5&wOt&|b67ORxd^|8~%;5Fg$&B=&lwd0b6u=8qR7Ee!+N36tggfOrt zT3fO4pnmSVi$T6aSHK|=^)suOolx^6dKr9$biN`+C6B-_nRrUz6AG^04h)=^u^WTw z{KpZ_sKO70^6_u(vb2eET;aMi+#=z**GE0HQ+tTs_<~KZ;r>bomo&tE_)^F3oN2U*)c5);v^CID4IS% z4{N&2mku}E-&!*}-xt<;#xv@pkiZy^j&-cmiG9YT4a^E|`tVfJ5-6ti7IJ9NtfjIu z{jF8pdcnrYbt<*S{Ku#CYV!dtDBo6B2(iSIBE{s|7G8laRKR9MuyleKSzwvK>+dk1Oa$zbpY%abZL}-4s=-=cCW1SdueG5v(r%31s z!I@2*s%!(Ij1HISj{vT%kz7wsS5>p#I3vZRCtOv~QcmK`S9T2<*gq(^jp$DXU26h5 z!}2mU6R9BO3JXo{FJV2#3Hay`Pt7$gX48p*!zZ$BUGz&H99@t;V3$rdz5r zb+(?PbvYy1`n%977SwVGS?Akax42l1^Al_{6=1E}ZC4JuI?@#jO=mn+$aEmm4R)TR zQKm5_z&#p@-36^$qI2E!W16dXq!2%RTcwR`{#=z9dB1-^96nEGRWtY-+WAewf_d<} z%mJPk-)Z>##)v4#IKbhUNZ< z;em;s`iZu#DIJdu8k>Eu7Vi+PxflH4m%e!X)~wu7=v@^lgRJgjXz!&D_ehR-W(!h_ zj8(5Tf>A!M-PgHr!g`{}^UNE0Hap&`uRYR|%&x64pk@CaTUb1s#*9Gd^jakweq9*g<~~c zD{$m<71)R)nhLxzi->z1vR;=^)wGF~*DXD8mrh-*ShexJg7tjBNihUBcJ2eWupTs8+ucj_l=Jac2sVT-Nt z=Vym`RR|I0r$!~JoUh5Kev`-F)NxmilpV@_Qr;6A;DcX<978TK#(^)Gy?4J|T}yn) z2Ir>4TH42#3?0`O=hkf8A(?eQZ+s04M_K5@dEt|XH#!LT(rux^43yFTlEqOYCN4%_ z&Uyap3JwCX#aVp@wNDT^TT2kv*E*T=5L8GNwAmWJx!mKX6tt_oHkGZNm@0I}KuP@R zYc`O>0y6;xCojYD!sDR~L86_DozTCm!8h)oRjgEX@3!y|XYIMi12>Z9w@0oC65Xu{ zyhF$YVHLi=}ao{Zja_i;2dlgxdm4#~F zNLg}l+ug&~rAUD zv}oCtc;NmCd^6mTWn(%wZ~>oK)JRMgz2V!%Q)S+j?il8-2NPQPe!@EwTb)m|lkSkW z(+D}dZ-Lh7elii;*(G}t z
SLyytznQ=;&Ck2irfCeX-G*to>1;Pji#bMNqO3)|L^a0q@%%4u`PpKz z{Z-!mN@@2A#jj*P0=Z(v&vn{0pK?fA{Um|9ATuFQjRQittIbTuqUW8mK$V@?RQ42Z zLZ5fvX#=mVkCP!9a7g3!;de)Z{?=A z44UZYh;FRieXsL<*H^9%Bkk^|F#I!aFpvwL#$C1v@~B4mGYaZOzfiltbTu`VbZ#AT z!gPYeB<9E+VWnzd>2|PDLyP6PBef*;VhK=5)a2k7PCDL=Q$l)7ZkY+ zev0o@`TL%FX-D4Y+;7!u-+3Mq-nZU2AwIA*l>L}kjKqgGo|4}(b7>1F-9+HyMkbT1 z_}mK7Us7ct8C(-+m;z_MW*i6S| zHakiv<~*Clz&7uke};=K6!82wGw7XiCiZ9TTc7z^F^1O{ZrRCwV)92R73-UXkp=*TRfjzPzxYv$!Ij6QZXIly@h^7+we(m&%aa{!q ze_5;ajRKXBxBgSV2NT5|{dj9VeGIWLVYhBL#5Wvv`P%**-BA>YYLW=~1ZF}cTUOvu z^3Z{(TLLA&MOasUvdBno>~*ZgiG@m$`(Dap`w3%!=USNi@i9A-DRlq@V-$Zxy+k=d z^ss@UaBWOAoQNi&dV}p!!{BT&$cIq?mdqfB5f}t<=QHnrLRHZMYwML3TfB;>+)2Z9 z0y!X2aG>(hxb5S~HR$fR@lg7Gp3vrB#`37z(S5N}KafaITxb$0WIt=LIb^)NyI8Ek z?z(X^2lO8PI8mae1hEm2DVGbc@t5$Zy~kznBrCJ!9q8;V7OYgl9q=^PjO>Ndo(l8_#Fa~$veb0AOTu1v**If4QaoT z#nRz5@{`7uRinVnc5+G4Sh?CW+b_W(y=_6<2Pdmakq_fX50GSDrll`@>-YElS+pQg5#8cpOIp2b$M@Y zJWgZ?o-RCz1~{bUvJx(N>`%^UOl56)4p3S64%|7&5q4$f$5gTLzE}xg-=C?ezHLWC z*pC=dik`d9T%U{tK>at zmbWKValQCS>S}Oh4(W&R*@XH-@o-(HlG$y-RBCAhR=&CS&-S z$eRkU*9wUu(PtRFMM{AKC{$^-)Q04H_nlF<(I$CBL`0h1Y&cB8Dp{Cm@FMd7R$(+}0>~S#53C_q*2_t%V=y)>K0yVDUTxfPD zY?yCcKHeB$-qz(?UK`(S+h9*h>`@nY0Pe?JbZC_0(u#U0w;?^!PY+MxNA`?Bx8Di8 z&HC3r4jURmuf_t58ZQCDmfR|@ zbypXo=P+b!q#B@w9Yf*{QCK`PKOk|S z*8-7M9;LczwYSRhJXFLH%9kz7=bS zM*PhqAKp=6(p*5Q_?*4Fz7R4DZVk^<0<$TYf|LM4qfs{&#LFqZkLyl(wi@aP^}iba z$b`oS5T8I#uZ#{-b82Nr?RZyx%LmSgmPKOK2?zk~?fFfwZjwB?95D_N5Wb_f^irMAQ+ z{7UgAPyUfW&Su|s{XkidtuVs9C~OshJJc11jV|4o%soo6Ij}3Y38&-gqNRv1j}QSE z00?fooZsPH2=HBgHzY7Q4fMy+1#zw3uD5_{PUpIrFK7^u#}g$ZJaaqStxX!GZ*)aG ztSqrU`;&`UWC=-n_+PxEC7aLLPJ8I=dEGF=;7@!}aZiaK6??AKXe?VAEtOb;!FO4) z@YjhS7y( z1#r|3f?7QGxVu52m}l6l957h;kray!bqZlMjD;n!wK9KeTg0ZP>5wU4&jBgd_TZ{M zbez8^cDoirFv99sN=cmEu|6sYfcfS{6HZ1&7O z(+?=qh@Dw50F?|OhRIk|BipzRo4HGEDaroy4!c-_U0PH0AdbfU2`?@Mdk^5FwIm8h zTv0ONz$!D@+I<72sFGYT02t;$obhg>?v2@a*GDn`kOki6ul0eu^GpgJBQ(eDt)7Z6 zdTwdw_Ka?}j1e$n-rK;OcFm7a-$q35I()tW8*tl5b<)HTf5o5H8vPbTp#m8$*mS)N z+zhmS)YRh_qeS9@W#IpbWyB~+au~@8XKIvA*fVw0AghO$2QWu5V~KLqTAY<-OGg@W zUb-}U&)-aq#pp$!G_c0G1tz>q5VQU{7~IO;3h61luMguNfrOyN^vy_4UJ1DZwAq(p zcst(sf1KI_E7n%qYv>!Gdn8S9Arh zOz-!FDL6Z)r!kE{?a(%1_4FqTzXCy&F9;u8c!g$AnWyu`>9uy8hV|2SVf$UPzORGN^ z6NYknf94$U({LErcuuip)68Clr5$W6f+)DIncR)w#z!vWT}KJr#zrtrzhVI=?Yy^- zbGNv<3t}@!7AcO`6V)y&$gFsywj zP~pY1l>TJ)8AItN!`f|I*AHiN68>jr7uP2@lJhg!Ay`fmMM^9MvP1+kGPKaV4(UQ; zFxvU1I4B>J>Z~UP9Si>>c1QLBDw>f&TX=be&IN*8btKxm@mkZ@4C6i zY<%3tbOIwhN}pQ&EFOtBA4=%H_Ik!P?o{n6gN&~*KtxJZb-Yb}f97ZmoacTfWV&#> z(-X~GMy?Ms^4D$i`(WEl^|?~3F48tf+S6m2Za>|AJA(oQKh#4h5Cf#d-7h}&4RQMbhp%i+ zH|Iqw%SptHL=UddK&oH8sqRVm?Y@|P(GC?2Dt|r%DVFa_<6ZMB>mYv;r@ae4Y7#@b zVS^cKEQaFKH^HsGaNiUb)hrzwD3GhpR`UeYSzx;?SUZq2$)>I;C#T1DN^I3YYfg}J zP*`foRnkWlsCU*h zQi}n@PP(l=m3WM_NBi|J5Pahe&i;*CIlf{iS)RY#;DYE|MgAAXH5&u)_fNkV%jI}) zT5s9y1$hiPng?>~wAN$NSRqtjo z0eYwqO+~te`IJP=uggleeqWSquubrj<8F_7Iw|0xV*U#(zw?1Re;xnN^erc4y+O$CM5z@~-Co(gn~b$QCq$^nsqwfsSun=6cbK7CwJr}I+fX&4RJ^w8Cy zbO5L_cp6U$-up~lTmz%cV*=oSiUaiS$>b)@(a88kdfd!9lITDuf^5HWkq)>cnOYSu zLcN+*t`#=@0$(M}dpB2HHWaot%R376K3guguioFX&DC{#NN60O*uSB|`9YMkx}LY; zh#=us7%o38Vzd41SNoMM5-C2)(iHn~hT$V# zS`((_uP^XQwZ%eMuD5l)&W3A~ugrG)TaV|)YI0@ z;_hvVs&6a~&=W4%=sF0Ni}L3kZlD8X)!?R_561xjf-^&9~X5TdysrKRYz;2t7T$8)+NY1J6LyjO($3yDAq`q5XnE)XR z3!8}g7a#fqq&Iv$V7OGDk*Ej{6Butu+@^Tg{j|+U!LZ_D0LarcocpIw zqXaX8l4k=PW~%S|83??UwB0390&omI7?m z^g#YTfloBcwLFFh+*jB85)=5fALSlq3L!~;eh!wP^`}RLm`-$ACfNoS*=-=}CNfGF znBedLK^-Iiv-_|^(4-qG0vM2YbyeNSF<$!;#B%DFK4vXW>U6VuUjg~*ZX^Ggy~sex zPHOwWW|{PY9K0{HVuQ9VM;+hXXR@hEn??kT>EkE`_n*9@9=Letw#4`u(trBgs7JW6 zClD2Z8{@ViUJ6WQpD&TT*}ESqzQSn z_mQ7sC@{66oSU}o_Asc&w#tz<>V$WXul4c-p18H~4JR?w4^r8xVhA7ocrryndIsV= z*jQ=FZdnyVtPgO$*+fi^*U8pDuy2~{QsMLLM6=eHNYoIL)EfQHlBbQe7b{FL7^{9M z-Iuu;p0dav@Xccs_`(VH1>0%F(4Twv2QBfjXMcd(%_2tdBHUvMh49YL5A+v`+qk*X z!H%(M@DE0HH2TqS8N0q}!{3gYNpNN8P*ysBU#Qss^WFA3_7fYK1qXqe?q^TS=WNAo zLa2Gc%^%9|!cb1g`JRwY@yG?=^2Fz0J;E9ZgqesMEph=UH$rTFWCC}b%puxTt+7xk z^r?%WXTiV@U{)^~cH=sqCl(0W(|z1aLm26CIKHsU8@Mot)n!-|oO->VZnh;P%{(VbPEh`r_lv&sYvdKNJQCZ{ z7yawG-_}6`x2)pj>ETlQ@dmezyY&(%seQGN&nnipVsZ*9W-ULk)9vqTEut`h zfp2@p22DHUgatC#MCC#>ISF)yR7{zEM4jCAsf8CIr=x=f?T6>)ITL4Ft+G3-MN30s zPMe%emlX@``z@37xW%oj?pDra3IvsN9k5%Zyd$U|u-pW{Rp|sxh_>DPIv|`#>4iXf z-dk&(kQao@yEoO6h`dj>hNH7}kEGk`QRjYPZ8?0!jZ3>V&QQF)mS*t%TAw;Yq>oIl zb|qbl1xI8H8L0-;eK-xd1821VIJ87N#I|j#KGHMCdFvW0A8F<}ka5tn@wIe(ziPqN zlfKU^M&Xuud#ReC~B*tE)v4^vZ_%y*B7F%@tQ%(#YDdtVLGQlTPIQ5G(cB&84E!cD( zysAo@Dy!qS7*25CYXePjYSn)EL?tk9DVje#8rkA~B6Iy51RZ;e@=ula6~G`=Jj<~a zqB9GMYABn7MLxH{=1aeV*tu?a76;h^4V#DYbwouc%QV$}&OTkN^b1QSUDa3yng_Jl z*t)W+qQ<~57n{-J2jq7 z+j9DVlq^e)!8tYhNrxlZq9Yo-Ry%quNq}bC51CH%Isho8*Pae*&9)QU<%-wY`E8#w z*{8b9fa%F{-dw*^Bi|JFtNO+lc9n=AiZ88MYrJDpK+ib~iHc~X1<0>v=c{de0EykJ zRn}4ix=Qvt`@3e$Pjy87Ax5?j7qtVmhI6NynvU0W^()Hnxi3T`m70OugJblctLr5e z;e(KJ|G{LpC3|6u57>2JY;*9w!AqFl0XG?2R-Hxe$cb^?%;NKB;o|k!h>AN8nwtjn(D0Yzm!LbQW$y@)os2cc+v#RGHi(3sX;HxQB;Z zMQBgt&RqH;WJJvn+;WE6fi}1x|8C^~@Xxuqabm=;VCoX=**h$h!|0>m;rDooUH@!A zwjnbot;{0q^CY(sFWw3&ChdEu$f!OTm*^wF%;|@InNuG){lyaa3TO>vo{|Cz`d29* zyqa!;!DzRZ3S_IqIHQfuDu+MsaW43EwNQBWO<@E!2^P#b8f^;q-B#R2sb#@}-@>lG zw0RzcjIL!^y2z=dc|0ZT0&*U{w&^gDVV&k|#o;9@P6V28voLWY1`F8xgbR?{1$ z+#7{*`Tp9S8nF%o(Pw2?(p<)ECbCiwxz~EsQj%EJdqa;3Di3zzIz8t}Poj+7Y0nm| z?673(UhE~Y8hgb+y|*$QQwMxuXSEjompkDJ@DE!|uXG@dMtN5r0H~2s=^NqFH;wPb zPG7l<+0-B}iBoa|7fm<=KuS33cB`|(%7l$mjz3d04FyrBhebYTY;WiSjmkylb|HJp z?z60)85DP`znO;V2EX%_T)|!5tw&uVFw+!91;mowsXZXe3W>$K5Wl+Euu_5yo8G=e zmegE9`xH`!A3BhPGjD21hr)S(&x=5%N#yvS;gg7%b`G+P17Y);y0RS5U zOE&lbWiSkjw+2MChv;W=y`;EqPjWe~SK|D{_*ZYC?&;WmjuZV-+H(|}^VYXj0d>WZ z=1QnQXn;X=p^8N|aXRQGk3(?fjlGJZ1gB%h$&=aB`OqBG$>J@VTxI72gTt4usz<13 zqu#(NEsSL6Jfx)PvWLB5BN)9SC%I~I>;(rQHt;;FV9eB;cda1dy9V(>(=G81uXhc# zYnG`8wo~1M*R28NVtZ4Z8AkY&b0v?IY=$eds)xT-ERZ`ddcT;XU^3l}cw0d3)?^jQ zet-9YbN-vES>Zyfse4nT);g~wiEXaTmuTOVz!dia1WkckDz0LPp!?^Vl9iF=2M~kU zJ{)&oHh9q_run>tbkF(%)PhipRRBvW^KJR>zXf^*&CKfDyJ^(LXwXBRFLr%=K{Rah zR;U!u(?^IfZ&=rpu3|-hK~4j`Vb<6c%fq=^ta8iy7^7*>p|am1X?K%)dm$h)DB7S_ zJuLI&=kQcFW`B8G+OY7z*3EXeXwhv}1RTsiol!SK&3-S7RfP|_6s4Ez$KsYas{8v@;MS>Io~YKi{Z2`=%Po@h zwq&DbbPyMHUM}F$aF1PUa>?fLi0^F(vH5y$1g*k;@>2t0i&J^u@vVBxDq^$KZC)V4 zezrEjLS@NgC~Ej6H~_<}UCQ(ASM#XN@oMuEd7+Zv)gq!QL`K@LYq(@lc~V}N!!dSI*7^G^XSRtrs)gO@J#uG-@@a-RH{8Y)n+t*%d$ z{6+T7M8mqr9XPFpvS&6x?|jv5Vq;Xeto{X9x7sYmV_S3*DN|(ZhTd>~US-foU#?Y2 zUfFKY&jo=8p+gYmKkUYI$U?u z&2En|6k5gGqRB#ERN)aaInFn{-kmI^DcJHvU4wa3J3Roblq1LVaBov!K>-;-&a;a9 z5fHYo!L!rkSd8U}?8akZY?gh6Tz$fZ06j^N?TrEdCk3d2WaFl{npK=b9A(0< z)AVB_GyiP|Q??Iw^E6)I?&_kX=DSQu-Vcd%_i*r+$$7L>c5zf-J$b>iM9gs&DqzN` zr?hXgpBvi-LnTE{D#VdCBuukhpbChLM5gzXpudz>SCN^Vc?8V~!;q$|Sk%bFEZdtu}sBi15;z}~j zkg1oVp?i0hVt7~@YkdegThKY>fI{!i3#McbprAGjEqif`p$P!6P4>F37rjAGSF7`w zU+drm)MRONw9i^etC}ULxAWpkoMh%oq6}sz4t#u4-?z2YB=_bg^(aI%crkMk`B`M> zioVR`^q;JV6JD1rKq#w21J*M$dR_c81R>5^hGwv!3dJKW*m)`RYgQ@4*?LXT{!M?c zv7ELX6hO{V&AchXt2~T<%@Cdzv=IXA87tSO)&1)9O>^Pw*ZqJ2*-zB$xq%WL_+i7D zqMh!C%5vR%qetT2r(<%3evRW=0-C<48)!Y5=udL>(dH>97Pc<-CB|BjCi9Gx5@M@< z$zdM^p6)LUXN`^Bv(U?{B(zZ^V&$oHn&I#%$6-; z#NIGoqGp_a0`V)qU4EXc7(;ysP1f49pM17@JvG2hkqCsjAKQsiqgJp)L^%(IIbISj z*)i*bZrGSq-Zn(x5sA)qgn*SmhcG3efpDQ7L=lahP!zf%@#kd+XQsE+HscFfJz1v1 zmLi$tH2v^F=>+IKH1FOKgi>=Ae~@UEEiXTMQ8URW^4@PDdBYoeMb&1Yh|hM7xr$t! zi;)dqek=kXY1gdmnVnUUqCsX1BXzJoxYf45r=fpeDsuN7AsK$He&Wbfzlge9p96Q= z8m&#eEoek#*|QzeUPX=*X&0($=(xFS`&>*sRd0x0<4ZwG3aoBYePxQW9TNF@E%opl z8-}*fo&Zm`Qr1CUX{~PY7HF!%Qw5EQ^V(F1bGY!GyuJVKX42hF#7~DJUq9RES6@07 zR#Z+D?pD#Q)F%6Gbnbw4%B_Ll4?jtc{kUno_?G&wo9iGY2F z_JQ!Inks)|ep0Gew~+Goc!}a~oCIEr#2$gLIqpI4Q8i_>r-BW|2ZWJlRWR3V1 zABgG)%rL^|U1P;}8X;S%>~}=%1+to)JDVPSP(Gm9_HfugRE>TV48QxaZ*llUWj-{J^2j{$zCv<=ov2&vKPes`fg=(||#z~WW-(p&310I-#i2Kzbt^sY0tBrrM zG2^#9#oh1m@aJaTipgnbfj>ld%UROreGQU2mbIjmqoPyDih#VmuC1aC+^qWu^}i5* z{ujVx4PoUM-GWiF&&D>Y*^P`fV9DjOrc&C3n&M{iq^X0s73tP0m8#iFQy`D>Nw2ue zxSe#>^7X;?OvH!HC4^yA=I+m*lVZ`< zOAg`5bv$9WKieW6)0O{zKTN6?)1e3eL>HEBuvclwcgtC3d1bG$)xEt!w6rS$v;;r{ zKHa9ji~#40rgG@A88){%x@RIc?x|r-<#)>JCfm7pB=zM+k(1#Sb!!1UXR2X^uBnGp zkMD7$8KYt^D{!a%cH7mikLJ5cBO4t!4CpMs?uSf;yxx8>z!XxPjgbE%`eiP$59v$Iy#QKmnVCpf{*VG zJTGhUHVrxsfE#~ZxglA?a_a(<7AI@~J1zZ)G(#$)hn@s1Zmrf9(6n>r3e~k}FZeru z;#%?@G#EX(;cI1QP?p!|te?$Fwxe+8=88>gFYy$0-u!$IRz018e4b666A#ZIio)F# z!KfE$vTUm-rP#IN(Uv2E)c?S=KPbySQ-14`D2!9KrJwbGxO($wsQ>r>UxW}Xk~Xv| zgk%e$jk2X|gE1sqj6v4MSW~GKDf^mz88c%WyRlVvW1AW4*oiSF##m-7zi035`}+L; zb57?t)${SZo{#H(-R}2mK^7HxU~kc(kOQwkxS=?!iZ-}QI+VR3*`l9gQOlk$9|Dy< z;>+ql=oL*rI^#=q)po*y?SU4o!K&Qrhl-?A717$pol)oh!A}^h74JP-a|9MP@Agej z&(~s;`m9Xx*nF_tFE+GU8O%nmOy3IkklFSAkaBpU^snRypoG#VOVdbLKVS&h?G$`* zS}jC00e4k-MO6YA2`T^?Eiq1F4HI5<%rrOKk0+c5`rh$bbsH)KY&+A(B{Gxcoxbl< z`!rLVi0{)bh8tQJH<$S(T(qw}k{%o6Rbd&i6yJ7U+JIqMo7(W|r~RqN?G+q(bHjt1 zI-*`ZH>U_9X$rJ&%^)eA(cR?uAhR>psC?Aj{ax|0lI9a&)o1LhmLI_QpDqIq1Wn5o z746go+AT%^?Op1={M54&?QsKW=^YB8K;sEMFy>)8N7%g%snI9rPxMynNiZyR zPTzj@9h&BK@d?{z*d{{v^BF=aBrC8XF#K`u+8=Kcv*n#YG|2iTsAN!J@7_BGrQrh2 z7v72u(ib0mgi4`yTF5`R-};hJ<4cjT3785}4{C7xe0%ND4>6_S)+vB*Ksxyqm?Co< zRxaSdSbyyBFA91uniIir*?j(U9B)IsZedR>S`5Ox@rCVhCBK(FFgDW~1)lQ0YGaQd zVDg{M))m@h-7?PobQ6&27aT9v(`dBRcdrz?5b7g(S|2;f^$7La$MG_$*TFSEuj>@6LW6Gn!p0 z7TX9~H^UT4LeZ~o2l)&|JLXQi)lZ*Jfy@q8>-9h1+Dtp*Mi#o%FtMuHhg77_)64-f zMkgszHmT?2^$=vn^aTUpM0oz44g~eW)EvVU!5qjLaKmpwUC0Ixexs@?xU4t&k&F`8_*_3K=O62Ekmf=!!ygLDQ|kd|yKw$6u98jli?p9v66ow^^` zbt!qS@^!?9_BwBmxcE5~K@+W1_(+| z!^6*A!u8totx~mA6;CtCP29$|esE03oDVinfHT`PkIKh2k6XZ%jsbV$-+}HlWB2=T zny);lIoOAxyVX9=&PmHK5>9G}O2zC27Quqvzc5`HiGQ|$d+wjUsin_pA@)zJN2a6) zlGB6mFpTe8w^r9k4XI7k`4H(e4&^43OZ;=c3LJ1~awJM8BISk8fL&`OxTzP@u%|5` z7P)26dAi((%ghJD|K+4|7M}(%0Ii;hR9o)e9{Z)uMzXk~1gTND88CF-_`LWBJWd(L zv>^M}#ws=#=T#Wh3?kDsdRnuD0>xfUTHa+h%wzNWuXrAZw%q>gbjZQUPpvqGxoQHi zpu)sVuZ14H5AmJmo2>Ok2~NIQFZ6UZ?RLdB-O<0W``x7wwUvnIuNu2pNkm#|lA3R< zU26RG;a#(w(VcCZFXhey%)n1QKGjkG!qD#o93S%iV`$;5y$yE!`11FSr5;Ul# zr3dcI2Ev!Y)42&jXClk+iNCL9Zm5{59V}e<18CvPW7!m(S@F)#6Nd_&CC8VvY)4W| zok77?{gNj$V?7lUl7E~KuwYI}8D$S#L`tI4&bB-8@~2jNSnxvlr=1yHH!oOQndNMH zO2rg$f_72`2{U~&12cpFI>93x;>&&j3*7fHBY7k3>)W%zl|-pTwb(ivwQwJs{SVhe zYRw|7BsPkAPN6--m1NnY@g^5;nUSZ3so zT5%utb)^5}L5p*bNPQR8#R#2Lo*^9BJ!hwC6jJ9k@V%5s89=aVaN~7hD2RRuMkV)r zyx+h@tqF$2BD@|Wr}9BNj8s+Qj3on@4dV5t8?m~^~ERwaQqwL+U zj#UD7PSU&<%HX`{JwVD zF&p+ODG>VWh|f~ZHN^nbh2=X`z~mJRoZy&C52I>o9x!$xbw8v^q49_zs!ExYF0n`s zb8SVn_^9|_%a}#koHt`|iDv>;b#la0x=u?RkQZF$wE2I*kF;j!&*=LM?1941FFN3s zW4dBHa)fo+K;b#0sYUFf&|8{G&-BPU^^#F59m}~TZe^Ne6>}<(OgIADW3Ss#s*`fy z;+uS|e3x+506TiefTLx?RrNVqAJOPTNGfXxdP?j~x2{*Jfd?&Iqy$~NfCGjjPNq-C z6a4af$%!isF6lyRtadu_IxQrV&e!}(zUX7w&60Zl-Frng2g{vLu^_Fn)jdZuf)dw6 zPim9;q^8!FYF))IpX<1xSo7E$oNs$yEr4ax!O8}AyRNOcT6~mGNNJ@qx5Npqps2}#u{1M2PCKU zN_#wT+!qlOqoV?I_0Y{eAG6>9YR5~&S%0MM-unDQc@|%hm&Gj_9d{^CeDwb?BW(w# zF9MuCv6^zkUm(Ze?I)rig1>p?W~|S$Ql^DQAMHVU&&PcBY`V{TL#No0cVWb~BejNY zhrFJ8qSr}m`pzYqgND1es+onO5D z2#_e(?{jT>y?vB=f%F?tO$%3)_2!wk9aH5z2N!PoF28!o<&hdXSz!FDeI|;vk9yG3 zJ16zv#Psh8Ow{fD02!zlATvKsxnT(y)}SyvODs^joc0I3vo#}5x)_+E6>;+G+MI5u zJl?8yYlQIOKQ`Oxf)FmP_?=fnUOgs91}r|9-eAx-xWONl5x<3*03P3Xeph1qC2i%Fpcm@YZOU4rXE)y!rSSUyH=)z z+8RYLu}6`L^d-%D%6tsT^I@HG`4^CvaX{B_=9$LShNY1MkD=Bwny<`-N2q{-q@ z_evgTJ&p$M_$G2~t>Ww&q%Q@4QOaVaXibcpnrwhpyKDz3D6(ULv=O z*W7PQ!OZJYh`89VS%Qs_?Qu_fR)pGRVZsd2&i`gT>){vRJhguh-3@aqbgO5U25j@D zYgoo&VaY^KT777Xn}(E@?XRhp@Eo6H->2r6*3g1iKk=DYD{CC|P`o@|0Ri~fo?YB0 z;K~;j&=?ZhkJ-N?d=D4~FVNE#rV^dx%gTqwets5-{`H%*nj~MP7cFt3p^0%)++E@ zE02BUoEP@lX8SQs69kBpp`k4zkOz#xiOXmF=b+pAX)?ZBH+tn<9-^K@gBLdi1Sv-q zm~%SGW^y8Xz8ZZ}^Jpiv=Rv<;04&4b@mI&~bjuoI+q~*Ir!6zXAL9tWizH9+=Bty3 zd!VuNCG&ixWhzp}l&FX5E^{6-6)W6)lPBeAav~a!Y#OBe8_xWx$7t@&LX{^*tN~pl zyKFnO(`^HBUXsQFn2XQvisbGWq!jzo-xVy4fB#{eCL6thn^}w7)Ut9Zll=#G;RXw> zIy5O@^9r_QNvLQk^GzTIaRr@wqOFwFanD`A5{5rcn|QkHvkZHssy!1aZ-s2o`K{H^ zL-c7DPprL=dGBfQ7qnOEZ*oK0fwAu7;AnAothb1NM~uYf&k`TMD8U{~+ONgD|AH!G zN7uhLOHWk}&M30Pn(b}P7$Pcsz!hE4eqiDZ(i-#N@`yU8A_)NP)M46?TuTve9XhN^ z)s_aj+8TA%K@{u)s$`rE0)C~c1%19N&Be6QAmK)a3Ov1$fS-5+IiOs4VC?hR;Fx*o zi#>ncG)*ZBdQjJ62=uDvCF`yFg{@W;%o5|0BjIh+RhP@GHcJo#GB(wHV*(- z3|#=RoKsJB{`Y^+bbScdOK5OSzpDGw8#9;Cg$aP+;V+H4Ze^une7=0s+OS4`zD?hmNJA%c$77k!ju-rp)kL@t{$8sH zKOL=L>WrnT`0QhA51Y*wc)I9KjVIV=w1t(o!fOf0+^gD%hCQ=EWGKCE zQnWD7wuRZho%&wPa0exr3TL*otnTj`3M7%H(a5VwGs%0<>DRapRGAI`&$Pgb@WY^~LrTYZH=l<9|`X+(jphbhRn zWNbkZkx5e%npTd|Yb4niHaDta!#9+pIXjFwrDFSKBHal+Oe@H){uS_hz@!(xK;c6iS~#&oy{S#_+4C7ru>#Ks zHeU%idx>}rQ*{5*=Uwq>pF)ri=!WKlTgiL*YhO>3+k!9wPWQ?;UvXvv<=RICaZ5Zf zYO&a$$@WUHF6Gsx^@5?IDepl24mj z|G#viLl4A{0v?C9$P1F4Ex?pw*X0mMY87z14cFWl68JAnp{|cDX|@pk++nL-O=BFM zRC4RT7qkbD@ackCD#uU%jCj~DO9g4hFza0$@LRQc-YV zt;X@k&_s7W#uw3hBG1yT2j()+a4aHtO-upH8odN}`Lg*|iM~8cgqd(uZ5vEo=+@bS zQVg0(YYigrjVg-|?M3Z!cNs1;CyK?Y32LoNztG;qw)|8#=*#wmW9rd9g5Zt)3lnY{ zuAjBNcJPe^m(&AenW@4$-*Kw1|IiIJ?L|z(@yeFM2e(vy+)CAAQ+_vQnW!`_c-jj5 z;q%eFm1jTNp8g$wLs&_2frYaju>*?uv_ArqzqD_>>KJtHFPTx>kU@>gYKUEW%e#GK zdW&yT$-gYadugx<`#It9AQ}QPLtD;`bm8i2Ap@#Yuxz@dX<@#yEi_)%CQii*ZE8Nq zA1@8o=31wnMFpm)`StJ~TG@tSmTz8Yg4FtgLq`EJUfUU=Y{>=^OKE7V+zcbS6lg`@ zF2mD;t%1}7TlC@J##+6Y++9xHtnvezsX$FcW;mf{kq5wm^~+<}PTrI5qZQ-sjf40L z;Iex>lP;~m5p0`J5B7yQu7Jv}c+Kmh;bcMPrh*Obwdd^br=(0%sd&9YlLFvHP|Gm= zfeNWnP1uY|S|-hLDNGS*=4y)3K< zI?(Dc6L>6sWSQ^($$_C@!=c@z(?t4ym4#kU$?B1$B zJI;o7D>9n1oVRL@{%&hCdL00&9QNuG)9kK+a7jYmXfy0r1$Xif`3c-WeQS8`*25n( zIpC^hUE{5@Qa7-ve9`HK+7q@R4FR`*Cnvqv3*|g3@WJc@L8Kr0!N_N(9R54Qk{N9L4S_MW{+0BI8ugeSt=z;VIvkcRZzGx@w z{;xTUt_#P}{E`U)^G@X&wuXeeGKt#Ao;~6|0(~SdIt8g}5y56zKde<-@7HpDW6)zmFo9 z^3A9MG=g0pz&v&`E$LjPs@=~0%WyJ zmj{EpyeTaFk*4t##lg4>_x&ZlXf~XQ=bOjUJw_smkdGamB= zBP{#Ds8{LB!~6qd|K(O;xi7Pn4a^(rp=p~x0Ov%G72JLvPcicb}=UH1TgK`&z;zockIzhHn zT02MMW8I*JL*&rKZIrE0%zUQDxgcqj=z<6joU-dUKYU%4ac`XE> zY}8l}eJB1?h{k~~(|7-K?c+AkgxH@t8|wB3Y>wSI2liI~>+gy;8%5>~bAiVwKbHTI zm=FrK{9BG%gsso&nw30M=#;JQYByBVhiV=G4A6EmKQx@R+b#ZfoDtpBe|4O{{zSg> zz%EgHT8^0}t-qdJ!Iu8i*)lt_>(A+dP0-0`#+dtysFlavbg=f)arv@A%|-nXs2Mph z20Xq;3o_$fv?*wg=NxZ;;oK;i;hjl7``Mv25;6^xxTUI=@TdwV#vJ$P_?3?%G!6eQ z>WEJq1DN?#pdk~{@p>n)E8Hxn&6SDS{)uD4qAW_KPp6W+(b!RFv{@EGva$W^m2WW; z7coKSzOlJstOM!2&sb(arV z3G@Hk{zB({R5!V)9H^fD6pQynroXdLGwX02Ck6jKQ6G^T@Fybt zW$s~PX|NGL^6Aa6>tkEBii;vC1g|%iQ$(4#%+#bff9<9CDy5N|KPaBXV+{j@cZl@TYIdo7|YRbfG|b7PChTeKA5#I_mX?yCpjqOq49FE_=Chd{$c zsf>nk?*}81!_N!=@l)|UG@XMHWVON6GI(Mp7QAs)EavI_^Qt%2YQ52x(7?4+Y~9@t zhriN>!?hlIxT^VQ1ys)Eo5-%eIsKDR`6yAu3izdZweHZw#>&VbHPE^JXuIryAHuwItWz zp{nuRHDWd#RY`iiy$xlH^!$DG`KtGX>VQg~t0V=Q7^2)50?fH2PLNrv8X*+f6i~z7 z*)_L#zh)`hirl+3KwM94#VCLv{>>Nz{Ebt8!QP`2aerLXFUiZ5pBzROkX z%fnLHxD0RqrNz8#co|ev0gjoG9n`RII}bjCz+WofCyGG+_n|t^8r#}x$$%)uJ04Ld+uXFgS3cC4N zA8-y2tmg>cu;aP%L-<;V+KUy;O=7?W!byu_f`x<$(rxJohc6#PZq#if7P-OPbKAeQ zS*dvNXA-Q{0WjvJ$t-;bb*Ot!K+@nZeI6S6Us22e*Y|%tsm$K<<(0|CR`A9O`<;(# z`!iedZi_1`D@K?3k8;dh<$8bU(TBGedGqt%hkkzZI^+ZYS9bP`kk?;z^WJ!~5IC={ z(lRwfWo4x>Vl!xOU#!*`f192(&RE%ypXdXh6IxR>1S}J0-negg4+@R@BVv?Ay&H0# z>$3zl)F;OcZ_pq#2BUiK*rQ+`2vmk`i)eMsC3t1AG)-A`e<+83JaZNI=#az4Kk`HG zbO=6r4+!Wkpaecqs;_Z;ew|?3ex>Y=@;rvZUifnHthF9&Ayl+kpi!nJO$SEg%X9) zM zHn=j)#lMs&X;v^-`BQIhChDrWkf)+OYxUu!oELpkj|Ig8#Kk_Hv-_NF-gj~BPs?INFzc)xG66d$O$FJ^z@Zma^6bCYRP~!||0TojtZUeqAXlOy-VCjpn3m zbVk?|l_=AZAxJ*eDD!JbgTBl4QVS8A#IGq91K^)u%U>5Lp?+_-{mvoMRp_{EKL=tDo*-7w z!mb!I^GVTWA8@;|)seO*Zf2OE){#^(x_|w~;$q}nN#Y?V&M^n~if^CdTOswEo1TlF zR~CjowfaEJ4R6NXz(GGZHTlpk3p=xLhMO!RE$rA?TY9xm%I=edbH&I=jVAta!ST_uH>#Ka9$^ zi4)=Ldf*z>*BAqP4D@r)NfKWHHm zy0(eC3T}gsetkaczV~M}BMb8gcru~Cg}UXPy5nfLU9yRC{o4K1ne$nRy^`I#EKP}R z`a*;w>W$3_U^=lsr0l!gdUHJ|{{9*7CU(wjU#cY$nrnu#H2P&Cu)*KQ1$?OwcvJR@ zt5aj>;fb;u`zA{yzauKnK6a=_foromty?6tg)=&)p+inK_X7}tqq`}pzRUdRtOh|} zpw{?M9$^bjyAk#CrcIAD7@8u~rcejN27^x7}54 zEOlr>G<=>&(Zd47Nv8X~Qm1U9n4FJ6hZI9ty=oEqjF^0zz|EpPuR=5D{!;Bn|vZey5NBNc?Z&Z7hza5nVj zDTPm?yY*U`mGiwD&Fa`9&BL!SE%e!|9&25k&LjI*@uA)R8J`QtDI@Y!)`ON=F?=L* z=4raGkUA)4$see_HC;iFB{5USh9PaIpEaB;(LXDke3%SX-5_k&>rk=pa2gdl% zDs^x`M14np$YXq|NjH~c7qnWkeE%Az$NWdf(=>d7<~m~S*Yo|Bf$E3eELb|@@w1c9 zjph-tP9aI<5{l-?0%TjlGo?s9HV})X+hi$st47Ixu=ZC$rkxP#NdReoC7y#@Ky`i; z01-4U)9RHwlGZhHp8@~EzRd~4Xj=@<*>8dQ3a{?h-lASp^S>nJ4_7>z$6l@m2^wKJ za{E5dV7ZrcBhGM&Ab(s5K~AV>sJ)Ec@!sx9h>Vmqd?7@%O@; zYw6&-S4VW^9^seZkH_B<8U$KUf368VksPgafeQ!qV%D*u7IX=QuYaydk;TnoF zzudfpt0-(-CO4=)z7-HWeAJRUFyz>x+5|iECAunvwbD(z#R#;l2MuzDky$(&@LL>J znn&s%ug$%ee4i6k!mrt?;K+aV$fCKio11x;C1brh!U$tCIR46q3y8Wuc;6;%7U<_i z%7VhQBQMp_d(^sQS7lY^-`YK2G91Wu!jmJ>qt%Ve;nO_$CIKuecyZ&&tKbVk>wT?r$?gqheo%F^RkglnB6xkM zn>yxPjNUa+9!CBcwIkQTIm~t;SQqS=Cp7%jChBgJr6N=}w$L=&yWp!)k-40NRn?ah zH|};QIA@}>i`9Va%~z#-lOwIUQ9u|-JP>Nw@p_xD+jJ-*Ou)KuY8IoRT=~>54?O|+poX%rK9 zrMeP+8h@sblYCn$@hVf#F+4sCy}sn?*3>(CaG`G0u+uM5>I}%TERAKuUtN87@Q7_F zu@78AIa2FJeO*mx{e3z)`vIgIrN4)Zz(H&ko2xkmuaO{dp>=|;Di3Y&j%3=sRj448{TM<)_uHLbNH{*^XhxuA@gbA!&;m0_18SbLA9^K z2@GT^-+0u&31hrEyZ?Hwk}1D zNA2BRT*}M5$5b`MX!{`chbZ*_yBp)d$2<29dSLreW~rs4c9muol3fD(j;XFnm3!Fa zciiRdRLX>v#Mg|5yb7evp!H9aC5y{aU2ln5{>r{4zZgYFGYpTbhJbVRCARH%UPQ%l zfw}obT}&+*T?&RPi?8w&U?W2(f`8j}?=5xm5dAK0sGgZUr^vLkD1T9+-swN6i>8iP z%ciQ1&uor=K!5ieLA?C!VaN$dRo;(3{Z$EO8F;4nCoubBq55gjX$M$z>!Xptoi{e` z@%Bh97*FrB`(;6J4Wv?qh-k=FTJR0a^}bruB6D(p;c$0=vgtUYVqqHyRGsTSM(apX ziQlhqZtmeX;Dn$K2Q&pl^&v@F#F~M;Kqp@J2Z2|CHjE))icn?v-*hJj^pya4+`gFV z=Y{hp<7JMF$#y5(%p~9s{(F+4qc!=7C(-!}eYfE3&b?eF#0Gm@B?p@9iGGV%W?Px8 zg+4;W)AX>kcTt8|0R}33sh#i_F&&_>wD-!J3Ts@r9jJ4gO0v>NCZ04sjqbP3jdH@< z#BfDvF;ISyr#z$f{gezpgD)`0OSm8lIM38YRqMrSt?vCRQ>fX8T4vNKA5@?^^c^6%n2_{Q=kyc_i<`=e_WF}M=Q@JNn zOPh?_&7@BFxxnXY-KjKgy4sr{QXM7zo9`wu%S>U#@pUCG!x@r4vAMKuJ;~TD?ZKyC z`Zo5wIs8ZxU4%sQ{R#vtp%lda*oPNp{&W`a8F$$=QVeNR%o z8}b+2`UW6yx9`|0o14Zmw#hAdIgB#-^@6;`RCR_=A*?wCwN?n!_+akygpKKtdS9~`<`v(>u2tq);TFjj<O=YVD|W4Y^oZi0oiBi5z6f((?#N_z?w4Ocooi6wKC1yt zJQx~W^$vQijy-r={?i(^h36=;KSwlHMjsR=vt5>k^LfjgMp30=Cun_7&X~O4rZanN z>9=FQYQoD4Oe92onoPY9jG2Ogpt{On>>5%|C&#}f`j}h%{ z52p5!c#$-0OZf)-?mds{>N{%}Fr&6h@sx3Wwnn!NC10_PokzikAF?T*<9Zk+8cS94 z)d5m5QO}P9p}L0(M*-|QS+aB2pFdjZ>*4b#T%iWCOz=f-+41m55{?OrdPPm0}>=Q+&JblETHj^DiU zQ8@mY&DlQh&WrzMSdKrq6ZR(D;FTLK+Srr1tR-Q3J{cOFvURGfnjZf^s(Z;VU8O8H z{$BOXWVNHYAEF>X3k-MBCanb%pI_XP8~RdcHbY>4V)?SFc$=(%k!Z932;&;xNPd0Y zKWHtH&30*U@2pExZrDS-`P9Qe>+??H?Wxl9fjdwfp6vedQmTgEUENu{_^@m+x5#>9 zriENJw+EvadwgXyHxqW3?oaqbE$!ZKvl1*Chgn}5DW5JyXGJlShV5lC2d5uTp~qaP z%WIlV0PVPiPtNTq8RrTrHNq+TRhN%KK=C)5MqG&5xLju9>u0zO+wSW?6os>VVk1(i z@`)>OQGDy^6t{Ta5a!vDFI*#Z`(vg1WXmjm*MiBo!=zv|#N_C>y z)=<*RZL#j4I`3c@bZO$-LQ!qpNGH$a$nmLQeW3QJ&jJ{)8v8dPNs}*&1DR;tp{wnG zNY=`gPTP%rbDtKCa{{)dg8!^q{{|X5hhW(F3GWvJwU|5jiQwSuI@KM;)@k>K#OsPs zCg|v3>==8Mi0YU)hF@&{_a(F-%F@Q^UIO^`_(5JV5ZY*5_Iy>)_!+z}&#rw}LR42Q zagXo~X;N^VBmMMw28ARq=DoLH66KsCArV4>W`vIYU1Abtococ>bUexIUg{1(*e&9C zfVC@74Q0@vhUgg|*CWi;R?*m6wLSdP?P2Sa19rf*d}JSpinHI@;)#TO7E#l+RPf_k z$ET>+1xEUF=O`A{Ix;?S8sCYKd0Sn5=|r&}8pnn*M_G<5-6LoqQ& z4_MV(mh}lf1(_@z8X1&y-Mwhua_|P@qeLwn)IoqtBZXt;34Do2Zh6blI<0x)H985x zgU5N>z^c&|^4Tl~X0)5Cm6E=@-9-o=DQD)4D;&;iI05AY!edO$xB_cBmhQ6#kkZiD z_DjrmToCKnHnUPBG7zArB2%k%$nqcqmw}Rso0^SI?FnY8$x=6|HgQ>elT5BC#i5ba zB%^uZpNBoCyEu`@yOs%vqCJLK<$3$!f6Z_wyhu$Za%iU@m3|v0mi@Ptpg$3LA6w9} z14^mHmYn=!SbDq{sp)?1W~ZvS`a(m3muQ!mnRxf8Bqq3)Jo4E6zWx4lVF-XEZJ=Kx z2R4&Nn+7FQ!8a2F_i@zX9oL}HN}I5noz?|QU0ZqtAUgye8KO|^^l1?Ow22$`6$@V9 zUvFnM`OMQXmhDzVv6S`cgEU>w=};r@Qw!qN|jRYpO5u5Zkev7@{5D_ABFf651ty)2Ozg_C4>H81)x^qRF7M=(|G zf=@@1nn5y+u4w#BS^CXJe>@bWgK|Tv@UmEt?tts#-cN!oDksL^^ODXca_O!2l@n@Q z^IizS0Q3ucrFs9)2U9&tB|tg&M?x=JaRE5}Ce0+I;zw~^F{OVuE%n$tt^RMCMc z5A5UA+O|4)!>yWRWttP^qj76jr=Z(`F#y!+7*ly_%U20|u15O{)h{V#_OESJoOzbI zHnX{rz0gM;Ln#QUdd+n$T3pRY`)yilT1foEXSB4@M$xM_o{n?ZYVqG zo+~c37DjJnP5{V3{*xpcv+1!7FhSOhm02*ahtyWA^^9IRN1wL4CzZXiLVtfL1x8!w zl-2y^??V~+_F?1HDBDW5PI`wtM>_p1=G}Iuz?3uc9#D_AKK*BPx- zhuzI8G8FcYB}VP!Vcub2S?a-v=Kv$|-#NuBQtP=G2tw#j5ij-cvSy2Y>UHrHd9 z+e4y)X__*AN7CI*Q5B$zz#Qz&zT8FjD&Ww@6=)iGo!dpw>MtpiJ?ibOt;GMrf>@XB zaE?m1;ZuJ$q=DDtE}lQ8CspmI!?iRR!}s=_)E4(8BF09_;%2Rl&*aHQf`IU@stvD@ zT(CW~p;foj!0X0TcnSu-MQ)~! zECvNCiQ9-AczGR+vjR9tnTKK}fT<;aC&{rJ7|o_e29S@-yn^WIj9?-m0PvT#~vR6GHXHKq0#aX!S zs+ss$9mvtVHojqGa%Wijk0TfXdPcQ%8z&LQn(?T>>Ph$0igw?wzBqI3OU>X|Mc~+S zcj=Hx_&UsT9BUkLGiXX>g0Ws9bVi0K)@zvby@;HfY1DU)7;DbF?@l`+oGjHd2CzkK zCYy|x6XH0CS}sHB@Fo4KtpRwj$~@(b*#hCt_@%7)1m2W~MI9JEoBAeq_0){Yd#BeH zU0UT3;SSsZrT20%LogU?6sqhmIpgnFvD?UlytokKuy?_HH=_n_y@5yGX7Kc z6`vOEJ0|0Z6Yyr|oZyEpYOgBJX?j_k;e3p5)jnRw9hwwpN<91L;;|psz8vSMlFPi@ z$h$iNisQD7$8IP<38HZCuKpLBOs#!KqXKgQs0iv1xN;&Yl7V$u{!$BVWB7c0q-y-E zt#VQ1fep(ywM#*Tt1`DCYRT6vaFl|7m4UrlJ~lM=)?8}&*Pw#U>i2eDd;C|jJKw@K$#dn`TV%b07{34ADBvL=NK zyt2ODPjXin&K|rlPSCjU>&&qOWA3=!$G`%vm*L@NX@k5mQ!bi&w|*9mEsm#yujtU` zfOpZc8yyX_Z47Ja*##h#I=Xg`)K?N1#>JSU{L2~5m#&y5U4Ce$qf zX|fV(t|gkLHvjhK)7r;@4UNva{F8+fh6A~sEk`yzpZr=M@hLhNB?!E8WWQjiM9m3{ zEAAtPntvB>%_!(r;;}y?pj zvJ~CZ{_)i-eD)C=L+p&em7OcYKEJbl>b6Urc%7}TcExKWx{lED@Q@n>KjY+4zf;Oy zKOy%Nu|rPmKe?mQqRWJ3blP_;!fN_uGk&!OeQgM-cKpFy?)4~oH(TcP*gY`FUh(eE zmP=EeAEUl{v&~t>d%38ZSE(NEZl5&`3rIc6{O8t>&Fr6Oj)zr^VFm4RUfY4gZ}aHIAjg%Y!nax?*~eCX@gFy4cYmB*8?TWUoHGtP;YSUz!-JZ z&)n35s~6VJqYDN(nXl)S^4klJH5xp2`et|c ze>l@4G_djT8zphB>f%%25hwH{fz45R@!Ye+p&Zk7;c$9T^yAdsmKVW$tF`uk9p>5o zUzWgiAOvhRQUM#y9>z-V)+7LzT8XE1RTBXSZ2-cT*d^jbudA(fLyr%i zx&7c*RQhD41+ckS*1GOm@Lu)ZIE?uPz+`AnL|aHr1a5ww#i!$G39nOMPBn7^4w=_> zKK#}go628uvU1|j&o;scOjTgNUW8pf(9K>hFlNQ)`W2n%{(%c*0h_0O1wr2&ZzMcc z9Sh34Zi8#?o9Kw`EaE${US^;o2hk9^(P+R)=kjg8OHOOdnS#;DKpUsuw z=~cAEOA#BZimM@Kh1Dzm@m8O=1@>8rf09SsJ%8!|uqg8yXGtVj=;8SF+&eD%5a`yQ z8jAZm-_W?H7XnW2CS{G^281o;eqPL5UZIb^tluX$0%xCY@3F+rArE?uZvAGj0(LOP z7+&4x))G3_a+J|AOg~x1wsh{sew=hr9)^TKnO*8 zuOUDv=V4~{9_QP$=j`v_IoGxSafugsv)*T|bw8`zce~y2t+vh0F$ezfEe2*prLcFL z^R#`UG0d7Bz9*>cxiP_E{_;$foq_WFgc$_J{|F2n9)LS@95#NA0R%qw1h z#9ZaxwtZRK3k_pDuRi)}xb$9{_u7J+Zz8XD#q|NpED$$igmDBmpu^&9jnC;9;&*M$ zG)MG`2`|TY%*N|<_KI8tjC2a|;$|_Jfy)OXSqHVGNh|se1K;>7Gu;_(t*1};*E zd%I_t_w^v}fz}>ZhUF2>B{(lF!`_+IGLJbV3N%FQyxc5~2nl_O@8c<<9Go&Z&&leu zo^RX-B#R;kU8b1ddVE!xp3{`8v<1^Di(q}2>mX4$Yv`!bcbH0Rq_8soF5#0AGE13X!W_S1UW){Zt-K{X#2wX;3B*YrnYM?viHt zIw=5Z_&eR$Phy2^{xYvXK$LqyyJia3`A&0ztJ$5V zFjj6+GXsVonkz{ztGc-jn-dJF-`(-#I6%+15`1Mi7WALU3s=w=0*^}bjn(`8KsEmZ zDTxfb)q}dhM0@$-MluiMNcSUCFgLOjb5BH$i{X^}q&84%;@gFiM|RyNw&(KJ67vEG z_rnsJhkVEvTNVXnn+@3?T}TA`sG?kbn-j4HM+Ujos7hzMKoG08_d4jMhVY$;0GcjG zB<`b*NMqu!=%XdZQP*>^YP(`59D;P;tyhwUBADz-hl(3yuqd;(Bwn3pF<~2QHr5eS zNh%LgDNY5Wd1#x1VbbQFRM2d(&@>-@gPp@6e@SM=mjG!r3r`n;>b5&H>nykJWmu-W zG>bTkb+7o(!Ov{1o!s%d4|+PB!`uVB8SOCpi;rGj?oYp;rPsB)ecVxVvTv7E)A`Hq zA|ij5{iOshM4hJ4apbT)-TTDkpVH)SQsRAm#{%4c0q@SVS2i#>?#sgAYM9UmG3RO8 zTTmnx63!yYc}2-Z1tpUORZYI-WBG{wvCpAW2xCudcZP~M=O@eW17@kr*F~KsmzfGl zCy+PAO`0`kx>2blYs^}fy6-!%dg%d56b`f_Cok~J15WoJeRu2Lq2lttpFP>zoRC+! z2QM?(z1y%M_7N(eoIdiju2AQ-6MzK1yP5b9J_$aP=Jy-Alfq-mqjjt6{sEt49}dIw z0`sbNB%YeDN2#(mI|WjcZP`^NiD}M0Ulc=G(4%|1N7KymhCT%>PwRl#Nj$$^`Qeh) z@Wyf-VFDCO!)|Tb*ooK;@pWZ6F?e;YosWH3m!eX;ezgS1h*S|WSFq3{CQFyh<<|j_ zSNM46Wrf*M@4fyhgT`)EX*&Bd-dBngZtY2B&`cpT^Pnppxr#2k&ej8l#OrdG%2hd( zZ;oyR$+{pejUO#{U0YipilfLy-CyqJrM8Cv-?s>R|A2*A^s$#BQF6`*=sXQ$}h|GpiIkkreOwUuWN}`y>UC|q9 zl!Ynmf|;X_hMSWgyuBEWks|92dF>yn&VJ`=Hta(#21=}il+cY%5r2G<0-eWdQ$spI zS%hpu`Zg9GZ%-hA8k%bZKXM#x-f0I0oV1?R1wr1LY}^I1W#jRbs`#i*DKw}XUCf|2 zANC|OHO9yyFUC|c~o#0T~#+jPgB z)E!7pbZP6koY~mBx+T_^Kxr^g^2FS&NU%3EWZt#T*x=BA^fT`%=|Q=HA@@M5J{_)U zP$^Lz@*qie+NbL>?agvIk{6f<&t2QBIJgV>>)g=gGA%DY$}-JOV439v!(D5--jl5t zfchFdbbp*qnhAp6rtTU$QzPlOSJ9KH-9WrJa47M%LxrHlU|&ioaqM6a&7-2lr5x-q zyn>!`D}N-zck@Yw`)iP+vXpi$5{$hdZK<~%x>mLxP~c?0{obwqDS#e0tKotBovXj? zc85Zw{e|;C;VX!|6$k3-Zbq*DG94fW2f~m0eg{$qO@~f7yJ#f1;L#7Go7K8sh>FOBP3IWIuV#59Wt;_qP@I z_Q-a)s)cyQhs+Yw+SUF!m4l>P0RDs{+FV2qpQyHcTIQUk_6aMszqy7nN2t$AJ@DBK zD6%CqyOD0G%$0S|#s)l37zjuSc|*_jMDtZRv$!ee6?g=XE-GkY=ex!Y4Uz%e*`g`s zN;z1@c(k!d;KG;K(3+Emyp|f#!?>oSSEQXU`dtOjbIw zaQS7dyA;|f;j>*Nv2u6+Ho5N*wq`gZRps64M00+)!*Ggs%#h-~@G&YbyFP zWY@^7MqQvhV}Z|=q#V3$QE= zN~(}x9MF~D9beoBS_1?#mxgBtb!|{z+hy@lis3UD?cX0~h%#RVzVr z6U8`Kv{F3(YpB~vFrjzU#bynfduep08~(%)_l|n8Fv7Pg>;gHWVzn6|rT9Ft=Xe=w z81ofC>5?xDVnz~^)ld2SkGKI=o~cS5I%$VX0AMpyQ2oi`-(mq^+l)*%IBdiR^x-#5 z^M~#rMtygQBCFt*16mN|=L1#X_76@f`Ob0M0dWA6t?~*jv6euS^p}FCqj$WZH4h*| zQeCKUa7jSWchHs^3DSbDrvO|v8W6a9m2{1)W~BP^er^bjV4mDqz9oe0>qn{DS#+g2 z^l`!DtXH@uZ@(Su6F51d^-^a%`GVo}q_> z7mv9dv{CuZ+VxafLA5P+^&(L3N0T$0mat``kZX3KKnTliJ zyfZ+>?y+43FYr?S%aRCcMG@;h^X!VnBF;+N;e0vXgoj~MN{xl?D@O1EqsKQ)_q1~L zw3~oRQJX@^rDDcAB_WOd?^DA=Z8JlC-wfofx2N2j*B$H3l3yIx+q_O087>(wIgoKbLJi9Lq`f$s$gbYkhI3 z@PX?Be|R}b9*DE^L|wl3Mn2;5%XItETD5{_G)=&cPlD6(lIgj$ngJX)0RpN8ZcDJO zwQ%Y5hgeRvoVY4i=ly$W4xfWA1%Iv+8#z3$WKa%rLX>3vT}%t_8l%)Y=2BCnP{?>& zV#5w!-dWBkj~Fj7K_WPa=fI$uPw3H8EP`JjTR#(<%y7~R~s1Tk7V)G(PAHi;x{K7zSTHMw=mZUPHmY!xy5Q`LZnSEwaBm0-` z^R5R#FZM8jyA&c8Nk{Mhyyf8xvhe3_!wXb2T;MGlR?<1!<@hP6 zkr9_J8@~zm<0a z#;<~hwMbGvu#d#e<3HiyPjn#CC7*0LE&l{qk7h3UgVz=R#1Dh>CjxHM?f`v7$F(+8 zQ$n#7v(Ik+o?BCrXp}L_UtWa{T+HzdNHc=%?39CP4lL)7{N$pYG~a~$@#|R@jvG7a z)2?6n51&4EhfNOMQ!o-e2f|HHBv_$mE0N#SR7)23Td96AY_r;Tg>rD*fkpJq`ztqz z85UiIW_AsfQ|-yRP;P@CaSeYB_l~i>8$3V;VFC~T>VSdlIwWoMai?r;_#aR4!Kibd ze=mX^Aiytg8a08*$1RLIZfK04hR-R2orZ~yk8&pifT&lqxLvq?tMN~7=#Oj)ev-EZ z2O+Bd!nFev9Qyo6X-$SrEa3JLdp`Zhd;#I6U;*I=DB74y{xYYj2m|k%agO@>GYASS``m*J?`AxLCDjxXZSDNwW1X$Iy zUomL+1W?%8KZ`(}1N0u^W}&wyj{RO5J-t9l@=6O|U%+z=xcm<_-#=XL>d^yVoZ_}T z2H4g@70hHp|Kwm7sT^p)qWOAiQn|gXFRW5Gg}mfP1SR;K@8| z&wTEWhxzkQP4{HLDz}N|Kv7my%O!`4Kl${pNdjP1g*_0rn^H;HPl$HHxA6LrYYcn< z@=ckvCrGYt^t3syk8eF8)-@kXdlqm}yGtRJspa9??8~ciLC%r9%8YBI(4I*@1@)H{ zwinxJ0XQ4Uzd^Oay}aIyX*5gq8%4)9uzG2r-TWGNK8hme9RK~hR0faw=YAnYz{n9$ zW5%ZN#h+dL9>V^@YwvlIsGG`3R&kzT?x7osBFquV!77RNyv6*1(uZ>5)ed*XhrA4# zY`#uxo_MdzbT(Q~%Oo;%rdtv1Z1Jn(iDkj<+Gqg44%WKy$HP7Y8Wt^l)vNROxQ3wF z8VW4a-qjkJkG=||{=NeCXR97~|HIQA50w~{>EW~tpY}2^#NNzUB^UPc6`?OYU$6WW z3yxiNqg*md$WnGuuKe!9sBR%(GmyDIv-XJJPe)Wsu9Ts5Ne_Aqr%@~Ev{;cO;c}lB z_GVi$bht8-j0hPE3G=UFK#~k*1wsAmK3#<}$A#imB+W2fXh{wNwyJz0EddQ&ut1?F zk#R0u)0F|RO-4CRG!H~cT=ti_eEgv9`}U&L_9Zi+>} z$>$HaUU-c@PZGe|tENbKZMoelY~4x4ZkljMw2PH1pP`BsC}xMvdF-1sy_fAu9I+8| z(sF_f!@Ec(XHE`hg8+DS#nR~XpU&tXkmffM*PY|$6u6ygdNj5fwXL^5Dn7jFlHvAK zj6W@prh-y;WPh>9woiCi%2!u&%-68#sOFJB%Fv+oeUj?&j1+`2q0c6%4z(d8aY=7&Jd)-I3@`%ZG?#+8 zi=C6E;w!KGcdNP|qAZlKy2$%BM@IRoS);y-?R2zP=89y+?l`l zzxnjv%3ECr$YJ1uamC-AoIly*pJ)CxC%_6|*747qVgH(F{`D`*q#fKSiv;T3e}2t> zcRcB!2*5EX+bz{#{D^*C+kQH@}(A7A0$J>UO$TmXwQ4{&O9 zYVyyr0{_`xxtjpYBrk3p%J9EGiH{G^KBu(!pQkbZc=7-Kr&of&OcAd2=lTB5%m4CV z%6vM&`5L~iZ~wC|_>&P&TL3ft*J1y!NBO@F`yctje;xKG-}*~m{nbPN>#+Zsnf{w$ z|08_x|6zueiG+;oRgOJM)8_w=pkic&Op{TW9OKwtV8fk(w_!i!Q6LHJH-xy;&;7MT zp^I`*BkOKgnnLo^^Yh34gOC+4&S}5$_?yP4Q{7`?#zm{`4PR{kCIyL+?O_LO#cOU{FT!`rM)QSs3zEYI+nr~TtlzASgI?B z1j)Rh8E;Jyt-arB|2s00;bT#3=26h90X3EP24bOqUM~Af6wMZS0DZgqjdDgo34qD= z@wVJ=ka!OOksx!WBZH?$`%e4^hM+ts^YdPBeRvB10`=CcNts_CDl!6Kq0_3M#P#35 z^I!Y?u#c(H5&Q7e+tY@FMF*f2GjalkuIVM8cF?9N=KXnKH?LARO zjRAaW59ah(h${Hhl`O^K-%{MS@PkC4Pj}hhYkhdEzCYj`PSV-#oGL4Zydfc z*6Qz)?~D5FJvSE`WYlc_UJBv*Pf*^wxPyzjda4gciOij&_7B1@aP04SDe)&>Yz7=R z_q{d`1|h>6lnZ)ioc$gEiE9+myDeeZq<6k763}zb5D;EPK3`7%n&JY+uY)qhw?f8Y zFni@K?lPIje%EX0uw9E{f7f>-p{}S5m6prupy*l=&G|mEnf_ser5E(=MM{XyzS&R{ zn6L~KPn`%sH%Rfoyz;N4Pwdh&fnYAM< z4#RYkfBP*1Kpv(pF;rM(kZ+_|9LARbI+auIkEFM!4`n@)vUfl!Czi-(v=efO9Lg8D zt|`WRNm1R~76%P-H>Fo1g{>*X&qCpTzd;ds1z;*U3H%CkO|p=iLsDJg<4Z#?q1OiQ z6RqS8>GTwHO7?3m^%pL&iaKv*UX*s|Iu0t~5d=N@Xt{^Z zc-E32suC#Xw2{OOLqqoj_O%e6_nLe)d!GkZcpneuVcKlgCfoRZ2XEg{OM6A5 z;2Hx&or8LR(Y=-}bBEggLD=4t`mn@l(V_Cic{ZQz^<^cp)Fm*;Rx9{h9p&+X&AhLD z14=6Rx029h6@)|yxO<*$PS9$4!ipt=W{F$>pS@gAzVy zXU7Gs%S5)dHdSua#dF?70{7g_=4f7CEP}eqkz2R{4g8?La>~D0VMszWT{}uFzh9y$ z50RIO^jj*Z*G_vRwH9I&bX9t?@8r!6(VmX&oqJr!#RMVb6%VJWP#fG^qR@_%*&e?Y zEGkGS{pp^>+lgDs-x}sb&^{?*F7+Ce1|!(}V4%fqMC6tN%i?0kaR;2K&g%L1Hb$xi}cEdo9WjepwN4=&#*NAc4 zDd&^wo)m6%@ahSYbO~5?b9~vQmhY{QFITFtmv+C8f+%p;z-~+F)&6XK@fGX!6Mt95 zi;MzMt)qSNO89y-cq2MY)f?MPK!UubL(GUPyavpQr)gnQdY$use1G=s6-uJz$DG2Q zBlcQ3Pp(yxC2X1R=cN$F2_&halxkt`OhLC4M|EOe7hi1e?b>%A z^nU(rhzGy8$_Jk7V=@LP3Os%vn^R)|+WQkBXDS8=NQC0qg{y6;&1HXkmQu1WP5n&kn4M6pb?3P)!)*IDU7oujsPFqMoQ;_-Jc#A5Q{(Yyz{b#xot>Ql8=K$`xLOrT2%k3;k}fP*j(9?bnr>mXwkJ;?ZQOC zoEuHj#VX(}>9`eJ*Fxg&A*JeKa=r2}il| zgstQ$5&hxT?l4q@8QjD1$GC;4%WTm!Syy`OlUEqo(*U%fFG@Jy?MlSmyRKOZ_PC4} zq~REfrImrDL(FDMsb;srMB;Ft7j+GyJaYyrm|aqMyYn;MKA5KB`z~f|nAkDQTGg_I zi@Ezz&y=2G-NJ2}xKz@=t%^Cxx+?-r&D(hLnH<`&QW`(Aw_eRK(>*t(xSaZWV`b&f z)Kq_t`9^yieqG)V+!Y?4Yhgaq0515gq;QK?f_582B2CA-c+4)Dr2SQ^@=A_f_mYD% zv(2`CXk|M%bQ6uEb&-62z8DGp2RN+F{N%Yb?9$@}_^w6u5WatnYQc-NNQmUo6)v0Q z+%NA=5eI$aL-!UBaVOS0~%7c6O`tobmS|Z&{_;Jyyqw_=c6S zhBh}Pvz)!1bK9*QKEZ1j%}HWIV4$)Ii5fIoP(B3KvB=59!Hr_}+8xz9hwW7pmx6SQ ztgXU!_Q;DdwghzJ=1SCf-D6hmHB+Vic2A#87Dh@vgJ0mkLdDukU+k8oX4YlgZs@{` zD%QJBuML05ahToMT%qHCTEo^~VS)%Ho2Q+v!qXZwo<#1bDniy)LCPa_tkMtVJo!<-g0=IfX$_aa%STmgBL{u_LT#g zIR^DcgRiv>+tA7d7A>w^Nw~#rt7jj

(828n8JOV)eGCt}gXoZ`=YhJ19VjKf4( zIg+R3>LP^@TFZy;xFklg%WrkJz8p#vPr+qr-!SKZh~<)vL#%hbV#i`N7aqxBiE|n& zFS>-%atvK;JXxHjZI$(lYYR)P7;!P)9!?(6kcBzk4$)As%Tvv5x8;>V-0rq7c55-B z>IK}H@2R$u0UtVKgyq)MlB#-uj^Cx?L~460T;}zcw3CHq9xRmx)mTK#S}Q8Gw32nb z82UwqB})tOW|;hSsGa068+ydC`LGTlVFUMZHyS@-eoRf8sbpzz?lx+}szRl$**8GV zZmGA8skvFmulZx$zGq4JVue?@f`L{@OwKP082qFCV`}MY7B{rerKH)Esr+3DTGI+f z>s{kIgI=iw!JDI&#*4l1M9eetW$IleD2I)})DAl%9Ea%<=3(5j0sGFM$vK7M_ITd+ zxEC8!yBD105bS{biYtefbzWL#X3FWaCl*OjOpVgYBTTz9r;GSackaX7tF;y!>L&$i zhw6n}qQrxV+Sv?A(^D~o_1ht5o6UICxfuVZV|AG0G#IlGb@Gjg7cgyneuTD_)W-o} zF1H%O)#gAsHqD|NA$hdiqno{KcjIL5I#FbhEm_7@ka;buxD@48I z19mg+3=Df0p73*tn;$4{(Xp%jrl3}AsmW!%y=9i#1a=T3U($ZA`rH=H6|3h%6ave0 zx`2>7x6*4aAB-2K7^g@X!z+N;D4>qhvr5VB$ab;vn9a(#=C;T+tmSFdh z%bcu+eMyyIP`%6ManjVayA*Eqt*IuB?_zWEeffQhJa*sn=e;IC>GhJg03mae@`CNM z_&KUl->a>^R%4C@`cs>VyLifPEJ(9~z3UjaAz#Vy)43bia*T0-#~O65+HR?8?S7-r z_sI^h1aiN{im;jOkGLcPc{SucRt)nBA$Jp*N^~fZjGDjRlYR^to|beUz5}aE`5toa zgb~*irw-u}!gb&h*Hl+#*0xLb!~DzbMceo3&gom-`P^9y?olC7O`@%9<4r`?)mf%N z9`)=@`gd5Oi0zQ+5%WqE(Ki=+Ezv+9t}#Sz9E7;qHbST%`uhaSg1?h%kY5SGlA$14JbrZF_jeVMRK=Mfnq&}Tz)!#_x ze6q+OS=y#I&-apzmyaax5?EBm2z_A81Y_zkZL{L%yvos)m^@nz#nq|u)dq@&`dE&l zfyJD%YSHHlRdYhQ26ao%pFfhqJilNkOqYZmDG-LhL~Ne4xZQS~oEHTYyh0W}`qQE% z_@e&$LA^{sz7aMvi1z8VsJ>;xkO45VDwc%^H0OJ5MYIJj|^{%55xm#6;01rTXY ze1_ULot}G8S3acKA-5IU;p34w^JM-_AG)=CqRl2J5thFJtN*)!gJp(SFDMql3>w(W zIka=s&!c^LG*8=5EqVRqS7@%@J+O3PtQkinY=WJOs0J3l!Q*u$mi@Jb?ZK>XBex-p z?$A^~H!rc*_qn$SYJ$CqC;{ts=tb%MoiUmw%ct&(6$Uw$#e7wp&%Gr*3b5gL>CgAW zBRq+-9_RWEb&@;N6zEjVafQ!4)bfq)#jnqprOZ|h;d`=lwPN@}IQb_k+dg~^G!F<}3IEs!MzgXil9>HNUQ$WvtS5J>!d8g5MVB%}=1V&oqA@K8O<45g0 zCh@93()!GA!1#r(OkiQ9r!=Q-$&SfOdxKli_QtwpP_7xN^k_S}+un$C2Y1GM;LeB> zxk&%xG;^YbraolBVnib_gQoLjTywEbdWS7zB(}LAUcjWt>>fE&^JYfk(>Urx!P}Z2 zt!ZvpZp+6CBeUGg9`q)@31=+mYR+HCEw5KMR7b?Mr=Y&+!0{Fx8YCo2dA~&?5c@Qa zIR?D|kC_bK%jA3~c3%8hCPrvlGt2u1SBLAyyob8>twj2+L2%RL)Bij$yZLm5)}QT6^|ggmLG?G#wkQ#6_*Z)SYqkK?JLUE$%J~lz6)Yc7H_NUWz21FP8<&Iyh;@!@BL}w+HP2@56 z?o4XoinGUc=wkP2G_HyC;PgK@oj0$74q=a13<%n1vVT9$@GhiYORmc@TbYa2>Y7ct z$5DHilx@wdCj*{fr!YEhf2gX#iFdFzVq*>`;$Lo-=YiyT?TNGi#Gt&$Xs~bDT;XTC zqv*OgWC!_5+I#ZQi^S%^uM-F{zQYrt`OoClGtfx96-LkdTH$ z$>kf`U%inJbH;4(la@~R9D8_N?|{thTG4HmI9tM@qBDgpMbuMY~ee38g4WK#7 zP^xA#D6TXM#439*X!~k*=hmuJ+3n%y4<{58MwTt+O4oPIM0{-KrlNco_l;}!nS^cD z4!0LKqk}##oNG3FVQZDxzdH`9RRbBmzB5*^;S5*#Ql%`T$sb{>8`*z%Ig}BkQUJF} z=NUDR%(=jnE7Mp6>OH6aL({f|Yu&!vO#;IwLxF6^!b?US9<`#(oz1#aDKa^{iMwkT zL1`{L^!y4ulq~J#M#*;%Tko(F!5hJQYi;oL?%jJw=+9bn zYdn-eYra22b5G6Uv<1!ZT9Qjpp_dzJQJ>d+%uOnlwD>JPzHnGTe57SxO5D42VW^T! z@938*HS}?{vF=n$Uw%M`&64=yyA;VoSVubA5l@cm;J(_EH!Rc6?F&E1<*W5fc`fh0 z238V2$&M6EG{2$tF>5=qBaU3$SueyWv%!-Vrh+V77RH%I@}*e?Ep0xSnYPk!C~lDDN4dEte=L6H@0-x3|dGnV;L7wL_d>S$if z$X-R7$xz^;|7Cp9aR+ zzEnYl^IA>lLLioLoJ9#4i*A7ypavMFBXp>G1>OK+%R|@Qtysc29S>4Qs$X${mgIxN z`^9&w?+jYO8Xx7&05-7QZ86K%vrHp^mGL|KNG7EeN;!TdnRTO!B8~b|vBy;J1W1T) zs7nSXp(jqFh8N~|%BgKBv<^iuKJO-tLQi1F1pBfBp6m{ILX55Ag!3nZh6Sw$`!uv% z5`)5v8MB0my>A*|PLj2ncUy-JK3a0VF3K-WP-UYny$n4f>CJ}%M%|an<(pb>g-lt?zYj{dQ$i5qZ2Dws1ofdb55kz^3$uRwLOkZni0`r-3XH;!;r^*Rgq-js*uN z2rKDcF z_>zSBOXo7ZAs%}e#8)L=tZh%X??B4gBC6i^smpxn3j0;~3{oBF#wDkSVFmaA1R3Odf3i%)9aw zb!Qm^A!yrVecYaBk}&B!1Y+g>1pk7DZahGWgg4n;>1qiC_X)V`?!hkHN4qMESOgTw zxl~1}(wCxl`oN%5?uvAt?-+u0BZaL+lG0c?#Qn*m!Ksaiyh_6d(z9!)(&Zz@UKYE~ z_uW_+a4RO;mhLf@Z49u;E=5wgqR?Vn65{BD{*T_g($N*A$A8=%s=A#+GC1fjBL7J zrp=^JOtB!p<{qC=#6L}^rY67xI3XeEQ60BxUaNQOd6MK>Ul&hv1G`Y%ZR{24}ro3%; zH0Vj)5luqXPytiB)1lHrWuh)p389>qj+2NuaKiO0+5Qgr=t>=Y)ohyFO@R#R{NzJV z&he0Lp5zgq_nWsMs^leu;cIc#G+dTIwZNq%LWxcm)9TK4qG*BJu&?guW~6JtaPxZm zC?Qs77vPTk5_yt-nrLW|Wd585wm&uIC}(mBT88WR(aC1WNDws-!O4>n2FWPdN3G^8 zk`@g_{O5dGW^q~UX6JauQ<{0_{LJShKkP@qa+MUaU=vA)eQIr9ovYC&&WUO7baQ&e zky!|9(>pT~mfau9ppSYd(X&sSl@x3Y!V+yccUVeD2x=~&t4UAR78BE?Fhf55V2*lS7B6`de#Wy;xKmBi*RZnmh`6u-7vT?}&~VhhYW z?|8KqVu-Q5NL~EI$p!qDY;X8|Uv5A#dm6QBMVu9S_Dy_g6Lp`Pau7%XG+i*exbJ3+ zgyJ`Tgv^TyHX;IGsF_k{?}7F_O~oLHR|{{s;eg1HyZUU8B<#y15f|JzCl}P`t6vV| zJSDv<|J+z=cU|CyS@xtQzT7PjLW!qe8^Z%1LbU8vSjT5|c$N_+sGq80FQ$E`utnKw zwQNI}t^sZUN5#Cc=p;$MJStnTpJmcB#TxH-N-|{>&*Ywl6r6;#~mvqYWb= zUEovb)IfIm5}PFC^j3n{x>mA^46i4?W8HbVxpq~T$x3UQ z{Y}`4*Z1x}b~7v^x}z-tG8UZL*FNu#PQMOucc0 z_ORCM`djRmkJR>`UuLiCi7RO~OTtq(2t_94lGQ0=gO2IxZ??8Q@;olp$;*Bn?zMf- zdX5K05c+aKahZ30@FTrZp;Jt`prNN3fG)etzr9i868kdQb_ zR6M`Qx^TnJY|wDgCtLF;I;w((t9t!F)o7fbUK?Lz{uHxNl`%WX)z=cAXLJfTxPl&C z8$U5(Nuj}2H@h!*JA?EhD88GZpys{4wi8;wcc|6mFsN@DNZ6Jg*3vDv5);H!<1(ep_2@zN z)$*sK{NnIClTL$ahW5nqjybQnPO4H^jo#9PicR35uA!CfSxrfvXPmp1^forR2-|KS z1sm8)3rUrwB8$q;u5sTOOBS6v+FxLk!5oNo$8bQntjx7_OKTiU zDQqh+=qMM}Qp|^3X59hOkG)OTuWH)W4o=T81vrj@-EpEqvp}tY;ylZ`lt{#$(n@X{ z*WVS84gT)pyiZ6gwG(b_3~Rn^|hz8{XyUkR7u)JGrAj<(GB26(ncuxxqws(8UB zmJED?NVN=g)#j&i-MyVPRb2-hezPu|cA>hZoN_R}&{PrdlvVQb+YUbQ*!&ng@0muC z>(vV62hvm)WDGB0TE+Xp#;Wx_eSH#DX@=v;E*%QD@6DQEiH|Q_q!Wh=uHe>0KsU&M ze*MOiUkf+4k5IvmY4H)4bXhXF=sxxp;7Dp=6)m8*vCsa|sIN=OyJ(EG{LM zG!5D@T+32>X7qW3^Ni&L9uC2%=8$jn`*pl9BF-%eO=lRe=C&b|&?_V!{w4A?1;!Aj za}rOpJ9vd;Ys37ki?Lc)lCP^#;2;;!4ecVA@*wQv>9TStH3XictAOF#8)sW23qtc* zF$nNlm{Cpd9uw4z)|XgG#9bvygQeSiJLecRh#PYVt*|~o6&Rgh5dwXUL!R{V4SOTp zn%Qvm0fiRgmpLE!=$t&yx{t+#Nir>DoSsYV5n~V1_7w4sH~P#X*Th)a(x87j)2FvZ z`gushfmB}@58idYz_`a|R40wXw&-}vq8Ua~YH)Y%B}<*Y_+Uwz24o{g==>Qi{m0WoUSjL&-! zRa;#fl=&#t9xtwEIIi(INkXyNofu1NilN;JTKB+my$SLup5YTPKX$u3tDaEeGIm&N zqc+X<$e??w3&&iF{QQM+eUbIT`O1EClDY)u7>4`7Np%`>ZDaJ8%G0IfsYDTW*uRha zGHf4Z9-bVr9V%+l$dqK+>&VXUOn|=MHNkSu3>1efoZ~&rbmLdeDhu3(k=J0qS!@L6 zL0BYhf=Cpof)3bp!!hqFJl3{j!#VuL4Qmg3d{F(MrWbOK=UENyq20Ba+C@Tny29Al z{>g%oU{>Y)45d{Apieq+F|C+l@q?_~v+;%i3ip@CBdUv?w^n67W~(scKUXKB25nx;Pa`C2&1mD+BWfJJM^{`6$k&R4YtK@_&`v3F4^AQHp+5Kx4n zHl!`ZJWBFk+fjhEVFcbWs!psk-fM zX+8e{r>-rcGUujuprfsxDXu+YPw?pZkVeg3CzM=BGs#6L#^yj}o0I4_!?ARLAhy^D zIX)xoQ{7)^B2fK0zI*4v7_9Sn0U#O}nz}!=9qHO;lls^g-dE#ZdQ-mwU=x3nv;`(# zk&ly0hd!Dv`B=ycS@m)|dgdm%MzJ8;ARTCW`?(}7?T0bfEy*wT>@mYRk9l;ln&cO> zBke+|!NYBmaGn^l{FDLaf?~+IxOJ*@Mpv88B9(95%8A5Eq+^n(6FXB}@7oByD=AlN z-x@dU-NH8Gnk=3C0G%P5ET4$^lJCjLZ3)F$_XlC|mZ?4|VNAB+8e4s|QD{Jh^^YTX z7E~jL%wCwqm{Yh7I&YDeM?VS59bb353z0^&}_<0eie6+0|yjLr^Iv zz!1fwU2r#d)*+psQD~~{;k9|JdZ_cB)uREuI= z_dXl~{&O#j1-S>hUbOHh&W5d&fFXw1dx~1@Iyd--)*gtf9I_lZ zLyOs4O}sD`S!4HDC|gVY&DnOlLuF&^?F9`Y*;;kh;xOed+tAfI+P4<5&$redhFMNE zUnp}r!aVwt1{^w~1o0W{$?fTHkD(P-=&ur}@}P*QLaJOZTm9bCi)cuq(!^+(u^1B}M;EJC9!s(s~wB&+G=mWf~hi#dt*( zvE%PKwZXH4u`4Cxb|u{Dbt@f`rmc!7aA}#0q~?hO5ZNY|~P&NMRzyU`r{zw*WbvQq0bJ2@_0+!t&S%OeYzsswA1XfAcNY^~QjiQg6-xc~k7)w`4< zYMvCN#qz~S&~53vF}qfC$Z>0eusfquXc|@_WF2>wQ$xP_JMf@jB*pxp+oK(M476j+oE?FsVaEEBGq%% z!J?OY6lLm(3+(}P9~|F)g()>z=Q>U=wgghQ3{?hH(@yXoIleUQ6Qbw*nC+ccb_1QK zBp9u@d@DD#l_K}#S45S^<&VielW1y8F$C1!c{_juM*&-gqgi z074QVV%JqxYe+Muwb>@FSKA%eIKrcMvwExTi*<=&DaB{6942Z6w5;MipKddO*;Q2M zHiou8XnWda-Kvu)ompgLId_g&mx3q6J=s(y2honqy5?D0Kc)lVwYFz8fuZCC^6nh9 zJ(m_Y7rj!SU~kFL3(x9Zkse*VhBpsA{0Bm0vSZE@x19a@9A}&=e*)RMJ7!_Sca8Ih z=kB`D5Sh2@Vi4Z9Z^!gUtZ_zv%Q-&ilUZ!;?8&dZd@xI@A~-*yM4nPl#N0w$OuFcD zv9GV3wDjnr0cowH)K~e2-t}rH_*lrOR7L|S$Y6Dm2BK<3(PP5}MMk7c?^}xK4`xS< zH?nMomie4aSSH2!)eY0Piz;$zUAJ-zc5(?1anbfu)TlP%C@Q0zE-;G~#N^6M^AAmF zt2K~uKzq3`b1WO0Ua?d0LuAdY=9d-DA3<-maFsW+ybMbJ@}#RvBWrW2KH9XDB=bA9 zpK^7Qr2D}K%XwtZ@HZDf8MeD@=|}B3R8zP~Lry5^+499I-E1h5eXbW7Z73JqTpt!- zH#Ofm##uHsTJ45O+($mcq!3sGdB4%sV8>vdGxsjs@-F2~u#0ND zLC7n;^Dvf|r#nM6){b4d08eZPX7#;F&!t%~x9>th(rEiy<>QquyF0cYGgM+DenTA| zs^_#&Tv8Ji9u-QQ@88sqQLDj*Z+qx5Lp`rlxMy*0ncz$^xq zz0KA$Ogm{|mZkZix)&+%VA=2R^!1G;>FabE?a_d(Y2f&0M(gzihQp!G71Z<^9%0=_5hZXfbV`HxgvX$o~~gDrg~m2Y87 z8i(zxg!;)@TBe)Ax<}yD48=1Sakrw)jBOa7r;rzn z@Ri!1bv|i6BEabbGFms=+fC9a7D>{)bVzw5xp<}`_IBZy9%S^*O~xf3h8s^W*p@TN z_xhJm7Zc!4V!mD0~t*8`a;7jVr#!M^xApfGxaEB zzCO5^X$IAHLEwI{_0>`APmTI;ViYsRzUP#A4ZCsR&RX&S5 zjb2;>=oqkLc{wHam?gU%R7^Oo_Vi z&rs?y&jho2vjIg^H}8&1ia=>K5;erad*t}p+aD=%Q+kni5OWLS&hM&x4rw~L5Uf_H z?TN$2te(r1@iz^hyJa8F<2&VfFF{b0BuCXP4%tM($Rokl?E(H_fP*? z9(|_*#&_#QS3sE%QP*|6gpsZ1wC!YTyz((rB+b~lP>*l6uTaiSMjM-Pr&NO8N^@`b zdlR>oHk81OWQLxFF6FW_T^!ko1OqqaU~Yr5`XI()b@MNs5P3^_+$=o7xar3|aZ&}Sbv?wSIaxePQ zcWzUd;8~r_r!aBV>b(-#-uPz3z@5N=2&&MM!mS9<9hXdHsOdIwk;b0~y&z3tJHjO{ zr+Y4Fli~X*m1L5Cl?L2d|l!e!Q=5`T=3Xr^6i5NazwRTPqcv8%$ptkYi zDP(W9p-|<61d-fpTdOI*2%gO=$XS%m^E{%vAm~>mPzz;sIn}fOq~~~vCjqp}4nWo$ z=qQ%6z%R~zF+4;c zrMQjt9B*u3FjXoIvmHP%EP2t&LVY=gUD!#1wU$|8?_H9GyZ)hgScvof-YVWxyXaZ^ z0=&H#gLqck?qPFm6U>A*e@f@_F+;vU(&rmnfEtJA&iq!$v+hZo4GmA}X|qc6(dQd1 z``C(8NN1!nfMWmvdAH0|!31J=Dw1)QkIFoR>p@#o_$8v$kx!7+FY*tu%{}ymFB%Y!{Lfw!<>2-!vH&9OdDlh`=BGc4 z6^C^+;#Xu+$-Ac)tOA4O1F0cb^R2uZEOSQ|P{Wa;la<`s1>bCYElY{B*r=00<>~YN zuu3pQ0vTzK7so)`iDKsOv>HAk@e{EvhfYbD$6jInjLUWL{c!yqOdT^-46aS`8E={A zvx5?<871rSCjW=M_Y7z%+u}z76+uN1LxjV{mE7snVtnyYvvUbalk7auGb7SpOHZZs)^ax-$Fx0gP8BE-T{AL2c+BLp z)O18oR`v=a?EZ-x?r8Zgl9hCx^u_t=w-cF-wI%V36kz zFe>=!^$C|yvWU>Kd~H1J`jhQq$iipiRjGw0U^hX7tdJKdzL2x*uPXRd4W>oyC{^){ z5@6dI8byl;Cma0H_9W81qb#?DT^%wK(-cSbX^KQ120lsTgB^^&civ(|4?FzD73nV1lG=y_lzfAiiuHvEx4xVK; z;}-sQv-~@6&acdVblQ0VlA@hn#r>>xqy_MI%C~5dzH0P!*n26@Dvh}{uTpfH8;=Ds zh+wPULJ53#Dwu2rvI=wpd-u2;Z9|yM+Dym-b>f9|=!XK+{pW703#P6^d*c@sNM2_^h%XVj>)&<_!pj@fw`tj7|T7YdWStyeuJEG7Sl%IN1~ zo71iNz3ORY@t5=h+kPcwd)| zhPNBBJ?0u9%ll(_YwbM;s>P_5HibxRfgH?E>W7SkJi_m)}DbAf; z>RVz@#|D*oHqa86WN&P%f2gnV^;O4XB-rjNzx_Uze%qW^;P3;i>A1}3y*OD7W$;k< zI3(u|uYjssR||{7wrGTdA5LrpAMYYXP%>-bcbHQO>+Y}ySn*2?3mU5^Yb0pHJMBn! zS+Y@mNIEnr?bO0PwkxhSg{Kn+RfNe zeBFyEd9zzqvb)$78a7=4oKpvbQfIm$D!`pjHCa~0wkD(s>2$EppahK&DwYyo7OFD@ zo5r2@`H!Utw{$?!a%_ZYBt9Yv6k>dRGaUT;Z*R37g503v_O$>)m!BoIA|?A69ivS1 zA5{$@v`2v>P_3cjw?)&9PvT<(BgM`k5cD zXxzsKBqA!Jr~fFv{}2AyA7f(s0LF3Snw5eGAXI;+`sTggd801`To%0wa53ZT&i|uQ z&BG=n&mIncvH={O9-BEA`1|%qWe1mEs(^}p(J9fN+VC&r__rEv?;Btojh_oR#}8Ge zh*~G}?-)<=cfjT8I3@71hL^wn=Z*F+CO&MB;w$@1t?E#a+N8&b{2@qve;1_D;AL;7 zZyb{T?-uLuZUYzxl}|&u&euN41@z#{RUp%)D$vDpZEQ~Z}qG8%0l_+BvM zekm;f@1pb;*O{Kh%ELa_m+q4t^v{AoSg6s#`Aw9pe-6o9aL}1IOYe*e*?_}7hF;%9sE$)w%4q9`Za5B8cp zrEb(C9bE<1B7Ty``vpzU2aNd@^K8E}EbsE8LAY%uB$hV)_02zjVlK}HQ~;0dJ779Rb2h#I`*-}}Zpg($UG&cU>EB{_ z{^CJE%*;bfh5vo_*TngkmIbEZ|A_o2$NrTr|Jsm0|N0+G{daEqomT&2slR8Wf8G5b zOZ|_fenEl%ZJ>W`k-z`ze;eo*?DJD${grh8KV&KK{sQxUlf!PZ#T@1Va{gx{lH~#} zW7ymiX}t@lYa>);7&$d77_Z%026 z_w6z_tb-0ka%^W^i9^KnQ5F0nz zSz&|=LTxjVr!u0cWoeP$QO<3lM$OBQzHQ8YO5Q2Dx_-*>A3{je0>7G*l5eo9sxKAu zl+}aL?|~w?PuclZ7tN3N?xmhIvnz(~&;hSdYO;q+%^NXo=ayS)_a?GTL&`xYc!$-ApY=< z+kHm`L&ROj>=~tZ5bur)XX~h6fLB+|be(~aNPKT4PO}I^*hIj5q3Gc6)6&XmdWB;| zcLl?!?djExNeP+l#`9y@2?J8)pWzqU8y1xzsY}KE`*|)-U#>~TL}C%z|J||lyYK1y zVVlDiP-A!Faci=sug7HleT*4j#ph_f35;vc5ai?@el_wm3m+YH5I3JfEx)7*8qij! z(*mzr=8NRV^*2Cl34& zH=>x_J$wBh8O3#!hx|fPZZm$x5|QUncHXdhX+_%kuzq7>;A1c=YU=ueRsaKfX@w>9 zBm9dY2P)0-^P(LhFR~@xWsC`z44Tu2KR_vk7I#Z4j+VoQJxV>&3kbte_Q%FZY+z;9 zscxI;?@yOKoVxwEO1<^&UN1Y8^6rUA5X3X&wHoYdjuL%VGSe3B`s8IxNYV!J_$AEC z8uxKFErZ@pnfqoW_%KEB7AY4z4u7?54Rm>JTe7XD9|#0a^ZQENIy+_U0{t(>hib~; z!|T=uNtgQ8i0iWYl#}Ey3;sM?|1CYQvVj%6R~^An zR!pxB+RJpN-n@B1uKXhpjU@^GMX=9iq6ewSE67r=$OC-4PxkAC{WErNOD@uIf?k8G ztr-a)^Wh0EP>V*v(${izO5g34fsTh)K%PsuK8#pGkUm(x1K`dIyp+IlyL@F@mU7?v zlIyt?kCfmf)l4S800>7Vx}DZUa-Rs(O2t5 zD7`OiJ$hLu9KY4C8tmvgjDg^mLqQwPJND=<9?(~93w39>i=7!1S#ig9Zqu{b)>enf z7}kbd=+!y^y(UMVbDd!w_PV7Iah)A>JfVWr-Bjy*xVH$YE^2lv3)YON#zxd3>P$PL z>ObsNtWP!Gzl*-5o9ZwcKj()-78+#`3|Gc76q9aS*zM~X$l!(2I(;O{N{ZsngMvM2 zQH)?{j&?9g7bNMGCq@I*#@)n7I|rsEwCm~ww8&{mQ_Ozm%UNE%hh3u6AHMW|Mh_O6 zw}){AKvm{9f>;g}1`30Ivf3!Gob9qYR@pDfcS2rzv$8#e{Z4A0l?WNgNIYzDco|D^bIK%5*zmt;_E-3xJ!aK;%o>Q809r1j4 z)Pdb={X!6AnGs8vd~N=;@ucDPkJRb;Wvescu}ca*C*EGH%^r-!$s~7YjGvg6!yT&vReLw(g51K3O8}pVBUT>GH7r30Z~CO}C}Q&cGeQi5gPUg+$E!v z-kT0qUg0%I5uaD$VlD{3V=9?Og&+1B)iMkW$4?xzNy`r?=^v3weAn#yj_S3~K^XrL5QqH3#(Hr%CmyCBd!mAcV2&XK*flN`p z6U=4@9s^qZc9U$#gZMMHZMN{-QhbspZ#52R2*v*Nz#5Hy)4=NWCf$wchHu1TIhVy6 zui5bNnIc8lWhP;~YDCw$WYE+1)OgZ#8nM`FYhE>lc(H!-h(Q=1{FJ(!*G#B%Upn@! zY|Io{g=si12WZ;p{19%(jUU_l+>v+?Kc2Q(<#pf*JI{HTSh#M7P*p_ket5!$y1w67 zo941&aaltF9k`1-w_h~=#_*eZYv*Npg&9hu%i?!sevb{lA}i?U-9khrFd_P2&~NY9 zQILsUgLEFseKFW%nlr!a*a=WQcaLuS)EifVQCN{=sX~fHG9>6o?}VD;4DnhAE#UdOWKoU1XFi$BJh?OInqnE@Y=|eS@huv zJneGTwYWe;1570qVMnTmkyzUu?JH3TmG>LL$mAk9w5Z~YBM0r^l=PMX=jsR}9ka1? zTCE+4!pPc{U==6DHVuYPrS&gdV7y-ZmVuIcBadNjGX!N0$k2z4ndX4mJq@H!m2jTk zU7L!6ICU<10`a8yJNkd(MW&H21OYvxxENQm3as*^Mz$Got+C;Aw&TLsqm`;9XBY;Q zahOyFQ}!P7lC$q2HId`yKKI7+ z$eZ6r@B0*h9=IwGDK&!^+{QaSpYUvn+7jBhs~+SVh`46U=5uT2d|JwbbC~JQ9|E%6 zJWy}rEYIm}xwmi?sY$E4<`68T%*qo%k zOvQKEg#=%fpw+Hx%SzqA9q&6WvupQ;DgbgQm$#46eFj}-^#&M4SF4$lWk-9m20)go z%+;xeSwqkD!c2Mnx&&0|J4ac(7+t2S`}hTr6?-KgF5N-A?ahmVy4WsQWm)=J>b%|i zUKUS4H>JKex@_8YURJ+`WJPSY{XtU0+hsm^Ge3miDbTx*>loHatK`H^S|qk0_I9vS zqV>ehs~hL>U7-<%h6nCx)ne>4AK=O6jFlN`FZRBkFBx5MNaPFeHpvehEj12&zOki& zesE8XFko#%f}ayczYFTL)^T$lxYIcsl!R(qHr8FvtFKvnFz(Q(Rc}z??gz5ugD@_h zBV-$M80>iegXg4rRPhEo4IQ72Zflj$+8tPSQJ=tBB+`{q)Tqo?G1t{3X}B?3G!%|5 zCa66mM?K~%f%Le;gU_`xY$A}>D}|u|%dshct((>HqN!Z=YEVUS(pkQc{t+esrc-oZ z*=_eDhv%fomuWcnC^~sFzz_LH(azt5DgKD;%FF%EWjTP$CNfLypTV3N9)KE>7qOH% zWmY443b7~NfsWdnJZ|`L>YBV{(i(vOBM&tAi)r6LVYUiOt`pUaiG z=Pc5cYlcp5hHoW$@+%DG=%X>XY{)KiM?<(4ZtE}$@)47W4Vwm+7Hw|&cKvbI_OLXW zk(DHNo!qmThBYe~1Rfv;SZ7++mPvVe?{D<0wp+;=tm=S#d6Kp$w1ZY--=xkm0|?YxTb{IEFoJLJ8S zsR$tG%572XkuLBi>Rxk-%|1oG(C2aiqnp7j_|oeJ=f7BGpieTy?eU@OA;IQ^L8|x( z_a$YVwCWiE2ZtzsU(RmH;;7t;oW0vvrIDK!LpL;H z1=`xe;Vo-tR^4E!K|3DRHzuP$`}crE?WHe?Z%3WFB0;`so3z@Fx{TN8mRnDmzG;4J zuD@;uZpVH|JI&a~&Eyn|@ECRflGB#JgOlgvufKwUmT{Gfi%S?;dak%jjlQQ(OV`6K z9h8hW_x2>8BT5u-DZ$bqpA!Kyt*0-|BtXcZ7qNJiN#e-bqz}Grd1P~c&F1%d-rZ=qS6Qy&Rat3|Ios-Y4 zR5tK{I^M&xm59>2(QMKE*-H%at*`54pRAtu!pK}#X5AmnvoOQWGF!yr8Nc{41B^wN z9nDG%c4uNLIoyj`i|hKJ@|x?acVn`{qP`X$I+l@%(qb4pQ896v>T!9l#+YV@evxye z5q@Dr%&o*aJamwqE}6-mwR5qZn8K`#*27VYqZEXTd!}& z-U|X`J@S4wTP*>%1hAX!?!0!-)iPkbR_Tzqg71Ae74I^>dR*SNcE^3;&?`FI#!#@i7k zrYpGhMY*xCd`tWS+i59$DFPRgfG{x5^OB^&q7%Io5Q>oPsbQCU)#i<@xHogn0Ny4| z5y8D|@#A>7h&kczT3PiPsq)gQeoaEt{7KM2?uoG)~aC3lp$ zVaS?zcx>qQ5~C)v^=&t_QcRv^*^Qw>`KFwV@0U-U*2wk@w}ed0BwidtKWY5Vw1FEv zAmR&3ta`_E!+S_pp!jhP7Ksup9(HoNS@ly!!iufPxHXr#i!goZ_?&@aBIRnez`%HC z(HX$(+45S3P@ny(U6Cd1dW%b%>$(7@Xm5J`K#J4d&;s&u(%~`kXwscn&}@?Hdpyh$ zf241^$&(jgfl^9+^{uaIt76(8La)$46W{+#- zCdr}OT^(N4{Pt!fB9Cb{CsFs)zFndtC}eGt>s{9tU_EfSuj&clZ|MZ%C-KqPF}W}S z-L*tRAiw>ThVlNS0<-0vkY!P!PaY|m{7XcZr-%u7nm(!(K>JRh)Y}rHkvP@UCn3q# zWNsg+fGHQ?dhuQ*_w^iPwHL-~pAVYj5%!0sk zZz|2DCWnATcGd~RS5!CIKS>>;NR>X^0$tkGq+@s#q+K)pgJU!lq@A_-I&e5dbo5ng zZ?iR}1Yn`u)2>!BTO1ey#XJ;Gc~6oUds$Wa{sW8~^P3I%vW14nPIz zmN|F~pbh-#t47rGFuf^|kRgDim8!9XbB-mFHE0=n(hiMMO)m01^bp)obHfhS@jV{% z)a6?k%2n)fbNW_;;DhA^Y}M98LNyl!)O5{`jnP4akRQ{1SeZnj(@Wv}&)f2!p{$Fu zsXhrh6|04 zJBvLAIGKH&_K1R2D^{uxwJ$9RN1GSPMUFxonCbe2Wc96EpFLAOJL?Cr&V7~r%#`m_ z+$GB^(fcpBThH-pH7oU%-hpRs>;*w_9Uph~uSpQaFM~5VQvtzq(3!4aoJUKL`x2vy z1W)~!F)={qD6t$k=oGF5_5ss(EEu6Fg{pG@zx47 z040>x?IY8pUOnkcYvjf}B~1sc(_&Sb5a5NsD;X}5@gA&t+0u2GGr_!Dz<5KH?s4}y zT--s_!zj)A@q%Y5<1!{&reS=B2C!vvJ66b+todM;+_1xZlM9OQ@X+dm!BygQ0CpR6 zfAg;7I~G|o;KmrYtJSQzu+u9ci;fa~S+s@0e;9Y3r5{h#%4dF!gKz^^U5(aOLT~yr zuiU&PO~MeSe9S$=uv9PGI+9nP%L2IDWSX6n%rnj3j&`H-HhprFR+YJ@EqY4SY95F6 zW>Vx61otZ)y4icz&>u{Zmxov56|)gTa6Xz(t9tNHk{%=LpR09AMM}i;T&nR^+vV~0 zn09YNCNu4nC`p&joeAE(QGANr#_T@U*{y{Ko7yFI%m=rm01!ZQ&un8Pm=v(Zn;fFT zqrNi*@0>ly8JOyi?CVK)~x^jO1yKIK`TDx=Q`d}qceyKv&avi_{gxT>m z1@~&qBu;T|6jW~Y+mMvUXJ+kxr5CywC-)Tt$;h09glEqD!z8T%PT-MjatpZnO1D(O zn2~>G_P2btBGc{*+A!yu9NlsQVcUs|URI-*0n|ATo~NgpYIrr@kb6~#@A8wR1~GoC z`KPuHueEIVlL&%w5aZyb{kA;!&zdPU1+&Khsx1encF~)-bLq5tuTMr%AOK0DbdauP_2nm~G|IREwD=|irH_;r*#S5_&upG)M zv;R__mv2MjviNB|8G2F3_E1s^J;_Vtu{Mnknc2H?oiP`?gwIim+786+owvM@JBk>})lq2l#bQj$Zh7y^?mc;MjYbhv;4Jo| z&m8)Sr0UnoQ6U?%!N+IE3_nmnd0|?ofQXdFOS>N03NYOI!`a0_OQllG5{A=a=nHRt zHSL#}oWX`m8gRwo+{$&aWt+)PntBiAJH<>9bhZw&-k_viCcV~vWYf@$Tbtjwr@v_+to>qP0Px1; zA*-~+rGy4A=%hIsxS{jz$z~ktYLDVIYMAvrhDs@IbpOGL$*iSO9*A+^PNHV-c*)YM z>-w;E^=3jlJZOSJpE&}D7=MVlV`9i)nuuCJ9TQ>8LH9WH{)3cWkpJy;nE(B9qMF3g z?497)RN+zl*tFmiQTGl}W=*GZKi$(*?%&*b0QZ6I-sDfuJv*^?VI$kM3Ne^fVa;cA ziAAF9<3+g>Fxc`&y^r6E0S3d?`QGXMwggIX0*rm2EBk!RlefL{=za`P%+SRJBERSU zUC4WCncsLpP3Z^MN}whcrmrxJ5|~~ORj!SCNl{OT_HAT?(+zegHg#_{^2!e83UDz1 z|7wUL-_o<@q$F%JtJk%~DCzAK6(2ku%>{Zx*~#Kw1!#C8#W#oKo({ZGySUf zM+UF%N%3~Z2$i)1?K3)cH(?q_wy^I>m$gZ-8t#vFOlUkO5dFZ#>+gl>nyeC1i zSpIA4B*_tDpuI3|&k3P==ick{9TuEb8m~!4!|h|G_EYv^TExC}7qlatSwCq8ALCkz z*N!=)Q-G+NR+V{8yC9?Ps}U;voE>h;w`#b`S=F zCYOzxgCd2}8%!#O;0J1bpFQ=xA~lz54v6<(wDu+LTTi_9G=_Ov?^dECA^~1RgD>O` z=J9Q?BzH3nj~Q0GvJKDFP~$bw*^j2rIjfnK_CG<7!Gar(C1Jm=clby&l~l*k9;vX= zm=U(-{dE7r3Z2slY2voPW;E;bJ;_ZaL-VmO-ufz_s+?K}cm_UzLq65?$|(Jp=jN)o zRqEWay&1J&fNJw#4`67XH+K>nBFQ7ZmWAQ;t>|qD#&5s@jEj-~MF?N*Z#+i~DAYyZ zOTeqF7^!k56BMYxwR#m;Jr~jMGI~Ntx^8 zln2}P6XFXJ_JvZxx-~<&)iIv};(&QFjf3{pqRv8Eo5BNH6h#Kg+HKMh-50E`m@aK{#vSuiBFV=8ou&^D&I2K|Bd`o!ou378SDSOko z2zxmPq{Y{iIdY=sOoHwnjNZ;rkaX5w(|{cX-K+7y?L-oJp{uM=(c9Je6|BQ|DLANI4RbfLnR(S;Gy<1JBzhDc&Q zHREN_uBWIS)I?&u0i=LJb$bL)kfI1WSyZYJKI`Aoh-k_fR^(i z*t=X~Tj=N?4)XIxF7VyOTbYk)VqCig$3=IuRWExH_d`!df_JQTaist3`XR#tX>}g1)xoUZY5~F~8iu5$bJuS>_rUpV5 z9)|G^VFhQ-@x(-SZsC=(8aT_aCV#9$)99gsS*olbKJ=~lhMz#*2|6!zC71Q!p7V;> z3xugO@?KG_LZc302q_HUc%&dEFc}>Z{NXW|2%X+f8UQEAJPQL&E@p&)y~%pHmnGK< zjz8R`RBE6!%hCMFDDM)r$SY>1F02Frwl6ZIvx$8g7qD``#B=$Z# zzh5dVpCd>F`opj~m?m^UK4SOi!YsMf4k%(w=V6yJ)KifQQ`C#-E* zJMe?C+xh4mZl8=R`mx#UhCBp(l7##fR&cZfq)`}5Jlas#R9LL$k*t!!*2AwQQs6>Vi-L$x4*1NXs-UZwbO}e`8UYW*;Pc z3}bt4n9V=E2r$1+R5h+zT^sCD&?#M>DWG7noIk|h!!Zk+ho8Do-f&@KEp0IMVS<%? zb1Z5U%S)wHfbE;EA2K5yV^uELai_BzO0QpJ$jj!*h&R#l@$`^3jjs$Q3lF_>rwrKK zAUmfI-xed=T*ZCKG%u8x$X6QcUY^Z{D7l7SF=70#F7Ly{lgEdBQh&SJesYAvlm!1X zzJGsh>Ud+CdS)2qJ%^c=Gv*GDt};IzjBjPB(=Rs3y{=PoSJ-M_zvOkUZsid32j1R=0+g6I4%O ziG@E*X%E+>`QDUtajdJIF9y#_PawUbv31 z)v(!paiiV4t)Dp6dcF)60FU8|r6Fr)7;_8t;`VCW%}vFl@i0A`y(NKU-E!Uyu*XIL z%(T>%&R8Kzmnb+706>wb-u}+*8NLn<3Nh&J3|z&%K&F=B?k#M0(n(-CNy@zbLYrgu zRI@SJfEoMHfm2`9{u&hIiS#XGW*WF?uRWG%U9-JdjJh8%6R@*{sU?EU8lEhM&ArN# zI#OCb5$JGkHlePrt71w{n)%=8>c%0H1%jSz520GzB_`cr4@`(9BMJ6dneSqoGY1y+ zn<1dAKYp!ob)yI7O=Iih{}zPa7v24i)^y!KEQs*aNY)fBjCej36ubVK_pAvAK!aRb z@#z~?uO4)E4((4ft6k)vksu#7GiI4G=*M5 zh0}iPEk2Fb`E_l6tRHTK^93J|Up~Eg=@8}y1?@hv0T3yWc}!U>Yy17_ zyZUxJFoYrNmDQSqP)y1o7yLKu%N{2cK@b?;e0n_mv}Y=)pXy6%pP4hLAuv)fxQ>J1 zxFh_#j*L7CO@yUE_W}q;&jEOuh8lJ<>5kz?fBG(Lcgo4b43xauIr0MsA>$3#)(9TU zhlwTC{PW@L8|%%9Bjv7*RERbqEknjFXZ@ugNduIltTx8m@9-~%3(m;Gw%mk)x8wcj zy_1u^n%p?vweNN4RAHClN}rkc z)}W)_-CUvW18r7Ke(e0t6vguX=n<4szWhnq{;+eA9C9ER|~>sGQ#s z-;4GX9bz`I2Pj%9aaMO~Cw3&9EcnoaIqYs5anHD?y8z}?{%)4H06~236eIue%Fk#( zq*Dij;ed|Cz?UmASG0+nCm5wn;#kQBRKOW?yzEEx%c&P2W@iqvVs~Zs3wp>sY81kM zPf3W)51_WLS*<|e1~D4h>JeEQ+#p@(SegSm$P)oHOOIQRgJaDWtuCd@YAuw%UY!${ z^?s4E@$K{<%sB~f6|9{ED2YL1Y|g3W24im;B%DtjEh$wk*<;%}U)Ys-0l)t$a;BZH zc{`(rt70(w7@3Psyd%JJ-eb3C*|W?CmRryko5)$FT(UeI6gNW3Z({YCHr;b&l#o~> z;$1xbWrbkrY+e#*(*ImHf}wS|L3sGLI~}#P&9n_+PdAA<|myp62YNW}Hl(a6wy?bq>L)ec!zyUzHU^1VC(7eQ2+(71+E zR@EXB-=&_oi(O!l?Dkx}!l6^PClRMe^AdK|5_fYdcTO6r zV7|R&kQP20HQ~{3+QDcVcWzXRi*}13v$tH_VQNz?os*w$q;)3uL`9!4{VsvvH(}Z( z<#NX?z1Q?W$G~YdrP=pb=#fALWN+`Yl*tI%$*cuFj@{)%#j~R&m<|CI5iLUkX)(yA zzF3_2PJVlQ)l>Bm(QAK?y75}6c0+rrS^k$ow&{2;qI1f{*%{$j1p7!Noe&HCq^5XN z0B==~9wdNFMAx$yXTM#H^bnb@Vgy%&o&60tcMv3TORVaDj) zlOJ!7Fz3O${0S+-X+gzDD_Xm;x~N^5PUA@8%SUSFWMl50!3^>9N4qMp6Z&&)%wGDv z6c9NjNbWmb*7CgVJqM4Aw#40&<*{CHh^dKg+R>uY6Ly? z6-VlCpO%zjNVJyr_wkSp-Ghb5*({_7{YQg6-+<06;@g`rckQoC+@USBlPd4sadN8% zFMlh161|T+o?v;-(dDa-V!*3x-|~q|iGkgzUc$U$rlMzih~akyJ)`dmV(r@bO==V&o{y^%zL|QUEXNTn6t;{N@euzIvJj}AgV#D(;$o)MGW5>Vef&yyq0-|3M3VFz2v_s5 z83hn}Tl1|hKF@`S8}{iUJ?qj_l))mau6wbab+_~czX*%HuW}<`6NL>4qax67yMs7W znf_}1MSX0fml4RY&~K%vn0RumAaQSu!T%yLYYm@CTeHDqTiY;%$F&kzTqcZ(_~yKT z_p~WF6MGZXBW6`PtIY@ahy8VgQU+gwvb3Diz)KGm`L-i;mm{msOKKB5Y2iTA4i=JXJX(-yK6+u@L~sYE$6K36P&M}=GNO=TaH zmpVMMfM0xMQM_d6K9Y?&Lc#TpxRoLO$T8vld&XfslcTj zDFeqMI#Hw5q?-=?!K^n7iNSsfL648cdAY80&SAT?Z7)qn2!?fVo@w+%Yw4!t9`9^~ z1f7kR!oU95VVPLkl_O(r{%FK-+(Y-bM_2|{NbSOce}G&7*Ij<;^>I{eHvxGicGEv2 z-ezLwd!N_Giy9pt^LD+(gcAhNi4(Tcc-&RFfCi($yuD1;3DXt#`CCyL$C+5R8PU1? ztFFCb_eMUAEek&-|2l0@n}~Sjt%zchjtt8tC5!EMIGK^ss-mnc8yz@{wjBlKguIz8qSjx_Z$_XKtrOP1e1CZtBkKEKh2)PPJhh>@^$K|#VGiAT|>ANj%ZFFl0ThP+PM2EPfTh@`IQ<}y3{0SjpWwaFOIR~qPbu47$3V}p> zUR0&qljMd0zgc{izcrTqb(&&iT+i8kbbbVC`l?{m*Ga*c<%H0i#ha5i9oAajXb&Nc zBLaHtF>BBJA9)vyiez|YI|rXHKd|57G|xch=+*XIHyEB(o*VE)P2DVBntYiu-S_eo z54Y#j&ttDt&YtrNR@RxyG3fqyoMGe(9K-mWV0KiGep1@ACLk{7^(xC=Fk|2VEDMg{ z=V=c1_=oz57Y!A9{_(d&4vo4t$udc25 zpxggc%s-R>gDWjgx$@sEhkt$buU1B#O&WRHTY|BdZ!`Va*521hzg9nDI)CREyT*I>&<;vu2TqZ{ z3V}Z+Rs;=lbMf-~h zFj0WnkuqugN|@aepkS-8Cf68!^JB3-pE*kNUHJ7y>%R{C2U+Ycp1B1aE&9q$WdAM+ z>f$cHT60!05EiHU<7Sl0QJSePm}1u}_J2RH$g{s95jl2R?w4d5IZA^Pj=h2TIrAPf zGK!bX%Aat*m_by)QJTrFZ`t<}fAN*5&7(9ET|0^`BtM?qj3K!=<_6til>Eio-6kRB zWj*q9ZT|YL8%K`LrB9YwlegHN_<3J}E{ZpPJh_s>UU#dZhv((W{IJ+nPLXw<$?eLsD;F~oznLeJ@>enZV|^yS0$4Bn*Q$gM z|WD+(OVYZOdf07bAGLN%9r#P>sJl5kIRI< zJ^2qYALT~IP)(2!@Os=uK}zxIvfZAO*AxCkrQc_2cHTRhp-jBjx)j}6lCRf}6m=~* z`s1ay+{ictO9tQRO_y;naeK{GDSSugW^;1=T+Y98gLed&PI(&d@%SG)FD?qKXF?Pr z{86Ve5ESS+rxXOutGY4v5KfC+hih+firGddXE{{Vs}v|3H?*nDl0BwB{ovI(G4Cpl zLPn}o%4bNE$zYGs9rR9`>Gm&ptm6?G4|iRS*JhrW|0kQD0}Huqw@?aKF$o3sqsjX^ zo>kZV>+#Y3hr3gBol=SUQOyeq!^N~4@x7i(uXMdb(#bx$!<3*ump4UlRrmfL+c~GQp!#n}&WO&Yb{{(W*fUyrL6)~PevIwC0$VbS z=fd;kf+wy^r~EeqVzaJf^kOs|Y^;9u!dsUpO015K%}*-u-jJhW^7zo7QGd()^uO_} z-D_I2H{HoS_w+u!?6I%3O=l4= z$-nKCZhcYTD=oeAD;dCc1N z`W~*M{`*WC&K-k%t^)p}+-FB3Qj(ET)(yPN_k3k8l}!J9#G5YRRi4q=+`!BH$(Ag6 z*PhdeeHaz9%PSCtyXOR&rR)|z{viPVPi`1cd3x_yMd7iF7>C=Ax;C9(a8rYZ0^hZ` z1T{_0oJ2n)J#+sj+5a4#H(mIxP_L9W?^Lc@}gPu!-y77CvjIsY#vXO@tu z8k$1zC%c_fyL`!p?(C;)e3S9KXE@3q>MVrH*rwrz|Mlaa8;6a=d*pJDAgN93+e9(8 zirks!cRiGjZMG~jo=zq^7xWjA`s2^5wBBLFpcBXE7tft7DJ*NSx(egbI2W_MDd%w} zDgR;^x^r>F4>QzH;q;R=zeL~aMIFTGp5ST|547z+h!4&)->x=m(c^L1ku^6N=Py+L5r*nw7%+$%nfL7=gSM8bb4oxwc>FF(~ zPa=LZSqPiBq3=i|re)RJ%6zX4s%d3-f2VMo&IB=W=b3{d1E1iXBLN&NPM6<)dnEH| zJ5oU`N-*D1AF03s?VR11o4Swli(gn+;J=zbuLut+Yvv?S>T)|hL_N7MTBSwfcCRVU zv+bd~Vezow%j?0*;$}@vSMN|{&HK2udXCbYi4;qCpP#3bG`+yZjo1E#|O)}J_e+cf|$d| zsj|YQ5T#UvF>mY!gnL#X8XFD%Y!I4tF*~QllgRC$U6YvW#JjZe_T(u-O(7w+CvQhK z+Vh^%$uO0b$6rh_X~Q~hy1MlQ3Jc`d1cG=Z3$>zFn+LaaWS~xf_WRZQ%V#;-8k?|e z*^;vk_VVbW4g8QT0a}x8YrfQF?6ShS9e57!9Q&-2nwl?$_3k%F&FN6fxSU8p7d>>5 zZW+V=J@H5><3W2d{kEOQd1^(L-xhY8lBM(J^>8I>eyPgY%*T8zTC!`qI^AwCVy%5>Jz6%OG}184AUQ*abR*qJ z3^^bjBk()k_r-hP@BRJ5=P+mH#9nK!{j6uj7F?C(u)4E^H5)%*LFT@u|BgZgl!kAf z`83-lU|Wa`ms{bfNBH#54!(M=FJlD6A5Nhv=SBEzIJaVXLU)gHOoT4l$!&DN_4-h> zoa3S0e6>(X<1?BDYt8U=m^54oB5#1LH#7KnFf-b%co0J9JBf}-&Hsr+@@0M6a;C_8Duc}?B$CTY0r`hwO zcUu^8-3!1h-0sAFp6pl=2Vqe{NiYI+&59~4#Lz+)d)u|!7H}3v(Xnynrg3KaBi?-h zdqBgBJ*7YG!dotx^CdO>wzw>OO0#=Wb$Iv*=b{R}ZdFV9am%+Du-xuHwGO_1f0 zs~aE_?kzcfA4v*i`MiZHN^gAP04w2z?$eKr;=(^0v4!tcFcyCE@YioSAbL_xaPmT( zoroq9*Fh!rmMcY1U=S1$8S>Pj^fc;M{z+(WQl1zBb=Sfecve~0&b4xm;6vm7@tOSm z{Qf{*$-~qEGnKJm0g#LO11%SBPh`{r;bZT4K1 zGod7And|e`wNS_Uj4n6EEvez^@~APMIsuaVm`yh1Wj(!+^j^(*r)93aUcro_>JUJe z^{O;}mG>L}R%<=r(_lz-7;tFwpF5FkYo~5OJcf`BqgY5aeR8PjJI$@^UXAJmFmd* z&GI_es53$23*B>y)2ICNY5jyFL5+|&J1?&nbOx!9-Q6*S4u$S1F3H|@gvr2D()xl0 z8}RD@68D*HyAtD^bPnz2OJVUjD4Tg-==#q3Uh7LKDhZSZl=(m_#c%n?xPMg%u z=I%u2KbPOMWmYTB%da+ZMDC=N53AQS_(GC)@E7=Z2S*w%RMy7!ee1TPH%=59lYB{he#Ncy?UGOSO=W+z< z>y%hshzmL^LWr|>Oa!~m*jAp7=RjWkSbvG6Dyq_GZ;jg*EMATgYCLjrOYp+glzc$D z4~N!4W)8bRR?{>1g#GBjPd=Xy-EtIe)wB#;?TkY5ngp$HFysK-G_}yHs|W%()I1}ocZvQ0r9e{P772Lu8;ooz^CCQouPwt%fOno zITyq1Ph(zDS*w?RTP;FHhQOF%7C<1kf0cuOaDXVAY;^d+6u|O9ZQOnHXK!Mgnj4GH zR4s9$EyiD`$beJ$hE}VZC%rPFgL;DUIgXuD&9*eX?-ZQHvACZ%W^3`GpK>>kC4Awx zf0Zj%d%CiPSWC}Qkl_xKs;7SLp6c;-$HJCF#8K)qg2Yy5T2dqS)3RK-FY54Aw*rP)so!In&!c@nd z746uK>;sF+HEx+-d|IP2QxWW)vBOEVz#pG;ZBmnND~=p5*Us2_qtG%kG6naZ6V@%X z2H5>(T`^2Ouv5)tuKYYj!_Idq0qtX^mo!?-`?IYk{CwU>aAShmz1&pf$+*-)+<12x zbMF?NHTlfsZBp;(1WSe-F_RK-bY9^_#O1vs$&?sX_`2S3?RkutK2G8J*J<`m=;NxTCCM>FSK9G0=b6f{AUs}-V&D+TmVs>SRKEjg`L$dTmM zGs@ABLA~{6_?sD_l6tl#NHunHy7z>SZMeddsdzV5Ivi!d=!ZUoq%&GhD_erWk3R36 zhDHxK2CUaG7u2im%&<=#y{bvSA^n{hg*vl7G&8SCS2f^&(Dya7yT*nXBDD~9o>B7Y zs|xvqP-6Bt3FWzQnBIs8TJ1zzUD6~JW--muq4`Gq0vmjw@~X}So7Ll#7=#`8IB%y+Qy@`lA?I6pC*>-o3DlEQ8U^g@R(LfW5m76> z7B)T>ecyTNY0NA3Kz$A0OosmHZ>BTdE{Wbby{l+4ibWQc*FXYsmIMCfqlDUo(5a37 zD50=%LTYxJc+O++jS8vq*EL}|4)=aMuXmbW09hB^thRH!(Jfsz#Bg7)T+GK@?O)C; zCT^dgKf*9)fBt=wOo`88S4fzBPUGDNKLj%~d4bMDd?w4w=2PX&`6`#-UXE;0W<1)) z4?U%riPu*em3g+tBOKZ&`Q(YE3_)bd%YFOjD$$g5bo?liQK>aXs)rNyKA}~o_mOxok>&H}#?;4;rVLuzXqkJzh0*-uTGxkCmHayTF@$JCLk{)O;|8 zAJS!1{`rUG6ur}L*7@008SgEhCpL@}8Es8FtUisz(|a25ui!!@o_|1Q_C8(EB|#C% zIJ`0X*?VdPUHz>Wws=?hQX$rTJ9Fs1GLz2!9#m zkEQx}Xeb@imNxtQqnGejZOgc#0$!lWrAN0-R1MDS zQGXcn%$L0}JtKv8rh1p(-5qtHvo)TQk+IXG97Xnr@_I+&zqfbWc>&m=DktY#n$te} z$T)1+UgHCZXz^TtpoufvlB0P{A}IV}kVsh{`#EY*U7AesnnU@AFj*bEY+f9GiaWl` zOG+vn*Skf%duTYK;{77ySzgllar!`%>&V=k<-+~Rx~yJKy`dCq7BYN?Z#YcgVkT~V z?ff%&`n`?em6)7m^W7HJx{&xniGsLI7b@MxHco?4lVCb(#Q^E=!uNbSv0s;SjuYJe zn=1MvGV>45`Z`tjC~x>fCxee}tc7~0+GL1CREqCm7D_fx31h<6?VzuiGka5^Gp>aR z!fxM0yl@h+C9mnE&q`P#7Bv>jEHgm@1to&C>9o8BmT}EY%C8}OH2Moat!Z56Ui!SN zjmL%Sb4+vTJ-q!r0rktBy`lr}UlVwU1}m;6P1xlWA?#(Uhz&pc$>gyx&2};XFl&#K z0(@7Pf@+6cz^UX`zZ0C+M~D zk1w1Soc#5p%w*ZTbDlW04gv2x1omCZAMu^Ym{$zkYeYW<{cqv#0D5#tBO^&-|>J;T~ep zqxNL}1h{f7iUd;&en8jIxI||JQ2+lmCn<7^JD$7n{!Fj$?C_9DZU#M_^LN$~ zJ6RKDDUQVE+z^N82buSv$j@Vz=iszPW_+b4Y^AYBH5CnJcn;nLP$6j#kggXbgPiR! zY-aH_?c?+5Hm+!zPeHkC)HhEL)o)sO_T3e~dO34Ud6yBYVw>r@?`Pyhq0vcam*OBl z^GdU&nM_!gbRdU__|~;4zc!W_{*;VF0Mr!8se@0{8ec5BE}$5O?Z;%Mk6mF=qB;gN zuIl?D#d;DJu43gg<_yiy%@;=35%FiFx8Gy#Y>shA`OUDYdQB_Ier?X{ec+>?Bd&cv znP6N>&*%QFiKEvnQYpJz*x{@iM~$!H#a8$KJ;65_99~JmJqaUpX-&1X3UnGvCOGvg z9R_YbgyMH_z8TLd3XY}|x^EBo{(->-4ysF^YzBg*@c<(j47BP}t z;)HQY?>ndCGo9dgfsmvrcHIT8Im_~Q3VK3rQTNceCiYKMtrc75I`Gfm?euG@^IwAJ#|FW;s< zPgaPk>?t!n5`c&~b5dT&xk@G~k1OSybR4^RfSW2HC7HtGQl3TKn$!w1zMGT^+WHI?U}ASyn`eYMZRqnuMO)}9{s2vO&{qpHBLsEhaO+J!mFo#{IF`O#-;l-wDrCp6F5fRmK-U|6~1wHIMwaU_WU&*Yz{KToO#M%h} zJ$8$us`>rCGM4kW6q~9t)5C&{GE+y$ajof;MLG|dQzwWrE%x`X`z;a%SG3E|)$HA0 zcE&o=mJf^_0hkuDx⁣&rpbX>mxkLZxk}))J^OZZYdNsCCgatmxsm zub}5gy&;46dG9H2HoVg~dD^MU=s_+B3&IboKbToCh-%DqHC%Ao+Gsmp@xz8Vq^0yHjx`*{d zQnuZ~A%g^Jy>%-p&WIIy58vU!U60l+yFSEDqd7IMpi1LIo#&tg=o$8G7!UTxYXilf z>_@Q(yH8iSG@~54pMy2+%Fzt&mGV*gwyU4yl{@2r(*})trG~<*4%(LwRx1Qq-rc^o zy4UK4fmKC3S!U5jL+qVpbwle8w*bCJt+jQC?p@}`f)d8AyP`H#Md8v(wH}DlFDR{P zZE398)}`k6h)Ox^r1~lLVdF8d(=jDPdD5YmUGVZEP!z>iZ_U(W zA1sDBKQ3tdjRumTnfxJ@rG%$jI6hmMAxS^&!T9Pwkka*`|3?yBZyJrNO}oSNPntW+ zf#}OtlrMebSj6IU&|ICU&rvFZk!)T$bXQ8rsU|JN;lO;*02`s9j~8)`N#2QI@-)-Z zQSqni)8I=h53&@&Q2qy^ z`p@A(q94Tq_a^EI z!$_Nmf?kcjEJ>Z0ggsqi*VkHGZMX-_pdjqL!EuDZ+O1gX9JRjwwHS0a0HRDUjl57A ze?|IG)*|ODqlD+1zp3TkzoTr76cwrTt5cOrr(&UqI&d6Mu0uL2}ISvP?Ui6{>CED1OHxqnWXeP?y+l zAvVbTy~9+5E4{kk)+{qjB}kgBdo19Y)Fw{8u0-BW;szV>f(YhLwf-&J)iZ`>akEt? zj%L*Qr*=W_bC8}KvowMr%ZwCE62$$;n6lqZ%P;d<$^S8D_`{yH460g&%MR#X)2jAEnMNqtV_Vl?zr~PO_sPW^!Stnv9FczQzl*Efjz&^AqNTf2N#y!m~%s zwD&*ZBGMUJ!Nd->k4cg{3r{sC_kMioidw;@Bk3u%ygEkTuS}nv{fh7IX86unCtEV-MZB0%Sw84e?G}QoH7nCHvT#0H zEfOHcf#3F`0z1&uzml2yXS=`Y-p~J!ayVdp$;??woNK5nEs*%sI#+KmwR;71W8%a| z2^iX)Yov*CMQ>BNM+j%e;UZ#_dsq8c+H$9Sn;YbCF=1=nbpI8%{}jt24&uhe#TN{? z{`gZ75wJv#s>2*r2)E~{z}=>aBLcFi+DiQk+~DP2{%0NoH!a0)%kop6W&VL9k{683&>RFeXUNuC=GxhV&=a?5ekSKBTT!rWy6s z|5dI-&UD)q*7vo81)r<)|`RqWz+e@o?(%ICt)3)K0Y-HBX+n^ z5a-!i*IeS@m{1N3Rl2kw>mp4*&*<{MXF7(z2kwW)s4yx=0}?~o3wqV2Q2Q75t79Gb ziZ47PJw#D-qhp>vsXVS{_2;Tg=e7g*4un(rM2jBT+t`5<_<4wGip?T=!E4N zP{2&}QKoH7$!%w7)jDG!dR9a>G>h@MxIPP8Nzl4YQ91N=0k3DtzgH(q>`|>I_ZbQF z&kaiw=>*#y;z`coaDnx1%Yr*8+00r*2=k^8fAX-FrwUcW zm0U*s{CW3rN-_*ydNgj2oQ$>Anwj84o1(`G@EfD#H){veAdKD>C&vbUpmhkx1kfa~ z?@aFSj^HM=K3nI3?l|bw(lMiukeR2n{JTfoKGDGksb*T?5Da)MN5I`{8i7x?8Q%e& z$ip{Bg{c+rY28C6xV}gA#Fi?8NqZUa2)AfO%$!O+Tq>B;RitqcEi^qmiSN{^TSY>x zJ6H3sI7j8+kcP^~3mkJYzahQ8wX4%#sI{ROE;eN#zTtsZv%l~-H?W=i3(Zeoj+$hS zC0X@WY;SE?H-P{8F3KW-6_uJiu&L0n+Q02tWji67_}>AJXncd(?R{680W%-(7jgRy zPBVb`y5&Nb%l>S)%aWdkVS&`eM;5;GFhju?bq1O-`6)iywuTkksq;VLNtw`zimZ@v zP=-xuhD*b5l3LumwA!x0yT91b*0&fwv0g+a4Sw$sDy6Cv?vpw;0jLY={21nT6KOcH8^cuOWuLOKF@I(UVJ>;wy+OdO;GUK&UwHObWqITYP|fY zlInYww42Dsm3;M4sDAuc_k$*;N6scwO;>(3hvizG+Yhcz@%wK{{&Xv=N3w*~01h;t z=P_;daQH1WMeoKKtEwFb%y6Jw&*z071pnptLJ>slyzyo;>h>w!T&P?(2ZUk{8SKpk~P>NZoPTf)v)ANK@G4dqN@(3T`*vTRqes3?1q;U@oD$9w1iyPx-Um4 zV`$ck)lx4WT7qEcuKbSLsZ~E+4g)Zq~qM^9$aov|_r1UP!* z)2)vxhJ2%kBOTa?A4_phMPE?JBC>LY2Ywh=*r+AN%x1@uEy`yc8j>gEE7>uyz5q%n z=*j{=^AI~|5pW5n+otDN%!p&c2p+8xlPwnWy`uEUjAdM(l%bUt>}=Hp`AVl;CNEXSbOe;!MEfvu+!FMd6np)cs!o5!l6?a()$k^R`zjs3;yZ#N@AAF3Q+>fB3d5He#o z5px&}T6<)GUuMmsJ4_}${xaYWSMQ|u%We#*C)d}xemql>rxJq3)hIEeL{42J&ATUN z(?YFTYCtXG)~fHm+ChQuIr3*EP&aq=;{i zle&3JgP#Fc2Jw<{l%gjQpNDfykntK9=05^<@-u3+{Wvm+n-X&^xH%uo*?mRiih{Ec zxttVo)AEit3`2^Wo#Wi&;wD&k<|Ui35ga$A{5VPtH@7#xvRk0P8v)le0aU(Q+erw7;X@ef2gDn)+?e)DE#u3$!_g{y8S+xA{mI>yApv`VON zoBaq0xfV*wj>Ddi{Zws#|K`K~)X!=Bam&Ka>qEw%)q2^|6OE}qM327?Gl0E-E-(W6 z;tb7zf?BoB5V(_O0l~>B#X7o~F=qJ9Y@h_MN}-a{lSy(`B)B&k=DuFmn}GKveVo8q zAf`rorjNhlZwPk%pr7c!`mPjC`8tf2&}{Q5Byqlq7i6U*Tg>o2)AB6Zek09v>gh%%md@VGkHebX_1;Y_!>#%9g~p}3p?*GRD=|rEf0gOcD;M=A zDDM+Vql%2vTNJ5;jaT+L?fL3-9e`_tdjQll*&3XeYkk;QZ^4NcU+`KYeGqNlf4cW$ z_{nV=(YH4fd7j+x4o~s8#KS?jT6ViiwO1?i6h{#z?P4RA@NSbQI+bT8;^cOeVrsOkd-{2t5xzww3u@grPwj-s6p72~{! z82CI9_#-yxOG5~TR*!8Zs0Qt}TAPWtpWA2UT+lw8=kCrYoXi(T8pqH~TLookK63dZ z&&M;^cv!Q{08msQM~NtTreZ(b!`Wau5Og>aqkA5{eI-*R;tDlZjX89c!v*CoL=NmQAuoL;^ zaWx!1@oU|%X)9b&%@3XPz`L{rL#X5paxqM(am;4+)Dz^<&8))zpyvFB8K?g7?{z1{ z#va%9O(i-!^NL;37Y#Dx3k&nSx>go&)n{q)h*?FFPV39fThfa)mLw(r85V8W1mEbv_vRG1Rj@|eWo5)5dCSJKlS>iKWV7nyuyl;y5{}T1tGy} zD*P{DWw~O3s&`2Zz2{3nb=k)<#U;rs&EmjDAntn#+yb3Zv=vZ^%WV99fe9}rv2Qkb z4mqtxk$vd-lgldixvfi!Nw_4sLQ;UoyF0w~(1yllx_kz&Xd**wa&)8<2QiMR_S6s& zlIv#E@-_|(o-|o|bh}(1JBdCf?r}RemfgU%@X#qPg1xrkxOS_5eLd!d1&3Je_V*;6 zhju|oveY1~S)WM1nGJ@;^RK$0Af9OpZf;(|;t?aXWsXr>v#@t!S z?e6~8hwIR*kH3F?)z4g5PcUKF5B5r-qu}W3V*((y)E@n_iJk#=JOK?w+~9(fKIHn; zU+Q_wQ4 zjRu?$Lb3YJM$~F03%+2^as-}(R;hv6{QLIR>i1jKD5T-l(L$f#6dL86iDs?vnG?z6 z4D<608r4TQJlEbK{CM+L|48QLy-d!UQWmV8ap+8+S?PPF$$>3{6RU&TiAJ@y)}-VH z&y(q2cc}*iGcQLaKMGbje$~MqJ11}DQ=zrn+~6Qu?4V_sriLR{_8a)xxEYj$WnUQ_ zyX!nnx%bd62M1wTvr4V$1tLtK5W8y9A>IM@hS{=Y(G+5DMv?rm_0&q*I8^cIofk>O zPTomK`0h+lltqb+c#^?%Z5I9pUj6h$q+IWoF893v(h!` zIag?-rngmu>}wwE$7Uq1!{2HXEh44;JSP(~Pu7oI2MPZu@qcVrUVa6H5y(=(MeJ)T zM}F8E7jtPfA&GIA`_)w%C)Jq~Fje?&Tvz0PUh6!HCKRZ z3iA}|4se>kL%=CSVfeM>&fVkwv$7``e{KWtYklPYKx$*Mo%_$j(YO@qCjugkg&0C9 z55y&`FOreoyS~xFXSs3NQvmCzZOr7@VlpU{dD_;=DBK=AhU;Kod)A8tL}WABrIdM9 zDSXh!*LPQF_Fdy?9;o$KsV^#AM!LPCO8i%s1m8n{m2s&4)F`($rk(MV?pn!K(ps;C zFp*oq+;r~gg<-GstGVx=y%ZSQ3 zRngP?hLIYJhzQHe7m4ij+Y%IlQBPRf=@pRHBzfHgEpM9Z2bb)R-^Xe2d)9#c;!0Nf zZVg%z#EKw`m?ySsv>x>JO~cT-V74k~B!L$-Yg*LDKE#p3v@^gPbA9X7y3*l{99l1g ze#DqKF!^7$!b~CY^FW5OPQ-S(^#fWI$`$p(mE^V%Tl1KKrz14|wq*}29FXSLLuqRU zt1R^bhdrh=ZD~lN822cfj-oj+rWtkmDmmq+;Q;IoX|KACFSf`5&z+>I$$Hcm7$b~^ z?lFbFL-ockBZ-~0o?xRP)R7kH%yW9Dx?^mxmOy6}`UKAd(|??)`J_OgR6(;;7hOBo zZAspfJ{;GkEFac83FDuE(7N_$VFO<9TVWf3m z@0D<`GP&%=<2tZ9#Q_0jlX3HJwPUV^ThTLiO(XSZT)v4q-eWyv=4DdVbCnw{iZc_2 zm+S{0Cz@DBU?hRB{p#u`fIzG;;EO!XtSkr9>uAN<_MAne<;cYZNibQXvOHL0ltN=v zw7yf={Ch?cJz{wsjUmLY@F>JS2dJKag;+8xv@>7oar3+a0kZ31;v(d+PL^mZ$)3IK z9rvmJ#qrN|;+aQSvyVVge~hIPmVsa0n{k8M+PVN-ge}R3Hhc%OW5#pP#Sf&S2=(_W zLj7Bg!nIK=2eBrh)0W8~3P(*?BS=VYoFnOYjZ;fm0vpMT83~B4#TK~}nc8Q{opfJ5 zm6B?mk3#&IhEJ?gOjYK8%LBU@9?xLSR#~eEOz5LkXZlrdkMCtlUge$ja2X0Q-jZ#F zU1J5o^m~hq$5o}3C)-~f9lkoX;~mVdNpK|7Driw*o&eiy@RoWUQMcAorJpeKxR)uZ zD6RF6X;CnsG8{WLkjPZKJGK_*zYB7FzH}A8ykQKTsmaR)@{XgAY{MkN6qHHSokoP% z7-k!8MeDjA;X25g?QOL4cn1x8kLRn}@*ozUAaw@MzHzF9d@fie?YQruJ>UTtZZR7> z+x)g9m~eH5#m#&bpSqWFbyosfm$&)B&x&H^0>p%m2^h9C@lMh8&7W!iucrb4XEGAp z3mUTNEpJb4*7_v31OZ7-{2A-GSMc+j)crrf0_V`W6Zo;3AQy4*q2R(LY11=<2X7O_ z^u=WTs9RUAF}OcD!)vDIF##f-llATOuhx{PV_U!P#`?H1w<2A*UYftOvuBk}`F{J; z=U3vMM3k9TZgG!NIn3?i0$Xceecn>&-N6Uf^7=l@vos^RQ=_uOr?)b* z;SYl;hV@SxznV+#>3eBF_F5 zT}8a=En0?3f|J;RmBkszMQ4$1rp@dkt0y04Tlz@M%~UkPNaUycQs0z>bWI|L@xpN5 zCW1o$O{`K5d_~$zGkp0b zP8Cig>6CPAFD6H=7q@zlx%?O!c|-@n&Lbr#RAv;YYrI_WzWm-Tn)p zxO6q_Sh5nb$fqRL@Ap9ZN`0ME#h5517Uxx3a)6Q#RyG4g` zg8VGUH4Y~N7BIDCGI#xy*Tt7m`USc!!c@kyr;%dB$NxlKf8i1Tp4-}c)~m?38z1PD z`M1=AZjP?S%pSTLpe`EFhc5J$Rc=QfyQN^j`Su~L8tX!w8%mS{&eTI<2WQeaq{GkS zOdxC{;g0wH&!vqtaiwq&>2vx!Tz;tXo8O070(8lK0M%->z`iT9BA7503Z%TNIMb6@ zz#|ekIDi;cF{xHO)%nW9&3FsTIi?vg%Q}12tm!$Eo3N`xjGWa1qF|u9w;lBHq>E9Jk*S`$bMGY3Q-i5>yHod%*KX{3M!TQ$Wmx?d z$lPh&LMjLBz4c@gtK=DBUmSN0lOj5B>+(k&a`H(5rGA4)!rA#m<9fKcOOs`<-N@LK z@wlMQYki`{u+DE>JT;Ci6a_Ahg;|8)aB0^culm6;a&F}qd7k=WDY5JDbN^Y-uZ_3} z`20Da^H|+{jz!Tsh_oO2yw}id{^$9`n^7O(oB$x_da)G=f^g>i8Jzc3+4F2?a4@={02cZln0hhP?6@txt;7rG&l!CS0KEnTC6 zKs04+HeWq|NU-lHkNE@#9ougD!bq9;{zMl%6`oorBw^IS%JSBGVt0J;S?0zr$V$+D z&KUTe<=Ic8rkbC>Dk8!hr~X)k-|nNo3zq0{#Aim?&ORV&pmSkZ3pSC@!J3uV{q#t@=Hv`LfK(&;oOk*s#~iCgHv0%Vo*SxZevP;ekEkhlulh zO*FyCQhf;a*3nWG@S){UF2k0(f@fsQ}hIK1$hv zDUZxgSu!q8gM}Ok&L-F&HbaAX|I{!3jsM3;aoa1&G{AVeAXcK0o1!4lLHP8DSj>ip zYA96)4q{2wAyV&{r|(>ge0QN=*ql)G_}W`qO3C-uR+r4M*!w{PDqOk)D1WF%Vw^B)`3~thb(6OGXfQWl459nt zGSz6H<3fqd&HZZ!NW!aimA{ZoOl7Us{pp}cGrkzRLmEdkuNUmqUGkQ_m)%C}t zuD;a*Caj(KdI`tx+oIZ;7$-{hjo)W|I`uuW!>V<$5z{|QefE~arg<#x;W;FQW56pE zuo1NReD8Ze=}MbMPNspGu4`wTadVAkNfcnBq7in)9af;h`42v%Oq!x60TeO#J8_yL zsz@)hydze_05&((_4}hUo5PxMXBHq^XJUFsarAe3^_k*fnd+JmXC%Yaq-!~l^6qZp zscvZ9-N-Tmr1Q*9>v%)q^)(Hpup?4SP94TUDxkIoU3+kp&$)Hc_%~>IqF7 zpaOo%5y|yC&j!k$SklM@+{I!{g@=cvFF&P@+65#_@NMQOD+<{;b09%N-P`Y}f#naK z9Z(6M*8ITcVQ;@B=grfc!00K)Wlu~+@gOYRFC0VYX#e$fhG269=_8WG9;#QMVC;t* zpOV!cH6J;Dp^t@1o!eW-4Iy};2TQv8FPy9&sFzO|-!s>pXAyatPTVmeW1~EpyY1)_ znOCCv4X@HLs0^VjJ91Z4m6S^USlm6VWIxxNqhM`Z+iPW}j%gny#jpdJUAk(!hFKv+=LAZi6cE^|HBG29Xgo;Y6>K_PEmd%> z0VumP&mCbwk8Oa2;B=n0v^H@yJm1&qKbp`Ycj0H7j}%}MTCn#RndzT9v8kNOV_3AC zJr#9sr(Ph}^qf*Kw1L&{Lybi|9H7JM)OtdbyQm{SxFdI;H&)*&}C(Bgjuc2D^(539+ zHM!6LP$|Yqw1HRhRE;%UR24_knr!iMrpc$1Q>Ppez!xtVisw+re{LIG?;|G-$5Xm& z$3~=>r4DBjlqe{aV@!>K$?3d4TR;x}owj!tar0mq=f1iO7+nBDVq_9}TwvXdp#+F%q&Ndo|f zJ2d~3ek_G6RtYYB_n@GU()uIn!Y()DoA8Tg6NYrNwX&6|DCD8QOQl_~2Eb2}S1G8p z@Tx7Y4F%<~9i^>f#r?v^LBx?@x~(8++dhIJ)>M7%Dqb?G4GM;rY6tPW4`U`uMMv-~ z?dvWEvOQADoY%MyE(yJI3;Xch!tvPq07~;=sNW1F>0%G*{H9B+FY3G!Za03LjAlI` zO(fCAKe0QeyfT#KN(hq0_ zxHT@~Li=(}0#!bgmx`>-Bb?i+mumy8u(>Y2xXZ!grU{!mK@!eS_x1xLvJ7hUTN=}F z&WPSAVJ!n7u%&;dKmEjxo$}1}NS+2GU z2*ta;q{p+6)rciV0vu5+1p?Mc_y6n2_?j4Vx2{W&z>98k3)gP+8yZ}+J+tR&J4g#j zAWd0ssOxu&B_^IN?rclgP@m9+v3Q6Hq$fFb?-M%^FY3Dfk!)5KE&yGv`eKd+Lq9;Q z>GxIERBESxj0>8If5Ue`)doj&!-Cf9<<=DTjtH9QmQLiG`-^9vKa}j#h${!RG?v`P zA$li_WwKv8gQj~wIm@=BLslj$M1AHumgSxnVt*@Omj0kjipaXU|uR(u=|fGB#<`52i!`U%>Qk%^dB$G zUBzgy@uj)xAtExPSoO^mk^nQ(phPtSoyZvRo+dima z6COwny(!h~J(60=4_|Q9YF~zG_@N<&zYt5#@w@%O~t4#w8F7%a%$h0lCUOGjUg88HPyHU2f_^4m< z3lxQ+ryjwE=%1cXzNV&IPd&hifkAe;dUoS%6X3bnSQQFJHeRi>JTdmWwQh0P!m*xV zUC4HLwCI(pxkFZMy9wEm1mcX?xlU@7i{kdl+t3f9QcSbBj{nm@$4F5b>zz%^qvGNq zy^7ie&h?F(y)^V$Cz>EPny)Qt6Y_^k%6nRUZJKcy6X!B6Pr79s9p}>a@fBjh{>P*077*npMa`$!BRUtXc5Zz+=PuvyQMq)t<*dj9_z{C^!z+L3B= zm=e&iu!ZS=8W#RF=0o&YU$g})#L0%kO26TmuQuaJ*(6>NBV}#$G9U$H`S}GV^$fVz zy#Pvxq&X&ew>Zki@)YA4{dY~}f3cn0*DBE&4fINc_@&0(N+wQCwhuDnWW+o6 zyXU3ZuMkw6?^Yd}q{hWN4@qweB`^m4L&FZDn}H><4#e=|xGU92Sx10qc56VAz}c*= z7Flk)=EKKrPo?)T#y$z)^OL8oC>Fy^+DhdtEgCSiC_cM9JJU14{^N10KZyp=eNyAE zJY^K}4~QisTw7H`c`8h#3KRPCdMEpZN3H81&p_k#GH zOnn&o(^VTA!B@kKjo7UGWD#|-`I`P_mE4haSHLI4%Yfjxa2y0X%@__dYjb~Z|6AA& zE+QvKw(mj13NNs2#&8&76bQkC*+rgH<^T+q9?fgPbLi8|6*l{=cX+hQYC1oKDPkz* zH|HJUN=YP(cq1G1k{geE6uP$3J!M-Bz;57_AO6fcQpP)qbW$B^OO@xwCz(97-{rpT z_sS9W*lnN^pyPf4;%LIu+o2LGLK>acF3aVqKC0%HoQ%QIDUACHZT1(vRdEeEkDmZ#sXx)X-koMt(|0!oJ|;nqEbp&l?=u_mk+twLSNGX{ zlB9(08z0aB*&_AE7XtH-<`bkZ9!eCv?uDDImA5ox&q7lZ_G>kHo~mYsG;xh;sc*2V zF3{yR-n%IBA+?oVqd0zU&S+2c-M#EyWN!f4i+mB;7JN9jdy$2q7iDl7u$HXs-kc1T zz?!L+e0#Z6?3T)v3jf^Ff_VVs*$vdM6B=q8=8XQu3HrNB({neY%CYp)*Ih!I^faGu zi-cqnZkTpmvc_C$yoXdsk&$fX!)w1_Xpw&Zc%pOKFuiK(vvN_cyKrun#BPB3j+16=azFx2{vYf47P8GHAV8ZU~ydv+(&P!u&@cbK+ex>JN7u8Pm4 znb8kpl;25~?6%M$2BUq919G7|j5Tf82zTN|I+qxbU*po`5{fNrJCxaz7(23u=Y>Qa3Be~i5aRFwVNH4cahA|fE5Qc6lomxR(F z-Q_4qGcdF?STqPocjtiA3^^d(9m3EtFr;)2{BL~DIp2An@BQBOUuzc5ESce+`&ZYs z_rCUZX{ooqWO`G55P;khIf;efi@7)Z&6 z9`d90_osKW38tk+9!aP_j3Zo@;#Yd*9ZiQSn;3 z8d{AeOrOO&Q>Jy+=g!aE9Y@CZ2<#+2j|1N`1Xk8UAymMLb7SXag(oe=ya#Pi=_=B} zN#CtB-#ss_yt&`(P)An=HajOk&7O(8NPoR^>|&SUeiOSywkaj`7-xE^BO+;4>`I0P zK65pHKF6eC6Dki5viCk0MRC}B%juma40zSnobIO)j{LjQyd3X4`8+HLOLq=u4Y#@$ z%L+rp^9VrY;i(x#*bdls&av9Sd2`0ewCoZ&%T;s;1qlT5EpPG(dWOIfz{YhlysPC^ z$A!+y7v(uMqe+HPkgKf`{hVDiK&`}gbv288Kay(XD$n@VtYCdjopj~M^dJ&P~`<5)>%Ub%<`bI_KrLt124mg1lCfcG9Xs? zc3~3D`C!s4ColrYtHzkPB8~Vy_PqauTRkTI6RHEWtY?$cnJRyWGcCUl1O-xWAhPbf z(gdl}OUHraj|a32*-1D8h16s|LaVuj?Pj&#IZji-WTH)jm_>>ovH>JSH9X8a(6S#7veI6Nz}xPtd!is`pN0nsAf6Y%6$+pI z`j*}Ly^5$uLJzs|fB|nJi@|S1=mDapF(w1bkmW1Z;$;P}$tm`&fmjn_uXE8>?k!=Z zxb$lLY2C=atJOu{|$3RLf>t=h#F(Oxcl zq#hkfNg3TVv-q~rNTb&gEvlW%@POD#@0QQx*Njm9&me)XSs8#?3t`(Mfv+F|>7l_J ze7ArXHla1Pcja10#(K>tU56i2CW6C$(zuW8cdj`gJqh{ZbKBl>8ZOC{q#FpujkU!~ z)=k0RXA}nro`Gq|oSB{%sQML!;oe|jY)bhC=tpTCXzM)ycG=3V;m`tA=++=dqzOOV z7~m_?fmR+BeAW1X?g3escy$<-_p-7AE6E@6CAY4k2jQVWt+M_>V<=?CMk(=b>{2qh ztVUEGfeWXxkn!lkd+rc*K2;9ldGZhZXL#6lSwXc&_vf#zo2Fh5y~^_JTdp3GHuiiS zp41Z4<=|9pU9_+)B-EB141liir?hub<%B==%860sjAf%KT}Cjw&t{aC<3<9k$sC@J zhUuw~8w81xsg7o6%-i-EwE?gjZ1@Pfq_sIFAlhZ$K6-4e+GD@eiGX8BR}GNpuS+F- zn;4`KTb#9XoXwg*p6##P#+gPLqk$%=2?KM^6{kQy4|_n=0e-U=MUhZ3;G?y#BH!~T z42LumKjUbM>4a00Ks5oizd@jJ@{REJHVa1ak#YF?-GzSL|%<%Ht_rd_I$?p>{4L z6$}rO)S_(&I9&YolnmSM`d;>$CAGkYYiynR-xwEF095NN4GDG$B1R9Ws31RF>G9|r zmLb^kc5vqFHOu0A>{h(NYPb@1L>gT)$T2tv*Ta$Ew3}A2wq)UKBGgL%a+5jlE@8P@ ziaf}oxb*!f?_^FEag_MNw|pbqJ~{`XPxCjtVJi zTm7S)iv<;31a@O&W*`myH-2nQd1I#x=h-dtr7T5^{Ys1v7NIhBl;7 zJ1VkgRe2U+H(j>2X$dct1SB4xY_5x8HQS@&Bwh&zecO`AIuk=bfK}P|Q7Y}7=lDOa zwFM>ZC-hvruz*DPG#(r)y3Nd$PL(Q->m3}&p0h3Lt?xjWci_J!dD~N65PF8%Ob7dg zX@*w`TT!|jrxU0cTh?o=oMn#I4Y8NzjuA_5B=Q0Qb}9;Ta#P1eUWWRs;r zk(a55jT9~!?cR;k36xj7ro}AYV~DlB@*Nv9UmMGIsv7+rd|rFVIW3pGIefhLgud7cSkL3Rjo!F=9cNP;KCtRA1D$ z&4TR$mUAplJt983&*NOuDh3;guYSeI*KEAqVhn~}-V1w^U@3YAcU8Qg_i!KWA28$J zqMtYLw0J^nmm}%(6MdnZwP>B7GggyCql})T=%S3%9Z)I6(rt~ZtqR6+v-O&$5_kTk z@+Fqj*xJLx!}dxM^TV_pL9birq%JWa!2n*H%U|hHYLpdJ_ABbWM1q95` z&f}7{w-1d(jDW!d-ASLlIlv?hx~*J>iRv6R%!weK zHu%*cK;n1Iv_;yBO7~p@1OSD&8gHh=mbNqAJT|c#3GoF8M(J;&+Z8RC`6kEx&wxPY zr~mN&@!<3Qbi@vY&*WN)71L%g;qRVYNZ(1y&gJFzk_eE%7Jd9~T~i-Px4?ajVbKKO z<@G?D9GMTkc-Ux*-YL)depvV9+FVneP_@YB?twkndDiw&)-{#ps{VmSl`rZJ_`9g0 zJre5Qjd`ioU~|v%Zhc&h6Yvi(u?>t(pNPxN>5f7AzP3wFgc4Cv5oRr{yIDHeN9b2V z{PnAUux)B?o-@);+lqnC+|s87^U5y{V1}oFrzU4dM9);$F1OS2uj<1`Yw>aH>)hUs zSED0PqFWT_c~YD#jTKO39ryMZGRQyz$S2+nTHHD`m$vZH>h5XDFOG+3VZOQXAFvTR zttelf6It0N!di1cZCuoM?E70Pt=I}kC@96oDA2O9r&x6VuG5il1dpokl%`U!!QqtU zobOq5S^}6(NX%z59!);`JTGdsk}B#dgj8a(ey0h$tBR~Pl(AbRl@sW$Z6l*S3+ zJ{0oiSt&_40c&OB@r-X{&7p*kwSd@3`Xc~e`7AAE_~UKH#Rj+PhvqgEi>go5BPy!E z6nJ9mjN6>4UF~VeyO?X0ajEB)O>-rU?QFTsEYl&W(@y(bop|6AuQEJ8-Md6dPW{5j z7puYpFdWM&Out*BJ@`-$UeRx0U-F@4g_HO~Yj>+|7Bf+{(+?<$BzjL*(=0f&-d_}f zFzs)UpKcR9ZU9=gq1MUDDty{g_ctwi4n@Sqnf_wA;>E6uI$r^G+uQ50hj)SEtRm_& zze1{wR{^#__KOlfYpUuQb@>K3oX2zym|&NX%S^o5JPS1Mz9tpMqM{6c!rpTy+>htR z5!l;8ZJ|oShQ`>2m+K|Cbe!3#c4{<6(v z+?>qL#=u;i*n2oeyvIx%u=>v=%vb!xF`50pah5#%bv9 z0Zwt8v6A&usg-WLPnyO?yjEiE<84ao-VhbdUebD6 z;ONO|W3HmBtd7K#YvImWIZ9LIWY6&MaOj>DePqjjKpfXtyx7c||K#HnoM1c&vYQ;| zh2>n}=xxI&0p($DOS`s3OgYms-AA6+^T1 zP5h-1o$pCbK~aoNF;uz*&oZM{@oE6m=h3NmvQ5+g7Pw(wuMlyu-~cotzdA$Bo?Db$u zTH3rpc&@F1bcsUmaAusB4mlkxl$8lFi`$?fkt6q|_B&4TQ^EIPPZ}kI!euO3O$>O2 zy)RcKE(@h=wApiKDlAGT!(Vk}RX;nS_nQxA&Xv=$G%*jF{Ev!mVudMyA+-i?^mUA>Tb+!-xb2&U0p#`E3uyhvl)hdKRBjDn*99q zlBJ0ZLMf;-?A>@u9TQW!M%H11=%Q;zej!j@)4qa;0!1{O+y}R@?_>Sr;lD-#xnuFE z6y=Yl8>FZw*-S@zIKjNOk`8BeAq7E9xl1mH)k`ikeNA5bo!^rSZ`d#Kv>aO>`|02i z5~wEgz=KN8l7D2EKqZ%h{XPH4d-4do;(WdkA46jO%lY$(;gvXV^&ra|_>hhW$~?M? zGr|Khrq>TuCC>8( zGlDlC=QlRk{rtFuUI_59k!f~0V<)zeI9oG4zt6_?YSz=&B_jAUTMUWIQ7~Jn#w&{= zQj79(o&v;WdP6Yh`EbrbNS&P3i0F#E1MlMf3R7=t`^L42M%5zkL|CB$D!oT8yR=jw8O=@jG= zMYt0YFZLeJTs7_d>Y(wj92<%yUf7*!tp0@RPcbc$A;*=(!j*jc1W)K@b&D6yw2&vR z5&l+7-pfm%sGk7Bp^)U;&t{Nvxa-sdAZ0mb;23jPWkMQw7Pq`Hb>l3 zb>GN;o()!Z(Q2oA*M-!4F?SFvU+rX}Y({JcYruE^zlIf?>AB_2YSb+0(`}^-))x4j zPXuh|mz7Qtw7wg%puqgQ@uoWIY$CxcKbxqgzb+EE&i{Ite3As+tY)X(RqA)I)z@Zo zK=yWm3ul;{Vt&JT-mFW1+89~b+lbN&Vsp9Z0ECbS*&($e*$6f!K;dG>ohz-#!Dd)e zA02VJj~cehODVMV-3k-DmSCijd{! zuPQ9{3Z)kPdWo5q$p7)<$y;0_w9`~US|)lVZ|LWl)WLM))fV&X6n-0~5Ro)ZVhu*e z4WMkTyxj3o?(i21uQ&K#7)hXkCK8qSrd&14ug(s+c62b}r|X_*!0*H!&#aImBe;hGuKcdX+DIhq`# zePd6eRr>)wdfG{%XqKwVyw8AyvX5aX-OM=vUI zW*rMPLlb;1mMGDM_QnO7IBA&4{rnQUqDg7c`FflJ9Y%m(V9&5LHKR~D2@13KJy)z< zK~X}lDf{b<>xPshAWXB^1>?x&M3QC;^>;)*t&j0g*gI1eei>E4a7w=_U8qv^mAR=3 z72W0$=`oI$v2e!5Cc>|T;1(0c80vY|MH0DREosxug|oB#Xob^oB3BEh^w`-WA#o+Y zB>Va}O57PpwuhYZG~fAz7ZH;E^@sn@&*$Iq?|NX{rKh;9seP(dzn{-x;BtRnHiR8@ z^B-Ff@X{Ya44GZKCm!O9Yb3>La&V7NF7DB|4lYBoR+=~-BnXfWb2Bt~?{TS)gbB`= z2=%AYNqcV&&5aZ%$Q6jV6AY2*`t*=|QCzX#J|_zr)Q-{&W&JojH+yB1C}PIr;_Uq6 z;UTHPL5htwXn$$P*E?86XyL>UXS&8o2@Ny!Rm_qLGa;5F6+16&b3UGFw86miw%&U%T{u0B4y zX`!lE>5tyKZE+lR((-k#F2W(-N!GSKeUuwl#w&aX$m5jE;0+?`anj>4aiRTC z)e(h@=bnn)kix>kMR|DIQPS0ZM@8cA>W%J2ya936YMghvG9-*nJiB8h>`4k)?_bhTB3ZGGMq)N2$}5} zbolGzpHS$4%U=@5NM}mJ%j88G;co09EEg*-riy`>H)c9^|3Wti9CM-8?RdHTVBXO_ zDA`6;Wuf@-&dBq};LDG)=X##A!VwLG?)L-9v4iLgyNJ!=N(<%#>ZdTV>WhZqUZTGJ zeBE9BKZ1rZwS@97>5g<9TW8JKn_Xm@SJH+uKN^t}sxHA_z9$Uy)_d@`-3{33Od^}! zu{2TR4c?!>hwD;||L45_vv~e9hkxSZk__D1o}s|z43YCf0|FgItr6Wf-ZRc2b4<>3 zVwgB)c6C4L?S|irN-^KYHxIrHq?Jm;G+cw#2PAfkJm%rY`b#oikaa7IGZ`UF7l+^w z9N{h_iM_2X_@HRxnZlpg& z3{WjOkHObaNhP}bLf#0EAvijhvb19S!%hRy+M*IyMRyb+c4jpDasPPI;!0)?GfM=8 zef;Pp;=Z6jCFUj&Mk5yWwL(Zc^G04yuDXUs6p1u56VtFEP*EawQWpSq@aJ^^ivD~v zD=W3`FgB4z+B!M$R{hwibKA;&*Yb7fX$cZ;F9DqDU$?KeKKYDDoVG4GuNUM!i`-(# zOMQo*sHyklVjFpt5fx?PfeC}J*?<~{9}D_k8hISi`f6sH5}VMz_@K7cax46UA;|Yz z)Gy|D4K~Mi9v@{o*mO$D+ZCl}C*F7uvC`l8Gjh+L<9@`4km~s<(cnSaiar2vyZNe# z_5gn6j}uo@GeW4I@yitB6rcT&6WHfA_`bPn&c#ErvS2)Tp$A(Gbo$|Q5<42XX0cn5 z5X=$Vo&U^%zn(}XVc}NOZ296r#BhSF{`;K#*YhTNoHBrD+}_SEQHlNP>ZZ;{AdWmW zcQZAu*z-Y!cG0M>VfYACg;QABii)uXE3jOLGVS%vx-QOU&(X8z+wgUB8vajj+)v%L zf!X7G*aI5Op;8!6wVQud<-1^6Wqx*Xnx;u-9Q0Mhs{3w*0T|@90AiO-F&pc;d~xiQ z#vIgYlY1RN8y{}jM~xgUE}C@r^zhdefL#vB8}o}@&l#*Y_PG%9Y`Vo7nQFut0s;ch zGSDzE5`&67d~d9vl9pzozQe-4&L55UIwF}H$zHg%9@F!TnK@v69X5QE$`~FCKjO0< zm4}H%I667$`5DT0PZtKT4fwAk=`W)5}M1Hn54BD z->W2R*eI(*@d;*{)+-n6tu;h`AlH$&%Uz&r-az7C&tDJto0U zEZcmCl~}6eq)-v(RAfa@ouGzhZ?uPHp`#T;Uk0Ep zyS+b#sP<+hccc~XNP8&<)jJ?q08 zXhj3;eZWS6Flfms|Iz0IW!~|s*cN@|x{ZgU2NUH4=#UlxUG5hkW0>e_2qTEDlF(iSsI4Vmff*VhOI>yWDeTNJ|^>eD1<6kemALnw3 zlnmJs*))DZClOFa2&&vl;gA*902w1bmkVl9CXr@vyrcb8duW8XDf_TmfCu=GHQTYO z<2{C8p1t zPkT*OP+P|3AOiKdLFl^@;Sc?s{H0~~b*Bb_Qv;4-U#?nD$G=`wj zX}3AgG#c;Ch=VR>rI`EU2)p!p@3dfQ(CIpv4t&4=oPFka12p_GTHMUxfvcleD3z5F z#dpg(w^@W6hyZGT>^ zK5aXXKT?ZX*s8*|?CarszO5mVxGnA{$wrWS*5m)sX~Xc<}0?y1>}(q=FsUx!J{BcWlC#_I5&c&h~7y){&BTAx>o zdR#kfBQGV^3%H0K!+uSC>xd_y(*1mLI@Fi5%WncQ+P4X(%=7g5v(S7#o!(#A^^w>} zbT#&+HtaaKl(F{)UY{CLo~^RI200sL&Geu5f&4c1wVxC++{Ry37VY(@(6?hRXdITi zm5*RYe8Gw%At8PCl2Zs@>M{@bNzZb2nZ@ICD<|UB>RAFGmm&+$>%=XdTV7HAAIIHa zFQ4MYPjJ6--sJ}hcaJwq^HS=L9KQDpfRc6|2Z2e52MW1PF07y#h|-Yw)-|p}x=QT{ zH3nMd!+PyzL-Kh=Aib4o>?t=wD9m*c@wyFGtIJsD_y_uVo;|V{nyT6uJKJ;Ea%+^D zz^vWY(dPlgsuW@u=W@{68mHC4{VN}xm=v7pG|cClCAvN{>ud=!y1sGb5?7hp$8Abn zxu97mT_BJGUF|4{pj%0c5h*Fg2L&Vjze9#S&%qK|rQU}<&gemv z_mleUvEG}z5<{xKu1RCbX=$n*)NXgF9a^PX=Pv?iy|CQwp&f@69Sk zWB_#t3b>OiJ-U$PnHa5x9Ke$RS^!(CoNp}^d@5&FRdtjZvTdb zk%{T+gLxlJu>FutX~R3hG$98%YVU&=k9j@52M?d0(59sa2P+oMa5h0pOII{FERWC=Nyw))&XW{fvE;F5GpC(ok(ep00J&}L+9H>RQpi(F@}FBDmm*f=;UoF^ z`QMJVXXK8rj$Yba9H8ZfH%gDFxO8s(D+$CXK1s(CLuAYe%xmnH zi;qRxE1ZK+8h!bW{uGsjM^;C<@dI$Uo0|5a&RMos3LBtire*CN$S_4I=hY|we99W` zKL7mw-^1>=Y9xMG6InClJUE;ndBB{JelY&l-+$!~2H~O5MABh>evVsx;kOw(MO|qD zY5;#WoE{Rz=G>6_VEG)oRb5P{zlhLh$z0JbRmEHK_R8Hvy{g7(TK*>xUbk}Wm*XgV~j*IA76Q+M`E|=22 zx_`ay%gsU{R11^Fdz))KaRN)&HW8YS<4qL<3;q^SXkqT;(MF`I(M|+j_pQN>VzX# zB<8&KEs;%3ENuI#uYu2{`+axMKo(y(%yTMlAd`?%z`$nmX0-;(&^N}9r3os+rwnI1 zSF_w92gviC94@cR7e(wt5sY`rfhyqN`v+sCKlBpmmxDV`pjQ_Wh@Y8nd8yr(`8<}Y zQZd%!rvCy!8*za=a!KEha)KGV5+uD$2WDLnEY(`=a8fdQ+ zEVQ?kTtLOGL)Uf>G1`5p?Z^Na&V1hR4D3F5g39y z4q!rAS@*Q*5RV}j`~SuWup{seRQzo4B(y+DSc0OwDH;Jprr1zJKP1OH8}E_LrOVwroJEI#rG3XhLqwH!q51ilpy_=j@+1K@M@Jq;X2v09L1R@-Ce=)| zT%Y=Wl9PDjiGHG?NC1P!RwBO*dff)GO5rfhhP@4dA+M5(;A#O=$6L<*!WKgS+#2+i zP$?I4emt_;U-zw00L;^unKU^oqk9;r3B9Gv6p!Tw!1f|5TBdVd4_H`QEM-nf6jfE3 ziIuJ*zEoc4fgk4h4A}s@lGf`tv2iCcxbOS-@0R%473Dl=-z)b|cL)f2&9AW(tKCJ4 z;&OEKMe*p^*wBD|1CYNQx)f0pLpUCEUJq@PAIbBZ)sA-GUa$v!Wn|hd_(qJa%hj|} z;+4t}1iIH`q2>i+V3tqr^$=Di$;jkAtW+WbErzPwkHvGmgde$obbWOL@4(+r8Zo0* z^QBwos9vTyxjoR!P`bn6^RLhYtqKn{yA?2X65KW`A{L5&A3yFp-f{J*oVuL~D*b>+ z_R~N37)hW@Y*X0hR4_YkwZOy9zc7mbo`imqckkmdq`D-nkbVxl|GB~(*NAvN_Q8rn zwwBa=n{Zy~D!P;3w9G4NI7YFPdk^cd;`Zs9ww65r!JKQQ6T_&h(x%XToM|!7qrr%h zy2v-aOB^G{B8!25Ygp)`?jtfb-BWz^0h5I-F}FDxVPRQ5E?`Um|y;rU+u zKA&Ux*hA(fGCn`$35Dja&_hgfUv#pOK24i5%S zWZcEJMl~&uHuV{ZO^ONyhU#`2?C)tBmIAW*i{;gW4hhU;qM@zG_Ak@?{2$+7;5n62 z#L+E&K0dvzQpClJpohZK4_^D#c^=aw8hcdEIa9p(?fzK8=LLASK4H8B_?*t8dn(v= zrl$1XXT22#wYBZD$}2Kz7v}*qKZ1$^eaVSw9uMO))`y+jUeD3v5{dww~ zxGb&_0ok8p?0Gt_2W~YBdz11#B|o;W9ZsK(6!!2mUl6zfoPrF)#)Iyu9!I7e5{poe zqIO&S+NuH4O47%YPhR5y`;wz3HPpbcVAkXpt7fy*Hu9gD{o7~6*XLCOA$Ez}6K=x4aW#Laf+TGyW))``DU9XaX5HE3Iu0p5DB%N3MJjaG` zCu_JoOY+fNMxh1~-sjpgYwGj`FuS6$?FaLUEl~KJ0>FU8k9G9ExLn&o_wq`B$;Wh# z`X&%QjOP=UV;1kU~;X@pNi_vi8$$>DO z&dN5Cg&5-)33DwriZ%bTi`ikJ^!YQyQKrfI)Ydj>%vuta{*w0ife&4z+Q?Z!RX_O| zo{Ia+hOwucDn?|p`{eIH6sdI>rmNUH4=EOc(@x!moj2H-q%pz^A9D&Wrd2Yr*zj+A={gBD}&ktBnY|B&Iu3?=O3!4vqB`NA)9w}L zOZQccSFb)ko}He4E%!RrP9+ECd$pl?a4vT#d4-t+yz-e-tNqB055cgd4@r=Y`TF-= zJRTRSs)M&_y_U<3TZ;%NQsvXcF?=G&6{~6niMy=xDWYz}H;BZ6X!e9hu3^R$%7{q) zF)x(ZPPbIIUE5K3^(WNP_hRot@Aq(V@gBXYRR^ohv$c-_^6`~W$dAcC?pZ|sOUEHiz;A3Y=@V(uk>Gg_Au2T6e z2dBO859m|p6?xcRz^B>7X5DM_ukqd3+I_Xiw}MW~NdE0kI30q61qJK?xf(PfYAdVr z5G5$P_-tpSZ;vi`+37++;+SEtRJw`7?1~tFf{5^+5MTf|Fipg!YJeaGmt^E`hsIy0 zjGr8?i9Rq%CK-1j1x3-OOYML?RyBB9@8!lgG;a$DAIbQ7t4fYR!%9H`UqNeFLGE>> zG(T$FF<2cS80WsnCMue(^jIBli;a$tD+*KTyY7AO(lQVU_?nj;FC~m)&5Sv;AJ8-F z^4c8^iIH^Xms=70knb-dBJxaBG{n4DC<*`+%!1suKD8blQVI-yJ*14;3R6}F4riH1 z2?_PC<=2d%;PUyoNKZy*(AU#bbrvk9dNns!T>hT3etv)ajBa$c+>8LKU!j8!*&w3H zjzy8D(yR7qs;NolIGIQO*s(d=n7dTD+L049Xi=5GXn8C~L==|)w8;u?u1jj`;9&p8 z@pi$1duLU+!h)xTx-t>WJ5rD)k`Npc(w8{}tE@Z;a?arqWee#SUS)6eF<+4M7K@4F z$Wsh={sRj~M~^x%W`c;ht`z_Y#=^k{scgX|V}W=7?A4Nu#1H@#j@ENdx(~zBrBNkW zD7oX?b5k>&&8+MAJK@Bp*`uPrZ7hD_lAWFKi?@^cQ8l&UV*ALwdNbAnU6_S2(5Qp4jzDxO4qMg1epF%Li88yOe`ga>U=wfU|6 zJ(_cSPxY%Jqki+I;^`71h&D36{XX0xDC(b8Pp6DNwKlVVX!EP?aM@)`Ol(HDPcM!m z{892&e|c7&Ncx4BlgoUt8bah8+4C4Qst!&P)i88fO4*oHCKN5*Rkl#d-ol_mfRr_uHG{9;#}I|IDk7NodW z>pJ1%sB&Lnav`KYRvuY}5Zc5?Czh1vifMqHm#Pq7o%@G=%^@tuLplZfrbSBnT`eYG za@I8i8^XKPZUW%SI#>_rUez&olSXB(OI5S#k1V7>FMNqt^;4|&IjKNmlX zbkg5A`)X6)(0nqRcjoA-v~_Q)qBOPq)TNA3#+}dWc~39|wpy3@{ZvWfIC6v0 zSSN%GJFYYmkNWhxs|#U{X!sYnIA9_->e8l#Yc%q%OuIFvj~y?D&+EgToFA3~^HunE zZg(JCLvJZ5DP#NuI5@&cNJ+=M8Zh@o85|1(oi+6bZDjih`DZH|a&ok}Cnhj? zMn@OAC)8{{%#6=+5`RmQhoRAr>Je9E6x$wzgkjgja%0UE{9sY3RIf$ixMpBjifGn8 zhLOI*MpKhMBpa#kl}vmjzL!)S_XP$MSh0WgijE+ZsC0t&m;}4l|2hCqe|jHqR3?Tj zolbZBss$W|9z|<8^3Vfj)Uuj>J&m5duELs8`vi?ncP}w>BX-G31vUvU6jUV=)YCl9 zZf_K^6O2D&#xJ+rLAqcjK`TnXAJJP5^=?)6>ARLtS$Rq$M7)AVWAQqaDkr-846WJ{ z?}%IMMO;|RAX54w?VWhQ9r>h|CuYJCCB?NDn`ogSDacg#sW#sG-T^={Rst7UH1@Ws(Dpqv=yfB5($ z-x59srsC$#3OB{}vJh2T11>3LJl`TqEE6$o22UKiotne7<0eirlm4tKqc;;J zh6BPNJ+pw)>sdW<);z&wfD~zEJq#JH_j)2o)hkl-r{GAw7m48Y#xUiT8T9VEglNK$%_y_lMk|Ac?y+}`jtOhtY)A{ zK*5W?$2Cv6MNREP zqqvNWWW33j)&>`ze8fpy16sZRWqsY+<6^f14G2H;5)&VbK;|U_XCnmx$14{RVBwnzD(5HLI$j-iy-n~bifuFQWP*VZ-iOqFhd?s{|h??=-+c`U$a z!Ic&Gn*Oc-)7P9Q_Kzo-Z+E~o3b$rlG`tRle#SE~VAo*@vav;ni*5@6@u$Uzu!Zke zhC7c*{`K((v66Z?(;vv^T>~hwbu*`?=#h_OpW@irAKyQd36WG%Vv|EaGstXM<>^MJ zqLWp_s3J@0=8m+DYHcPsJZ+!lT?xM|4-^WmbXrwmoR1NFqNS}p6w6^~xzrw32}TM`A-wCR z1o-%VyOEG-CIZ0S+H$mNZratws`J5++wH0f9@Dyi~aw+W7zw-j%(;pT@qkj&1lqpI@&DC+w65_W$DgZXbCtajPpTw zjup;Qbwm-D>@2F%ySO|Otn9m-k&^T~UzL!MIlR5W@dn7~p3050R(5v+VhTp39!qq& z*>$XlMx*)6_87?RUeggfKl#^yN($kcxF?iz{M!pa*^doIxoEWHrL-EN*;%v^;R<-z zlJvQllF1>=cEJJkd*Byx2x>r$AHk9$tAEju!POCuX9BqN&kZ#k&nj_naNMa41al!y zOlp^-lq`GWxxYt7zAW(Kq(HZ5?xkcype_^#{&-0Il-6HHAja9&LdX1SIe&h_>0oz;MVc1UH*YoxZItNK*jsr@~4 zrEEN-tSplL(;?nF4b1>KcJe@e+S}1$TU*rZl(c#=#| z`%c=)hq)W7wtngzs{|JloCbH9aY|0!g>DJ&;H@Nir>J2DZ{aXu2YJ<%0d!Rf)G^4O zRL{#$!&Vy6H?UO~fAEP&Jl&?G=4*F%_cI_k5C_ikAwXqbkU5>`D(!?E9hK&4I3O|h z#T-_;@0%Ysjhn?8%MwXkK+@u3yL;vLZ3y7M zx9fI>$8W8FB^9-nCnO}WT0^~UJv~LoCMMX_q0-eeWuIs{ryG*2ZEOHkED;biD;4RM z>bUgpD89jmw9ycA>jEdzo;I2F91{E;1Ns&xwU2t8^@@Dy|K7IWGS34wfIYM@U9LUN z?u*B=?xb1umw9!DsR!RXpMOQJJL0ddC?ytZc-Iv~H@HRy9YLJYb%1tRDd8 zL{hV@Pq}ndn$~s(-$NQlTTPjEQ^f6t-#Hn+(c0Clzm0x`Nwx#adA4>Wn^7S_$ zdossYI;{v<7dc_3V~<8FlvD9GSiJ(~)F{-$Y09@>bLOeP@aIyn>qeAX-1f+$|;rIyVi>uiDdduf7d6Lv(n=vbA)9r$+k}r8ne8-#x5$^{vA+pw9Kg9 z)4e@*Pd3mroE8ge28W;9jH9pJ!=EUroa`5tB zJNDlxBfQs5_2I^GpJ$4c;KO|H-WbyS|?2;?7`+&Zo(HOwS;yO&NPRM z=veS>eFZ(~qKAF;wcS}QYni?`*GdFSAST;XyE1S^s&*eJ5O;I}rUB6lo7xucKgYIQ{L;CwW*C zeDpe>t2qFW-Gm^fbn0!QIha%^7?_w}oSo5p-QBO@>kXX%i8LT~Y}90xl$dCVIXkTM zI(201oT+!`-I}S3D=aE1Kpw%H7?awH6v^r=+A*kj?NrNs)r< z4HZ9j$wTHyh~R{+ZY0Eziq6PtV4x@0bd_4>v_@a!-v{=8hTs3C+@H`4=(O9e1TA0_R81B7&OlF}!H zR&FYEBQ`JkNfR|go#49pEzRHFu&Rrx#%4UQ39aH@SFdT^Z)+}HUAMR zedPnt%7BCIh+pnNMF1aj2LAU#Fo|qkaIc5kO=`h>K zugPg^z#kEk$>Of-{IHsSs73&M*r=9Me7$3=HV+B0TW9CvXx zr3gDQVJ=oB@*?YiXy3<|46VF%G;m5yVRli@+G#JnYp@# zW7K4hDzc=6)7siP6X-%R3`jBai;F{3-BFK7D0_EaW1cpVEg`2wEu9Vp49ZQ!_yuoA zTt`78%ph*OeQp zNxsl!wDBQ(poBt4u?V$APA|tYe7vDB7#6~Hw=VNbiZ)G6eFp$v(D_2#TC^J^w4hF(w z$$bmeoaD{Wz;SLcQ57LW6aRV0eIYiskiGr=u||ib_My;6yq3+M@%cOsEXQa z?sBk|RmL@#4p32+SC^Q|cP+OH0dUD>V_g4`t{H4+2P4uvy#x$vO~4loc>n{*VO-i5zz)FDwYxKE|6&(RKNrU6-V*F?+EqKm zp!&5Ngr?svK+KGG2}X*DiWG#|(`<>o^$JQ7FJNH8{$Qr%e6zZF;upn`$5@yy)xrM5 z4n0)~i<&&fBS#TKm#wl@bx6q9C@!h4iFr@2c|+&(mlNW@X%1#_PKG^ofZ7ho6qkzK zr!K)1Xe3N@vei+4)rK9pUAYB0GJAfSTcJI%JzZL6M5Bnf%LqDm?M(oLSrIVMZFC4$ z-0>$54lp2y!E>k~#F-wf!-oE6x^pX~+XEd}gCkVc#M?UdF@!4Xn=x%J2udZdJB;r1 zUFh%omjM;*OJPas<{<5*q^BqC!m7Vhy}|0Khc3UdB1R@lY$lRu3xFNusm4=aQ)Yvf z7H7oRuoefb^w!Ay7AY4>L-i$2*=MTO0iw!!cR-@o!`1kjQqV3NAfXJ7-z!r#Oy}n2 zvT~OeC#9yU5Q(2WIRq$gFJfXlGP!2scDiZ5NQhJUT71n&!H*{sN)zYqC7r%LX9I7q z@5FH$b7X1uKK~xsnf=$6$+(}(N&PziA75`B7iIc>j|-v_0s;a`OLs_@bW1lwC`iN5 z2-4jkjdXWN%?ttq(%s!D2-4E^eb{~L?q_#@zkd+$H4o37*SXJiopbBC-4e4!S8&9+ zKbM6|dcG64c{uMmR4X<3a?do7Wr6+Ju%p$yiO2OZ^`aw0a%T74Dld}YK^$^PUlCk}wZUV@mHiiFDapLn;`VK?PoJc=_3DjrNDRXy6Fp@6? znnY^++7W%eiZ?%9+MRLp#*W3N<9!i5=(R%kLIkPCjCUb$IL^rL2jv--n);evNuPaC53{OI6NdqODe5#X`8*QM$K(lDW-ZE}m5G zD7<_O|3$gD_PmyQYqSkRq2GPvX;nnDcB%NMBg1*Bye;4_+py}>^co`SVhAjs>lAldRq#V zmM$2y-gWsf^WUf?HesOSz~%EIC?O$nZMRw~atA2nNfDv8$7ljEwpXF3m_VLoroVw6f{XpESzn+oD6R+lLPu zi(#}G3IbrfJPbuP`Hp`{>I_4hGx3+ei*UaM&kYZH1_KfFAObV(Y5NB*hieqHeg-Ko zO$QitTt*OM>^X3dV8gj#b$=Z?exE+b+<_{oz`@59e=#P_GC)VlBF*`eVcABQK^dcQ zf!h@5EP*_FW%*S+kj4dWbrZT=fgsnZ0A&os154d0ShiHCWtw!xTG+VXHk81C#{)IB zS%I~cMZObZvH9@@z2>4gUYz1H&}*qd-k6+b42N2&l58mAoLQO80RKlsT`Z}|v7KDZ z#PS!@QUjEi?_cdDVoA7q`g)iO#r^ZG-;kj^1}>;Tw%Mz{eevOP=k!CnA`)z|-WjW( zDQ&*wX4%;nxPskq6Z04S@Ed#HLmZ~M2N+JB8#@19Z&@NhYk?g_NyQ!;UGBAt=**co z-s}bWQU}emXlr$(IWWLDQ#BjEC^It`L$kf6SV7fx^Vg*l^JaMZ&|qt8E5Gq_+Z+vz zi9$YqpDQTflT722g_%i9E316YZSK*FP>Zdt-74;)!T}?xsLVR{0)SdfHUQP2is^aJ z4i9IwLFF{8GW{MA>LyjQvllvQ+)7b9Kll9?L>hYXEDmu_iqy@Q#O+EZ!qO)NpIN{M zTzAgrc`Um>IgCW|{0kniUAqsV{ztp7 zc+2)PDO!R^4TN<4uS(%3^+*rn@0|{1J^Zp0>Gpy6nCqEyNFW2b?(~Ov0Aqzxe*2G& z6~P8s*n1mYst@s3+gWQ+guVG|PQ7v$q{y4)pC`NyIOmOvO~Z0-1J%zTHfHAJ!~(Ub zg+3I^cRG&Zt+F|Zc6G=XYAUJ`*l;^NHds=!Se-N?T+iEb0JvvoWJD#I-4uh^X-wGy zuwQY(ppSd&{C!lT4N~vClRaLdsp{&=Tc%qV18~EVxVX6QJWaP)00-TmnKFL!?n87n zulL+$g7oV5@MHmT=@)_6T|nZ5-0K>&HW zZEecAP2gB{j_uu$5hAoMC=VH%9+$Yp;Lza=x#~$v?c3CU`WbIq%w+IJY$Y%r)t;i> z?2Y`>fIc5T`LO|f#J;$ccuABkP92j7hZ6nF_0k`S_F}4NoX{GOrEz}25UVGy)}rc9 zcXM;=0!b$&+rt2_GtSTWgGfQa=9N8zgdYw<<>0#>jBJ?b? zv(k$mm2^`{9>)=sighV;Ec_8H+1-{~hAhMuW?2c4^o)wq@a4EZ{F{sP?9-$1xfcA7 zDLPD}BY~JXW6Rwd)0eLoJ?`Su{h$w?@IWdW6_X3wJ^7z+B}&Vh25Db~B9dBp!$6x}}??^(J%2 z&NIwdu9T(>9FEuLJ3rc4&{UlM^j%FiN$#-N*ezzUmYDckofVXi<)bDu;iA(x^!+YL zXH!(ft8aVjyF54GL8p<56faFV0N~;ej`vqITkn_^IKSGnTG@LaV=|Cb3OW1hknQ6` zJ+z3Zd-SE$Rj93jxuo3rjM?>>HQe{%N8YG>P)16Q6Z5R8pXg(v;O#08tfkO>uCT$* z*jNd7b6xJ;Z6|HsTkzgy=0t*q9C)^6Qn`d{lI{fXI#kUR3*V1^>#0Ff7hL!$x)Ge;2d#z=-gTQ-$c zRmB+}8yiX&bTd2Moxh_RbfDn0nceyN$%=}n@AS@Twod?*>j|Mc+zFDKL<)8%?7S3+ zFnOIK4P;n*G|peW|C|*c zJUNSvcHMp^2zBHV{8{ftT4!GA0ODmkNySk?`p{Q`d zTu7k&HN=2|aTk$(yVQ^AI=Cpl^Me z8-@-#xnXaV@(X8%umGslb{%bek70*0g+1e}5mU9@5k@a%-4jl`*IDY3wXdD#NrZ;e zrU-PFUfGgZEqZtx$WKrZkal-^BZG|Cc1+(^U(3ZHvp5*31v80ud?CJM3@68kyRA25 z3vtP}?`7`gIL{UUtN8%W0)q4YI2S9OYH-@{w5SQ`=!{#7nR^q`PKkf^ z15*%p-S|-6XUcuE$cNN%8nW#jpiDwS*E3ktQyKTQ&g$pMLtv`6;%!t7FVj~`ZtHRp zAkJCbU@UC8d5eR;DL&H^MhO9=)O(xFeZQgpefi8L;9TmYee@yFRZpYadi>F1x%yXG z_Xp@?4kYr>SKLzDx{$$#0nd1zOd7XhE%i8MksGwl&bu>plx$b&xtEm&g~zStkfi6zc>b*is0aFFdz`n+wX#o@*G;fg=diDfIAWJXu^>B zBlm`vzmz_zH<0()uF{YGnek}S_}bM)+qa`xE?Lk)#Av9sr8m`;*>b=pP(p5xUzj zl+uqlCkjvpyga~0g(5jg$&={x;vg4sqw1j~09(CytY@c>_9geEvS@xCKbwW0(9&%! z1|>bx@wU`Y47kUAn8Tz2T&uiX*6>|9W^&Sa{e|0kI_0o!|5%^0T?v;>o@`{`?D#mv zK)f^HUGDr7Ia$b5M@<~|i*6J=O*O~6BOC!4G492ZA7)`gL#j9>5EQe?$7O3~6!5Bn z%Z5wJID^^Axe}$nkdq~JLFnk{=tFHkeBg^9=1;(5)DlKh)R9J0(8|2%o@x)n9|aBv z`07Bq1hKSyT7fja4E@=;#=@(Y9$QHCE8HKG==9HHggIwVQ`G6DG0J;&c*uK}zF3K$ z`C@c9O=p^sgPWbEgRvf_-kUVOZx{l@o;0SAeCFuu!;^?^5uX2b+d;eE9*a}V=m{1) z({Ek`4(uMN41IxG0*S;=5$Cqcn*spbe9dZiTJ8oIyj=8V+zLN`9^F_>j5xP&(9vzT z#}hD%M$@^By{+e!N^}~jYVcus4aPF|)5zAo)O0M7gok$*t#%Ijz+Hsugde^#LTD z7vnF1qS4jJi8`xI^~(u9U`>fhG^0~Ca0-S6ntgq;45>t(q=6W#Lqq-Riy|qOCz9nr zAgn3{08=}dDrD8vENe94e*)^rFR#+9w!ey9;kDg=RG5|JLqJHVEj?EZA#bTII6HHp z`XVncuii3STFQuhV6C7Ki9I!QnS2fqh!TvtP$ztkQu0Nvq+XrbzHk7m7$Zi|_T|7_ zR@K|c;qnT2Sat&H<3Af7aD4Jx6ZW>u3ZwPguEJVI<9miUcQ+{B9b|_72sFSyWC_6x zS!}`2-VUKW1QuB#TXLXTYOh7Y4+nORhaQsn_GBD@KfL(Zv#^aS41{t4A)?769h{Ja zjy=^lO?m?DWA{pWG!$?&=D0y^A;6PNx8I(jy#-0}?+6Z+W*#5=Dskj2(zl+qhS9>l zMHDyuSdL5WGC(~?nMb+pjI%|U^K3+V&%Kr$aJwKCfuICskrvj4ySVWgV;?;{;_F- z2E7w6Bcl>yOY&QHbgQ+|B?#()-_?=vjRD!M=DS>(xCy1scl*~*ckt?vhpC!$-RUSe z+rPj}CeCfdE_W9vXH^`+c6=EX(~@KQh7m-s-M`<-T<34NZq6;1X)#O)5>lmG&qR%X z#tbAb?WA4JaG!fk2#CifeYZ8?x21!XkY z8%;b0xnO&O9@(+6(p@K-x81zqsl7;wcNEiC(}~&|NUf?RXmD@l>CLq4w~R_S&7E{{ zi9t>c>#gODd-wMFTA&8-mnW8XcoHKP^nqYg=#aV8nG23u($$cnRdX}j1vHuwfdD|5 z>~X@BdD+C5DF4xtuDIiL(S}HB=p|f{00d6lyV0e&{^HtjMcS1yHvYniC?c#PtLA7g zB|jgJ^Yo4rgfzWc6J_|#88k1EeT&);W=Mmp%J%l z%Gn_Bu1T3>>D#W#e>T{_yv;wa0w?rPk4OmMt$-K}Ve}kkmH{t^{^bo4`h7b+u8;RL zQEbrcX=xZJHftx$^b+H@W6H{ICUcWhc(K7wX)M^_L5~+AOwqQT;RGU5a+JEBy&pA; zpoqE^6KGtDK;i@2+C{D(;{vb)h>-8NULoOMp_L5NfL%(0;pchAULV&I(zm)&*QgGGMD(dT1A4Jb zUx(?KSuFC|E6?K}r z0;N2Y@0qB8tL7BwY5&Tvd&}H$h+u}yfVoMf(Fz{8;2Ewg4*OR1y5{=JyZpM2!clq?Lf!0X?1jt8d=+A?uE z;)brKRn1|mmp;`tHoZahK!NTT&1jq63H$vgr>&l!u1rRrtI{YbixpV+`{;Pon-6VUr0lRo^bIlrr( zyf^N007P`uNWUKS%oq3#u`mC;SfYeC!>}TVXUnQE7;wIsE-4cCXW)`)lVz8ooa^a# zsxj}?*m{RhBuG^V6ea?PPZP;C<-*?H-tQON6$RW2E_WiS?*I{(?=UEsXflv0Lq$au z7lWO~Z5v{6dAe5+8jAYi_WJbuC)4ySzRUbsC-sLF0rB@ z@S&$eh5?`zFn3&ALs1hTAGA=8wh1~QEQrZIm*lqOefOIn_}@3p?0@vck6z8g#AfH56a`wB7Y`Vj z?dI#?r{#)A`tv6M38GJutwER$wLz-G3kwQ>O2F&8l+XnhaHdv4mp42xS5UyXJC#HV z-MH{=q&k@G&ef?YDLok&D~FerF*25y=5jB($LhQ7aO%`MGu`C_+bhwFZJeFCJkEO! z@&VtZw3jbm>aMmHee8nPg5HmG_D+nvNIXlB28v6$qC*cIuE-ZLj1J1g;S&FBlh0R4 zvTqMyokXW}_@mW>e0~{7g01R{DWMUB40r2kZR=uaZ#S+_P|q$kk=Fh>L%PWO~fnQbZO@QSA>qivzenu%VNb8Y_O1nkAZ-}=*w z$?GIrDspnfLf+o)2MG-^R5XZ=kB>L#CoaZ?FkZwX*8$RgwU)W;Y;r()S1>oHi@jVb zSX)~=44m6Gm%jRKEdsnmVR^Yizh$WP&b5RUzt@fX#YiGt9AD2dI(c$|1guZK2rinH z>D4GL@Czc)Yh@o9HS16daZjAVQ{__^S=Hw!n^5#lH2WJ9zr3 zsYLnK)=R$kod-OTCREp7>J+xlV*&TG@-Q9#vp}K6pEed2$_|66Y`pZZS?PY^{Cmj$ zasaDm8bC_V_oT1X5q01Sp84 z&DzP8i3KcBr#arXxX4ONvj#~t;4W7M+W_ue&C%}(b&q7$X1@al3rNv6dR9sZzlgX$ z$ye4hl(vR@r^OPB1yzT*$~4ypLAN1h=*YGdEkR#@ZxVlfv&4&Vmrysk6HS4AEpNO;J||_gV{#1$93s%QxZzJrSF_@aEVkQd<+oV_fTzKdiF%l_J6`)qvrV;E6{uMR`T27vN z0dSAc)juYAdmi-9eEa%NXPGhOctV3cW1NNHdFRX>G}|g@gJ-02@lQB#1*uQ;=b2BQ zXIoBQ5G1fC4_xnrnFvPIW~DeeSk9zfwre{xm46x>7fMB)pNn+9gKt`V-y9*$__IE1 zJQ!9?3#Nbo_#~`Ek3D0TC%8+be?|e6W;{8Qe10*GAHl?D;JBlF+>YXme4f2ZaN;@q z*&+L+rc`_Odsy|4Dhc+ClBPu5$XX`|P>gk{Jxda40~BM4aqirGF8yNV<%06?o$kUx z3twNE8=5~~XOL=~$d-KWeqFXrSblJVdg=6WLA*IWxVGaxKWEbvfsH-`$`gb{8|e~D zCJ~Ay=VD8`U~kJsn!hUa+OUB-@Hw7P#n(&xI0sLG2Cc<2`8Y1TV^Bmdz^O;$jSa12yZ(R}LU zX+j&bU?j+%cir7$tfw9?+aP!%82|=L)!*d^89ls4rbpxq5G7i0-)@?`*F9c5 zc8d{jA?_sC4e?L;6g@M_ieyjh&H^(5>X7x|>05r{@U*YdHeq5C@bMjd&HB}6&UO>E z^$-33(7u#Z|Im>E`aQ|HA73HB!P<11EpY%}&rQw4ZmJk0XIfIO$K5oV8r+k7on1|3 zW#G6iu@-Lf*~GelWuVH^x!=9~Mqh(xVgfjNOzxOkyYawzt=^-L*KE5F*Sc+m^}0w& zcwJ^|55CoNk(dWcLpMC_67)LEzWt#w;D+Yt0e?X-A(A(ZX}{f>j5qQ=DC|_bU+2s9 zip6AK0Y3)0y;3z~RKs+-7GeVTJO&I)?%s~Y{Q!UI;*B1MToZ22_$+U5Pp>|hxpB=m*aVZQc|As~*zq!it$ z?hxDg%yysW|NPy4$HhOtf!!g_Ii{0jphUucr}ddl|DeHQ1RoXJatF^gZmk|8bMzRo znm2>5eq>EMCL0u5tEw7{#c2T;WLXfs`YZmv$-JwvtJ>#^ZijqDg1Jx9F3^0Aza+4) z7aIs=L}14Mamt@NuaB3JX6&S4oT_s^b4PP+2qf>CJw$L~UYwbc++k$pj1_MwD=yE8 zi05=?yd-rCVdNs^|B@8>$&E5EFF#2PV;e9nfR62EVkQFG@pCQ(09deDBjVz&=@3zB z4YNkNrvSqD@fZK9q4G-;?nASEuy1StkD;e8&TioYEE&>294gZ@lVA;B0o0s7rr&=+ z@@5Cb1YxeVJ|KhF<|p|p3i-TH1j51#FXYEE_vo>i!@&G}ZsIU`AdnVopxC7;#l*yz zHH7-}e|kBBxhD;4$pvpS-|=aHN9d>L-#PTi7xAjjCh)DK+n|6mtgJhla>LQ4$n*aT zXWp>lJOg+XW8+@);c=m0)C~ssf$^8a&6>UZa&BCQ&SNWll7-5n?RREeTRHZ$i54?x9A^V5|d-slznt9960@U=RSl$&D zS>Bg~_Yd@BK4*k8F?LlZb%R7>0p*@h3HI|}-S8_I^SnlWjEYeH8NPb~+T3}+aQf8k zAej6DO{%GXiH40r9_U@!C#(O}yP!J*iC&!Q-{OYH^1yE}`mZr6&=G;|tgVfZfW4}; z=8g{a??s#|-qOLRX2;$IO0;O1tYIY{teTGYYqL7?YqQTssa2FcG1}WZ=``gJtW{LV zAGLCBJ!HQ>h4If$Qb6>R^mf}+y07PSd|H&9-Sb^6qX$sR{@mZ&&FPMf+8lM+AVaoI z6IXiptA&3779SrVzq#9d*tzw)_k$h*J&YN3jm&bPkXce4rlaLQ`xQ}*ol}l-uHQ+m z`&K;HQV|>FeP1CKP-wS|g92@A^eeV}KNNH5G&VJ6^AnPF=UZ_WfRd~*x&cbh+k zDrujGzS;?0!IF@5-&S7(jUpr4%47f6h9qnSTyMb5b#lM-cb7k#yTh_`mzWc7Qo`ae z;OG{_gbikwYAGvU^#T=*;=Rz+kXMSf4cpx09i?Tb=;s%^u%iY{ok!NUi?S-aEA5Gl z8Sc&;{k1bIt1GmwTG)VJhqhDKKXyXz=4IJt1Mk`XD9gh{^6iJX8+Bw}dC6baap{Za zo4+#Y(&?!w@D;+-^Z-m^@M@NC#(WQ9m6H+>f4cPSwjbG_QU1o4y&~Y-MnNH^KDs@Qc z|6tk6-*4)tKE54pQVO=dlSI~tO)@`v<8=;1s1avHk73)8u?gwUpmodA^X$q_*T=lypaMvW&D+!>M9_b@*c3!F&Y1;y>Kjs=oV#5E!#Cy02x-ge3SgP@%g>Tao7 zjrl8P1CA5Eol^$Ojx8$`z*}x{JtdNNJKa8uL3s2`BgDQI{a z&uhuM{h{JBEqVIbtrS2f&TawMe8|e^O&U%B)8Rx>2Vp`5U7?6~jt^NRB;ODd^fG+SuI z-I*yp`YCrjCm)UTYADwCl?{9y<4v6Y6UxNbxr%?(C`xb@t?5NcWs_Ory_4-a#Fgur zMggub_Ac_>^6J^xB^HdfO`*bOmik(@WCk0EYXitF2TEP6Wen0+ebYpv z#<=GYFpWoFv<)UFPdik6TKhSNJC=?cvezPHM65*u+zbB1?84`b*J)u56q59^Ckmrb`4WG*v^+5 z=EbY<@uz=|aHEjN@HDo0eF5C1AtO~vqUnOb5^naxuIi9syTf9pb)5w4B?QXL{8MiE zeET!{MirMc1{Va+K%;fS#v4%n>fPy(%Z*+eMP=9w`2JE4D>&%F>-hW&_owbm*qqB) z2;9V6wl2IRP33B4r!@h@Kj?C zY?_Wp8UZuBno=uXP7auXn+gE&(;P<-0kcySHC=(0eFoHwEI^ic(A~g8fgkOTZy!#- z7(hd6RBwI~CQohPme$DfFLmG_+u#inF!OH4BUO@si!pXulUkB9nzkJ{X#mJmChy(5 zf;|q@k~3t_F(cdJQvEfL+Q{#;k$4N#Ra0C^_Yw!g#Di(*GVf{5<9x?z?77C?xW+V{ ze*eX|-+azdwf!UMfUBspBn9$MUtz#Fo=L4Pgkl*yZ6O$Lst}*_QQAlncer6%m5#x| zR{SpJg0`H8M%D?n+_xKU2|7JMPkrBZb}l4-%_N&-M?KYs{jj$BY2B5d9XlGo9C*>Sqdsw{O1tnz$$wfo}?hL%zpExW# zD0}+5YpyteN@dx1R_wIVpA zrCQ{Hs+y!>3bWllIyOQSO{8{mxZW4T`@{lMOEcWq=O=~cI7OeENzS?SB^u>rea|Ky zJpQKvc97s5c$#U?zsD^^6CZP?{u1TNp9ZKn{@VUu`pTh4!26vb5Cs19>fU|;`-DM8 z>+2oi9c&8%Sx4K}mF3k&6l?j{XW5696-3KROJ~{{g?@+CjhdhBzb!xUDg9Uo2U*3SW-M?@w%2k9xOe(_q0tuO{{l;ZX@2trFm-$XWS1l9@vmtGs0IMywN4Mw z&oEs0vos7>y;iL~+O{mE=v6&%*}E3rvMl9XU-($ketu5QDE_&#;CN7|drF2FrOoZy zQ_`R=C|l*x8>C-E!k>c(*hv8zFA4x(|9?Ah+?93z%{}bd$X&P}sV5ycjq%1pfkw<| zcUjzlzK$M(NYk}2vo*`tYtpd0QZFN5j_O#10*oqz99{+(g^)6VaL5j=iPqNvRQNoW zmSL3SJfR&*e`vkpJryqTdm8-@9Fu7vyD&EcgofT9A$=n715lFZ@1ip3eHfd0h>92Q zVzd_inkX?hr1BGHxK5{JDsP}=xLND`T<0@uC((Zq8h4K+BLn8peM1qdzdFKS0+_U) zZL^M^P-l`aLu!U<^1i)Qf_T+lXTHycpV zJqUMCNsAX@j}q`bbg1qpOnpj9s@NJ6OUuTFaLT0ThWpPcEEeJ2bZ@c%u@Y)-ce875LL%w8Epn~nS{90N% z*Iyhc0c{ABr~_|;c`b34iZ}GpUz8I^Q9+C$^Kg&1JeGfmv!*kpGLb6Bj#{q%cmDPJZ$2+t#Ljd+F zs7oh_jqE0dbnm5k-!^?}CA#jnuq?4W9l@X10laB@@%!2GQc4zqP-VGuaPN7)R)xoK ze}NHUvtK%W6!6<(%c!nIk_yBPBKVe7h%*3f_^jUZJ+lTm9o4%JPi@yMR+K&mLgO4@ z$(d;5*?Q zinE&pk-_4VOWuRYUV_N08aD$$V+Y5Al@?uDC-IyZOA7as;xD~CPRy6L)BI@7e8r_v z87>5t$+^3zc?+U;??H3gbB)5MpavKowB7psbU-^EUXV(SaFJ48!WX#_%7|0`TlPJL zg%lcY78VxyWQQ!9Zx?kQOgOhi$h`#`=SeGP)uK1 zHonQ#@$`Oft)`}_tZs}OA0IE*nC17VOG7Bm8(RrcRv3jAf$DP^ia&5hU&RXEqm6EN zx$4G{Sx4{(VNbWxAbz`k7b13&X0P>HcBzV*Oz4g0$BL+{qhW}yIdEmC zHqL>>Yl^oJ6^@l;G~ZZXlQ3 z0UnC3HW1E?C>?Q#2>Jz$%T|YlTRQ6jowlBN z&?4dKiRR$yQ#E;P0#`;Zko7rR1l3REZ52VI+G*^)tHO@0%0{r#fPRB@Z7nGWURb04 z<^7d}FI=GPerP-<0m!>DL7F0}-K2!6iLTSInrh-ol30#{lx9!+En$fhBi<$AMRi>5 z^vLEpo*Saosic(?)A?{D)y$#3Ls=(Vp|63cqtURXwwGfc^N5p&T4%dGk(G7(2aM^h zN5?kRlToTe<$2}(31&yu>wX=0?`-}3B}u~iH9(%PjY3#ocOQn2o5(dBxt97M>SkP@ zMaOuv(Co=Qb-Z1DMY)vuU0VgXG3>^Vb4VR+Z_1g2eV_Ox$}r%%Iv30J##^$nX_Txxy6n}VtZa>GZ(iK zIQHI#ej}MZIu}vbCyVrVtNvObnMf<*&A45XR=_vhLxs-;e**q)aCqGt16zT)(^kKHf{rP&W}_mIEI&4T4G- zn%C0^PIgsPTS;s|MfdO(J*g$Im#SFtZ+U%u4*E+&c%yv$OqNC$Vp>X%WvqjeJ?a0^ zU4Q(c&seMuc+tH@_qbn@_N)JIZ^%T_;YYw-f}F4mcP=U+lDCw-!2;JR`uB!;UzO4k^Q%Zoeh{mV(8Bax%IlpN8dNn=J@^)rS+!&DV0N~2GgfX5DK*IUUOnfE z2W}wn?XmRzcPndgf*G4}wF@a8av~~OiJ{n9@_H}`^`j`41GBDK-VhUZMNg$MLA^iW zI*h%m9_@V_v6kSYjRb2UF)c>56%q0K*E50r&F2G_5(2o9)%?ZZrieIYCgNPM3x_I- zIOP+{mh}-3q#0-TrH&FTby96xU=5Iau$*jmq}xh8&Q1N%7i=w+g3>7yAg4K8p}L_Y zWB#e&gRe^i@fX!5vO#E35gj>PokoP@9l>AS_G@ji`dk17J`X}MrFgcEz0nYuD>p!l z;PKB-pn(~grNzbBPARFHiI2AyA5cMNSsfNopMylegm4u30~A|rla%HW(1A;RJol^T z) zV}MiP%|r6A#GErB)6Z9UkUg4@tUu_`Q_+-c%m%Vf^8Itw)LOo!xOCkfSQi8ln+{1(9H{l*^lj@TyEd zOYAEqB3=KAQok0%A0aCfNfa9xRcXfL!r!f=^(jOyyvI$itD}YDPx)j52fX|eYlVDK zh?0gXjAkw^XiwVO!4SBGau6D}eC|90Y$6F4?qrP?`1OQDgF%E)gw#trg76-0!DFxtQudD>Y z+X4O0D!J9?fZgSC$_k|?0S9k4G8pIGkAcne(en%uvImYtKILK^GDr9`s1~?Od@eu# zy^R5F78bnQV$w5flKwWi$)5m?N8(A&L&_#oQdO0UkN=u(i~kw27M z?XEO}A1L@3v3M+c@4{D+Qusk7aqe}pr#ad+0GqDu_d;FJ;@?a2XpRCYD_8_tK(WTG8YhdT2xCV3iJ$= z*1J~gO!%T&F*6lVF>oniH-+ZuDewuQCyN4Qt^{A%C~)?m4aP-f;g1c!@gXpO=KoGz z#*9%){`GjAeVuaaQW);_g?rb4YvD2h?y-?%8Nj`3l0+=$manA?NrziQW)3|JxA*fu zT%Z|zCgFuZ7|$VGxo(hr)c zP8${3k%(Q|nI$}}F(wRS5-K-3n6lXJ1;D`K1bi|T_~a@83AQSyF2c-N6Yf50bkO0a z13XC$&W0o4F>6)3J{wuhDU@94YK2*B(G87gPgpE8LV39mJ2Ylg`E#R^`AcD$wH*8u zDE1TS(3&}lKW)muuxOFrPkFQq+NS#P++rt?95_yA4-g;Hw%WWPP>1x0bqxr@YA`|P zH>89EobRvS322QUlGpduzEKF+kWvCOe3L&T_3F7onJFs#7T}^E&ceVTCC1^ne{Xs# z=x+lK;q(DmNN0hTZL%vm3~B847bpg32YfP!6VYeMbZp(O)`AoKpOMHlZ4dK>7gjA_ z#Bm~=-)xiH>lrW5(+1e?tXcZ6Drnc;W0&`ze+VHgPSV1oZ%s7m?tGA5-_fexaFCh6 zwDTZ7iu&sWgl6%s+jxtIpFI=Pj@l7n(mqV-)@pHW0q!KCV`9|ZU64vz7V)3021#Lc zOKzj!N5faGHf2J%+=sq$ss&z4(bpc@ZD&s}}eZAPb#tYvdt;SmQgBw}tkx82Q^ zN~7zz)FBp_>#>AS(0IZehG?o?Mx4R&pgSN*+1EdaGR+DCWt{)B0O50;-7Hp~aK_fD$H zXg|oyqf}NfAy|x~KJZsXb^Ge%(&LXK8G%Ac`qq@WgZq2i{?<1WqHi}iq8Rq+I>ih% z^K4@XbpM46%&ZU(u$C_RLz23&;PKo?RIrlH`6h;DV>^_ViO-0-!S~*TSQ%bDPMefq*CiQuJ<)1P$az>w#f(LV^urof;?~;_6wEGs&fWVBN9nNJg za-M}9zA;PcnI-~)@L-;wCt41s+q@@v#oAn5{sDeWlY9Bk$VBUNffcOm9Yzz$yZ;EH zHRX$s-yoXjY>BR3jX!sINKe0@Liga%fxS@ma_&NVLR7X)r#@uDWn%pBz9XJDYE|l#yR>*s z?l6@l6sQ}`iGTflK>I&o>_63d@gv5#WOLHop{S6@e`9uzh=8k5XuY=A&Qi=hC1EBh z-DW=DN$U6L{0ga`^>CyMON*C}X`@|2QO5*qe&nB{FCvRn8h@wl6(|166iU|b(p65ijau_Dioo+_ZEkM(MCoi>g%w?1 zD#TiXH6=P(oDRmjp0Xs4x3F?7OAa@F%LL=g)*%%{AO_s?m{#WEnX7N#S zApAOUcooRcB3kqAJH1YQRZ+-ke_#Q{ZU&jEZ zWB>($elDx7rm!Jk0mUjHWD|LBnz?|0egFF0-B<02D4jx$TK;H?uutiiPgO~+ahdgG zgyhq4TaK&|-$ppEeI}lc1Qu!6$<`6w>#Db{i% z0hf1GHKO3MsC&KRIl+bT){oEWHbI!XiaS&H%Ta6-;t~?J8pd(Z5($1y-M_s689m}K z017y1-+S}33PrI@nMOg8wdQ=gAdoK!#n1^Qb=-y}jY@7^ytPA5R|(!Q2g|zGWpOq| zq#-CF?(E6Z-_5_1f036_c)ABI`hmb5f=w5_`ecJ(*a|Vs_JGtk*xKVUR#AP16O7L| zRSmddcSrjEMb>`|1ke>)08p9?l}7v9>ov;?KY(e7>j}op*<#jdi1AE+$q&#A6VGNhpgGH850x}b2%&VH zM@&uA>{Qe8qr|`0?Elax&^5u4-pIDf5_ox6ZJE2|xMSI`DoUruB>W!0U_P-RVK`Q) z2?Db?WZb<~v%3WZTrM4(_+(LId>@^XJMiRebdo!~Fg82+=7lh45p{pTn}F%a@Nv@& zO08FKa)Nb~2e?U8+nZSEI(H1^P*N$3iLsdcYgsv|=(NRQ-Q7Qq?`V%hbc>g6Ujul! zKRtl8DMlO?gk$bx(rNtwZgNtX>yC|7>PbXSx!2Q%HU1AQ{cB*SP+&*MSYgGF{yZA} z>PUbV09iIbq{RiSC`v4e+ms8lqCq!sH1tFWhkZRYs z*$_XE!iB+P{B3JA1m>&u6CS|wK=kHvt^vrlmRdC*A~gZnQ^q#dT*zk=i*w> zz^H9dMj%mu0LBip!Lh5RKZfPf+73V5Ba5D`L9xAVhZrJ8O$(uOeYyvd>*i8oRzap4kC!`KZ(7?)aVELuTNTr42s(0yd{>{eLu8JOnIuTyIeJz-N|KciYXk2? zmv&}TH+gA!`FxHOqIshGp1rcY^tz)l=a&ol&%K(sj!t`#u1ww;=ckxe&n6u1X_O5* z@P+%8EqiW2Y7h1~mV~}fr#2a!5jXGopqzo1`6qy97##3hB6?OgLwFw|zn7KWzL}t| z(!A^o|8{xpTXtiZ^Mi4UU>DVV7JIQ}kwqZW7_t1Vt@SvO*n_6wtg5PA8{iaobc}(R z|HcxrA*p%c+q0iKT%J-A6~?Qr8h2lC%R07oCT?vEUAA*@mJ;H?%We{;E%$bMYZ(nl zc}8)Q28EX%#d+u#_c`rpq`#XAJ;yE&T@=baDrgWfV;GE8Q>*S|xN%ecR^Lg==OXM9 z%lY>>Brly=1bFW2PxRp@yK0*@wmpZ%Zs^8ND@f`CFBkHXE#H=_?DqH(336+*+G?RJGjImQa3F zRe2Dm2C6Wo7&doFw|Go2z^o!a{!Ba@2b8Yg+tD#d(cF%$oF?3=U3gd|>2b}2Lv-di z((fO{kn5z8`tC&$BtNim35?4Ev*fnQkC4d2Ui?xUST&P->CdI*y`phO{p9-7!j?{j zToB4g#?;DK^t=*jg9{ZGpT*=7Hau_$6EWMQkm; zTbyNt#MAa8rq1?DriO(cp#tNY?@4b~%qE@_zf4sN4``=;<$Mz>Vn`iDB@)+QsM7pM z{B2l5xzi|F`Q|XyVgxrd%{8E8ou`#KyxOY*W6Bb25-KRCS#EkDoA$9x6N<pBgGW`-5w&GP8`(=88C_Z29O|2XYV9|L`bLWm_10EHX%_CK#)k3g(e;SywDg9_T9e|d2jX219rd{=6C`EE zfL}H}fH-hny%=(x-naU}8(p_uTblMpOt!Ft47;{#<6Ul(K`~o!8z)4dF(KmTY45-U z?oxIk7uzi=Xu+<0&W5#A< z8eb#}mg#EY-A8x9+zNx3Bit;o!GXmGXQ?9A;(jl=y`)y&l5knix32c z(qM5}2Nq~_<^yK;ONX&pv^2(bkM;Xw;#zK}_?gq;fm7%UHaJVTi4t|l3fe(5GY{Br znWlK{=olf=bOwgBgwcDXIydchQn$+-B_4b2b~boREq=NVk41pwe&ySdT;9OUuvJ~) zc9^h&d(h>lec~172-$MMEGd@AaGt>CM%TclkOhqXiS4}86&PX0{r>S$mmzVMu-O;( zHj!E9dPG45PXR8-1OY5^hC0jB>1HS3{Q%~KPc%Elqj>riaqh}wyJ(z$c(#%(XvU!>x4d=v*?sFB}CngUHu2J=qTTBf6>4FiNdW&Fwi`A z53eOd6;hk(Q~2b=o{Qk>1m9>QZSe^;m&Lx`WZ0*~V?8hmEzMxvK#V^!X?_~AgkewU zWUbX}$$+BLqpG*fZAo)eM^z%^x)4m8=XwB*ipQvnr((4&gjD)k6xfDsy?VNfQb+?g z@hqV?3M!Dsdy|WY%^qoq=xf7CY-x$sualjufo+%=C@?~EKFlNV>v&TNe93$^7g(3T z$@@)bqAg|iE+RRIs~J5ZEeGZq&ETlgC&WF87K0|Ox9&EuJ(@j z!d`X-P2qj7{Sjb2PYqRv$6L=o@(G7CjOxRBi$3Sq|fnEDVqZE z=n>X0!`Keg=#XGjEeyXJ zvDoZuhUDsQiCLDNYx0Cz%^PWs8x597!VEf{v9Q%M+wr?E5+xt(h)5yy&A@p7Iq1cc zRR?cNfG^9T8mmrBC5Urp#O&7EzfX2%f&f$_JlDG0e(WpIdx1<%D{R_=6LJs#TEra{ zK~deQc2tmsK-8b#Yxrd{)K*43b_T$>%B}Bn!+&xx>d0#I;Q1QmqMmrqHY~ix^Q5J3 zMjxb}Ai`bhkY#oBz+DRbHu9_pV3Qw*ezgYJ)+8CDT!5csqYVU$RTzsogm7|_OjcFS zJS~S?JZ^~&5!B;+SjiSn+bl6UV5pwPqxQ1`J3wGeCXpj9!29W~gRk~l@w&$xS$u-J zinewgKoM8KVBh85VpgTLXKR#G=;#@E)U?$ra8LQX8#hnnR@k3sP4;|UWo_A3HsV9~ z!xGKBtD>|xOT{w{O}u84hlwiSCA(_77pHZ{H)( zAWJ<${IxwXb{cUu_Ak zX`|+2oqgLhVd|86B=^-stGJ)bow|t@1m7XH)lG&WtGZuMhP@$4Qa|BRe81;5Bl2{pY=-(AVNwnJ8@viYXr_2vmO$z z+X5l=WFZEZ#_QP(j`+cT|C%8*ad~28w22-2o9uGX_Q4-abjp7C^b!vkh4Y!4(V{)$ zfVY@I*m$-ba21dV+2(`$dzUkDPrg;@tX0cN06J6}IU|=rEvrWp_%ol8vqmtDXE-is zo9`S4$x0b1f^TU3iw~=!2Ji7~HQD*p{q-g1E$~JpHT?4hxG4TA9NJ)@vVe>9Pi67Y z(ai!E&R=cJqXKqIR98#fj{^6_N>X zizPwzTx9iLs7-padNBZo2Om`eITLln=20fkE zC3ghh8~PQAeJucHUHNQ5U;o;|N(T*#=}b7pE4>z(JNvw|0Qv4vM7?(9T`!0sSCcDI zrUq|LG%A8B!`q*u^<+~B_}dZ<-O3hg1`&*~6ps<$Vj%zd;eYOap7=ixgyiw{F-6`| zSqJxy$bWSfv+C`wrM%UG^Tf4%m2!`Ddq@olyjpn*@k6;bV(=k12d1KT4uPELK<=7S zmmyp$T$@WW&*$QM!$V_u2J51eV~I6zFvXC|(@fWGMD32q)WJ3)A^8n%X^f2R`IVi9 z#e8OGm8Adnk%*#;>rK46B6f&UljHlEZ*GvcFL8_#<9zh$%sf#oJ^7y2||s? z?1xR`D`tPR7nlM_ecb1dCU20TZcUPeW*dt*RpX=pdQi)V+mWVPR8#Y+X^?6aX)k>f z@-*IUTPWfkdlce#>?E(SoO1tbT$OB5N`UHdkrMl8X!|I@8}dk_?vi!T6OugA+Pb!k z#}OlmxXU<~g^2&M!@Pguv(38ocRELgNPsgC2-cY6YyURzIo@t7C%XHds!~-%JFya3 z*~IT36q9k+p8B6whGw0kBb?N*28l?*E%9H_7)1_Kf9tk>Op^1V&wc<2tXqWF3|AruqR`>m_2^6&k zQjx6L_`<`&Z?bl-Hm_>8VgDZq@h|)VxGcyrW!gP&Lch8U@@c`WKtKk^@-hV{2ZvLS zLSsTw60m8{t-K+s7M4t^@oxT{yx3JMAy#rQXCq^YWWH+Hz2;ePOp$4lZ^@M?4r{tX|J9IEQL^B3v5cNo$;k(8oa#WrVI<7e?K zinigV<%e1)`!M9JE5;`+FB4?U+K~G%6kH4@Ng8POIXT68*ipnU9pz=(e~M~0 z{dU9t$o&yvn@^(j2x3g$D|e^YQjwDDB4Y0vwLd|=0>CUF6El!`PPJaR2yRGcv|b9o zuYHS48Qp%qvKgYN0uAD#Sz3;U8lgV^3rGH6a8eG7rf?Sd_srXlBpGPG)6jxzsa}QL zg}ZcO5tun&WYM+_zIdQN{E(^Cu+ikUiPx|`j>}8T3{Sa&{xr4MdHtky$LI0Hq$Fjw zhu$J2bPd|QbP-t{+69Aox+Xvcv`eBEu^UA!caM7K{X7a^Wytcu&iNiJ4l6xW2xn+Q zW5lO)1fE~|Vs|gHHVT#DL+5VWHf^11+_#J0@pbL6r$|1)(m)Zo~@l{hJp+My>Hq$}de_KG zrV{|sqEoh=52AXlK+CE5NGeol+_N-Cdq!FQfl>&B$651*Nqcvzky1GE7cPP~ixlb% z6lCcFS&efIkF7MMe1BqJ=ghj59F({Do-06?C#Z$$oVw&JQWDZzm<`KF`JhHR?R636 zkEJSiCQ9cZ!J#fbmOlL|gCk^}pUdWgHm19tJf-jXCtUZBZsMH0C~Yv}4KOo=4a}mi zVpv~Y4g-&op#sg|Dna~2P(Uj1qElL}H@P%1EDL-Z9pIVQiROXvBv;j8Amy+mb+2QT zdRy3?J6jbY&Fu@0+t>p#iRUrW>rchr!6k!#|4a1dKAsj0>xevqEg_(nh#54akN4qa~%RI>kpYZ10rqT%892=GE!CxYy24|B*iZ z>gH*RK?{w#wy?Ve&nAu3GsM0V3O|0VnseKcCqTfENPsC&liBEc_pQ&ihWyFjNt}H) zK=cIh(csMNjCdCMu94`|sBOKMq(#n9RJGV$uRC+xGm8N5_lP|wZTGu%}wta?9U zRxu0y()nk^w-t-LR?P@Bh5df|s*)rWUaIrKF`#GHd-9lE7E%!X0;qrgtB^0XkJ!;o1x{i{i1Z_8%Mr|PMDJo7-d<{JZp_4rC6NBG6Ak{1TVH_UjruKn>N=MMaO zVJz2M_;=61x1ZY+!@8!vZObQABMZYyjItKxjh{_>GS_R%#gAD4^5fiTbOmT>Rjvs~;qu`IH_ zsv(_&?U8i5Ldm9&B*a49f;n#reU-8yQi`^QlcI%>M10K#<9f{pi3*B7c|$jPrR!J{ z?yyZx;k8Xk5JeMCkhjqqs+o3fm+}+pg+Hw6Sa3Q!=KX-EOg_vrHZ|=|kyR0HZJT!a z$TYY)o42L&e?Hq5BVfP*o~`xoY1KmbMo*rF`0lO}_(!W}nAARiSKm4fAE^RI&5cO}op4r{Enn3mA32^x`wOu-&i(QZ7~LPj3g zC;=;n#o$MAcy({zj=N5;Sy;~;Jz$1OUZ6%dvu|SZf%MkhMiMH}!YggRG!>8e!$(P# zC-zf^-KQ7UtKDWg-Ze6h0Dao6gP~Lk>$`XrcMY|)6yHi|tOD2WT_r{P|ELP!L$)Br z9-$-sKD$geGnK||y2|fqte%%@HlRfJ=_{0FXv+U!h>lOrv^2NlJ@;kmWsyo+Zx)^ zs@l>PpNI$-*8S<5(?<2|YB%)kLTc4uJ9SeB(5Ufm-p4arQQ>9d60hxRJHH|%Ug%46 z*;$mDa`oqqVI-211%&>e&cS?9=*Mm z{go9^j5WlQUUXeBKK>!vkc_az5FU8;7&rxGX}k7>Zo(;vuLU7L9wi15bTpiigKV5l zeRmNwDoKa7XknTZO?7qmF**3{GQ&PMCNhQV4|jew3p?B%n5^Pid()Z8m@s9lFHX(* zwNi;GrHl>Ory$5_Bs!+ZfE!(Ys3}SwVlVPx)5eDTYoC+-zWWU)OJ$qyQ?b8- zgu(51s9s4IPnP6*GrCGFMn4ov9S}Rj*M)J$)SUZ~-q9ZW1!noVZ8~u+l3V8Aau$Prz84tZa`d)(~xVsles~lO@x~ z%TiZ<<6|NNFBi2&doY`%UqqKs=NgYs= zO^LN0pOB$NKPdI>Y(cVp$!zD3u;T{FnEWSE{eMcpOv!(C?4z26jhe;0kd-#p>nA;d zp&!=Eh9TdTyMILlTv|a-V+eyb+dnt~iU6cKYX``yq685W(t}oSbjGt&vICU)h*IzG z_jdHBQ&Moq3KXh~-s>8P>l<(;$;-*C3I0T-ug5%7Qy*Dt_kC6Ql9n1O=H^RMo2tgl zudJ-R9Gd;+cmI0mqsX_3Z3{%qELCo-DSbCOY@hN~F{LV!pc)0hm*xDV`wVPmfrxo@TRb!KlCe(|?7(h|+I+*SQ=ctW z4gfkR1l5Nf;sa|$vqvr?t6IT0s;4HRLxH)ae=t8GT6|>fc62BtrHY_!ntPR-1*{h` z#UUuD*q-itaYRMy)#!Sy;FZN;6M*HNRzZ; z@cxlL*j4;mq4?B%@%~zE|2G`$g=2;vj=Q?q{#u{D{}8nlY_wo7zIKtQ)*rr56(d?T zsv+9BlPk5-dUkLTDOywH_{p)js3b3O^`2j|59gnG?I{BxOg^+z%tP+yP8Q}kgmFU} zEiTuJJ-u*T-giU7{OiMfNd2zdII+(_aRU548#1&K)=Jl`H!)5ne%KukOVOkZHihVeY#OyM{>mtKf7 zZ`?cCNAYV^y&b;%@bcX<6fqhlJkOMD>~yB+y2TM4uwc6tpWnODo^Zw8(?#zsFuylx z+pLJY495yZIWz&v)Cw~e5=NoKvW5c+F?3LGUSAIzz0#zq$6Fas$_E}7l1K0u=@dk! zu!(;r&|{lb;no5tWT+AC$8Iy<=_AoTY6bv__xc$>wg~+-hfy;w_@a!out{$P?{_JbE z77`;3S(q;Sc2w`%B%jnOScD~N!JWH9(2%Hx9k(v5Wu|mzDVJK1UGVRX&QK6x2-Twb zovPT7PvnRIvJ?UCl$Xp>=|p$gND~-}kZ%GW>8dz3xvJvxy-Vs=%Pz0qF%Rwt#CYl_ zPP6tu5Rdsy#?M{h#s>EJ^e)60FM(~!XYbWlZ8_<`xAA`pIMA9%#N~c1&@TTZm-7=~ za4f&?0uh+5R??+yS^k~H2J`}m4~TRMt*iyfjhSNJ#OGwhm*~-Qn_sPR22Ehmw>oc? z8_r&?5@d>3Ob#)L?*J>C{D6jH>}b4E*JH+V?CICj`N!0b_P4DG%tK(lUL#W8J1TAA zx8S$vO-!UO%$Xs|G!ZYSz`=q-t3P}5GxP$yMu?Pz8Y;fUiPT zC4HWLFZ5kQQBmquD*Rw=c_DT0Pu$5fq5LMT_}qsnc!-MKi- zw2Q!wm{*8R(1PbR<@v|f6NkCR;C(qGyC8d`y}XNkE6UR*{Z8D~=EUPa4B*E7iV}%-gV&|#akEPRZ&@4}`Xow^TQBe&8 zk!HZ23rCuz<89VOZ_9MkMF~^nMaIijI1$1XeR{B3)Gynb|qxwgGX09MLT*NOD zH#QNKaJY9{F#$=ax*gJxI>*UVoISn`$$zPHOL`|GjU(tScTP=vz@&nlW|NsVN7CLD znbqKo-8?i0|W2N12~u&LQmdC@bylmp^U)RmN8X?#*MByT)dLu zRcCJ(ua?H)a5Z=(( mN9g2T43u7sTJy=|h3~o%#!-(m=QW`tQ<#0<-gFA(CNaR_ z>V(wVdBp4*=SdU3O5ri(un6p$evQF=UOW!4rTn4tgtgQG;&nBm>8tpBK!xyx=Hu?{K1@GLEk~+<7JKT-Fc}_8K z6HFdPLUzn_WWj{^&UUTb-WR`kVIAqx1#i~8sMzV8-L)c3&3|rn+A=S^S3k#EWGxRT zNYmr??UIbCw61;K?hBm<1pH6b_3+pj&*{>#`0`$8!D zYVoY#)4Qcspgdw49&#WdW|8a@i-1A^F*VtuTm(dPsj(9q>OAFA6t2^yuw;Og*skWb6F|9&PWKPV%DLNOrg`p#->d4G&&mF z%X7r#J*yayViXZOOLK4U#POzD`e`$GL~&-`V?o9D0^`0dG#-81G3|2==I?;&Uo&Bi z04_Ox-Tg>zoqar!+Q3X>dL|CGY8e{*d;uv1r7bXAEqiN*)}Yp$Wqc3Mm(CAsn6-=l z`h)kGUY#pFT&($BV8R02QM7wOH~H(?4&+1slso_WDe#!s~Mq5o&? zbf<^?%=Bvc$-In9LcW+|9C3D66wFAz_yOQSZd3o1>n8Zd6;c`_v5zZj{ka0UD-MZx z9wSNlq0;(x&X_3ol+ShB;1jr2jDvvtt85xYmK+6~Be!<53vINCq@Kuc-%56;o)M}e zL=4QaBh@P1>mkINexGma9+iE8lZW&xVAy`sA~%wIS336gso)Y>tB%Wz9ESU1!vBhk z*@RG~yz!jbhR)4`WRKxu%%vP+ecyhki$QtmI}MhtI=oX2B?#t(=)kXSoMm+P?=9x! z4rGXp_@RiP+DJ^|KzTiSFa{D(=4r5|4l|>Vs{fMnHg`iK5YsQCvO4c z^g@vm?lD0;Fk~TNLNJGQB=^ z3`6q16!S`JNW527kgnyzg-}zCxLJVA%jdaH#WOVcBu?-krsClbStNSoz_;T7OtX0! zvXe1ZYN%__>=pGkK>Q5)-F4H_B5(cz-JJ1RfAM_U%Ct%e<@TD<+y|Vo)3RX0WCVnQ z^V<{#MlVX|Ju{=g;@7b|9}R~eqG!I1!F&TF!u+i&cXDGSd2sc?KSGf+hXaxcn0XJ7 zXVLqWPPI4PnVr`dD2)wO46)?`80(3-g&^)%J`D|prkFZqpctL^a7L86?(T4ivxQ&l zBoBEYunIAfS2e4QhlMPg1$5;eoI*>5Ky8uLy669mtoX0mV#htESfnNAeUo>kZo72c zO5}#C-Olto$^VTi9ppFoS9T;|=CqphF+JO{tp=ZY?T4hLCCKiangV<8uU#Gz^u8qD zr({plHDwxHTD{TME_`M4zk!_p7T%iw(Kk;$_)1O7*&=z~9jw<^-x!ho%J2g*IWi`J zReLGk^75Tae1sM8!8Tqhd-!uwiOWbZ@|Bv}H-cT5R=a8ei9h+8SvX1~oS_B^ZWTP+ z`*<-;L%Er&0ZYs?enFC3Jt#5!ezXQ*HG0VXPGQP(RkP#_umRlS<|D!LHQ5(hijiW4|I9ftI##{!) zLT{mKf(h;B)qTYQc+LVH!*8RtL_xjao)b(u6COI~X7W($j^%FCi4%DS#&UQzm1~gH z`qtUr%;%>c+sVi~Z{6EdYz6FS%gu+dE=5#W4nUXGMWkS3=tc^w*^hyf{G?TjaG?yo z&P=|^Ov*Ij(q;4H0Qvi^?FPV%#LAInA}%M3gE-sIB?D*{txUo4GobI zK9pWh{21F*t-(YXPhK#XEF&q105rc{R+!G%~k$baf4=| z!2itcYt12YR3qEi5 zxLI7zsxqUB{j;}xzExS$zXW;m_tDhzdh`<80n^W^4H51Z-BnOLS^>q~i$YMRXk zgiA@T#4i)S>nlQV6 z6CLuYiiKY*z9l){h*ttuny>>to&Nl_n)e;IR8*C7cvlb@lE!3-IZubu4e0)n|nx|&x*g=K~aA^ zu+NNAq|-HZk~+5HtNs=Qe|i55cqh1{Clo_|#B~z=Vppgkvs({YH16m+YPfDpcqG#M zj_(KQoQp+Eg*nxty4A2i6O8%DYUw}`nbDaEn#DT`By1nO_PUTiUn(?xg07ICqT}-x z5&Cn4Ybb5R{biXX&sQO@--qM)Zv0jqB+-{hM&m>i;Pogfc5q8+6c{?xeLa{N&uCLb zDW74y8S+)A#aj)Z9xO4@E+q*suP?0#Bq`3UkUo;!1~kN)iLTKvlEt2zgm;{WfuRBB_YP zuQ%05eVM?fk>uRyyif|gG}TMXi$%7X26zulTMb#Jm@IP09_@NFjx?V{r5q6tNT=~O z?4@TvNBEww7<)G#dV{fUy2AiIfK2w>+C*-SPo^V&Ru70p4M<+RN(tqt0q`^G=WP3k zoLVM$VS!Q8A2k_`zP;{0a|_m+cw0|eLO7!JTI<`?QT(4wYNpF7lzI^Nj@FP4;}uqu{>rmcx}};khS5Kb18KFVL{S3*o~T zWu8^q14dU~ht1s9#c^N>{JPv}mQ8)smm1i&kQic<^1E?t(fUqKM8rQPM>V81;wsHv z#l*lRv+MQn>(JN~Ndo`lj2cf=*4_MIO!*=61E7gsA258WA%U%We1b-#l>uxf^koS$ zdR8-p9=znctJu}X-PGK=UCbk}>b-})_IXJOPkXGE<$4)cgI;K?pTFE2eSh8sUr0FJ zZH&(0SC=cumibo}faFAfV{m9a@CHdawHG#N%V{41@wI_CBq(UkL-t6h7XA45*}S&r zWAdcSAI%7=co;m!iReavSJb?st^uL8M|tK^3fxFO_r+aO(M&2XonfG1$-^h6{^YR_ zu<2>HDy(!Vw^&+^PiP@t-Y6KCu~*O8Sh*?Vi5b!5)wPrbwdDEKsDSOnLmLM74DjW% z0B@2~VnjKM`f6)#!|p#4)7 zEXuIO?c%Q1d~@y$fehdpfGub^6qHQSs8 zNE?Z6=0Ao{I{sg?P~qLpV*RKN^J3(kqsVqqnp`nt6VKH7Npj2+hwa{YxG|$}@02}K zmOH$|VA3M(FJ8x$n_)J%^J5Q4=Pw^H8M;z$=0uOuaBM_(tgBcBKo9qQ2?x9HK@qEmU6WEpAcl_K0zU_E2ZL2GG z7V>T>6|P1$)1Qtd0LD^1JZOG?{+rs+X1v3FP7BgRGSxKn8wtERzN)Te4pja9r60Wm z`2YZYnnqJW%Cu+-s@E8~eQ;=V6A{{T|x=ge2A=IkyNfS4wV>73EA`5*ySZItP5I-6PM^me;i}pJ%p+PVu zY4xw%(?F44b(=53FWOrO80&=TUB;M}8b*((6>j*WuMP(Yjt;m$Lt@m6G<%?Hw@DM_ z3pCWDn}B$)@nVlfW7rS`=gNKPa=hlc^_{H_$xX4%(&D?+p}Sd+G>sG5+aDp;7+(A( zUhh;LjL6lHzKC~d-f>W-?a5iR%JOS}ZwS4@ony-aN4!8k=PZhb-=JY|j}bel$bLTR zpQTJ=1P;yf#;;2g1{H)e`hJ!=-_VAd0PDz#TneL6NzL@f8^Zwc^*|x_1&K#Thr=({ z86ut*OSZ?TolI#M3Vo!@^LgLwQ(xR)wZgmX#K-7W~o5<*FacF5-o2+cg!O&{duk@^%d|WsYVoIc zH~W$id4L&z_u05d7=C^O5#Z`Cdu!&-Z4u?kos4PI8?Sh;YN`bo{7u>-ORRVd5t)}o zUF(8vqnW~uS}VygKv6m62Q_D~&1JZ+Y7yl-$GxLp@`-151p1c~Kf`c_m=lpov;b>% z(l7;nIJM!*6}IviZAPO#Hj(ngzfsB|xpHr}BOys0NqOF%Lnk0|M+ zc;Cdvv|v$LgRW$)Ey^!1ih<-ePeuM5t3BT7iSe>q*p=Mztfmum*eoXMTqa+<6|K(N z>zi=v!&VFTqfhS={Uc)?PzqP0S+&Nl)HiJEOHji z*8hcVi6{_AWPqrWwG#iy_{pDOZ^4%aBQMV;zt=dgeIy5oz5f&%pq!ZWMVYM6VQLYq zr)VOAQ>KQZQxAX$L8iU8S2^ILsCr`SrB*pkD|8L(V&KP``Jc8{f8;(zDOsnJi8kHt z_%SD$1eu9H#P4pX>Kb{ew|{VeUuf-fL*!;(2M`Z7XZZ*P>i6dY%7h+Uz^?_&Sw3$`8^Xyh zUH0641CjbJo6|@{>|BP@-ES^eKF*pwou>>kL*VOED?;R3U|s$Ek-zS10?dcTz-CH> zC)xs!bdW3w;fS?NjE`TQdAiOARW(sjc`kVn(ALv`ggW(}24wFi#pUoq52;fH1F7YT zn;Q}GCnrZa!^tmhAkke}ezJp-CltSm?O(j019F*FH#C$O863;bVz$E>*(&d27_N4B zsGn^cdo0M+*V|(uKv2=eI(&heiI20@dw08BipJf99)76w(2e=6jt+%Hf&XzwxLNP5 z`>o{uIJ??_fWp}Q!6uJfnR8mSU z#M#sTQUb%XBL3N%{g+@K?l#1bk2TQC&KjN2O*@90Y-# z@Eq~a{~Xz$@`hhF)XmrIaW%je=RIG@e|Wdf;%wwyz)gmJ6#?0egJwKs{{$vHdW_R& zHWhr^aVK(WlpS)P>BF5TMMo3m_I}aiMY0IY+m4)@$^-cSkk%Z6H>u6=Gvx@Ugr03iwuC6pw6| z-1GAWrrRMigT- zTP0?-9&?BH-EGDqm|S=Df91Scjq*o{8oa5y*Lbvtg_7aH2>F`N`OfXP?o7i`%hlF} z^cTH;MKR3O^YgB=H{;i+W+qM~1d*^wZ|9<`CK~|T{T9yXZxVlTyrVp6Pmlhx$4yLHjqtgkY(5@P8nI&kwGF)9QdCrapNc$rx?;%U1-v)b{71$% ztMf|3ZaX48uPp%LhjgU#Qx~K1#ZGe?YFnxI$zFdudh>f>R$*&v#{qrwUQqQWAXczs za(FQ%o8f(BDd4hh*AuQg8JGJ4FNtRf5%XtU$~)N{gUdURdL2unm1YFakis6A;>grCkEwaOVqIO&#} z$a9^d0d&HDh|yn!l)i;-7Z`sukQv?ulYMnvZv*H&+Ghg)rtbRd?i-RL0%*mrik#PM z!D_T2P_R8Su1{mc-IU3i^w3m1jNh*X5OiV>*yd}_F=>ETXFP+{RQXsXah%bo;Xheb zNJlYisG3rmry+eE zR-2g8d)W^R$m;U9&>N;rvKL9*r_H<9yQ}p%rKl&*zc4hMtXGs%h07cO%t3-EtLr+| zq7-Ho*gGowZOW;ubW)oEV%BWtqRcTbu^Sj`Vv|e0D7AmYCE&4uYjc&2J;_;WyQL-T zC%(^avtISIpi+2Ve$DXr3UiAufHiL%^1-R-u3X1{xpoI$fWx;tk(ZSLnLg`OpX6nH z^Ro(<3dk1AOsdr-hFSwKs0XLDX`K-~SBz2nk}}=^xR3~Y$~ar^LeSuZqB>e+@wXs9 za~Aag)h}^kJ{v9~1SQ*Bx8i{8}k^C!~GT+XXh$9 zVR1dHsa7}>Yl|&UYkrDR3+~v;d;e!yjcggt$tY5WCd%fcR_!XrEep!5MkPj<=f5Bx zLf&mx%hjZ~>#OqP&ur8U&q-RTr@9$dcW>FSD=RVqmNfcQHmvFE*N+AZ zzkxF+zPcBrTm_DP`SSfW6eZglHzQX5?H)OAt~2$MExiWFy&JuuuO4cV{KpjZ?+-FZ zcw6hwna2U=*JCkOKEQ*TVtOI0mU+cm8B7*6uQy1@mSYSC~Uy)#M`F1GyBQ%*>bPUOad)8Kn*sd#`~_WHdjv3| zDqLR;hCAq*;OrKIn$+O0GFi`%87`br@3l&VUtR5Zc%2>lt5)eM&_~^v1i$KN8lPY3 z47)c|YTTH)TX*t|oW}bi2f>p@(fz|Qo9IcMay=;Ev|C%F62NpehT?~W?P;P&{+zQkk;2UL*0rstv7OG;P(>TX{WLtJtch-)_!u&{tIFZIAC4U z7zuAd6K3pRI^<$2;pxekWTkf#C89@rxf;Vqo6*8sqZ;C$0O6MF$4TBvvD8D}I-{m& zB~HS99*JMfEf;Pesc`ZE(F<3xy#Q?6{0(a@vEy>GQP0=#=NE<~fDAAqFd_@Od8@I3-NSA($ zHU+`tn!QC|1>NrAkj1Za!Y%IS3>2YkLF|6?i@inq=<&g^p~}bG(w9lg7y~UW*~8PN z9}oDgv?j}pt&wpoMQSWfJHK{hJpMn&#ea+UO9Nz%aE-L)#NrLlR?~#97|V<;d!J#V zdxc#Au1MQZo@>&9Il^QT2eThk+BgNVEU%)c@O71IdE&@37x41R}f>hk4#Yx1a4BG#+ zp6k-q4rezFZO;7z8w^I}^a22FYA2rfEy{(U!Dqu-k?Da)-^JGK-Z+T!!&c&fZmkw)m4BdHIi6vk~c$d461?| z6xk7(@jZGueR8eW{DDXEbg%l&K+Z!#(8+?W0DTR@WURJy<=4HS44YA_Q7cn**I7B= z@*6Z=^aygoX#x^jnPx9MVq2!?P5ToU-}7o-MR)mn%)hiB*}nGOhZ>$hc>)z7w>N+7 zYYdgcuUNyS-_xb8HR0#t;%U(m2TvPLa}HOR2%xe5ly54d zfICd==-V&ry1k(^y~4vxw&Wa;HTlux(e&?xA7o2q28af{x{QNrjxQb1J-@U&q;=6{ z6G$SOzKRNDg-e8J)(c0j`}F~zE>ebl{~5{5z5?tZhW_EdY-R6FwX}oS^E-Lny_y})qm{wu*&iASxp8>a0Z>D`=wbJMrj+!TaUFapPJD9rT zEcz_ZOx`2s3hPywQmru4U2dEO&yJ<$b#98z`KE_ghijSc9N^d2e+mhwMF~3z?~xS)V)^4!qduk*mV}-PfJ{E7)CzoM;KJ zuKRL*Hfy8QLn_`GEQmGnnOpqzQ|(0qxFcN}9_yDbFipjauAVG&U3OB6kbM0~`m0<3 z1ZMJKurk3nXjN105Gaq-XGv9cR14vig5T7<#OA$L#uGC#EaT^R6e{7Y@Q6Hg_RoAy zuo~T-x4)h72pjFpd=uvhZ~5`IcoTNP_>Ivo{qYOrdToC7l@G1k?nCzb$I;es-;>)M zH7CjZ`{TuvL&IGnIkO2GV$o&rUCsomiqPz9KL6%Wzl;8TTo_u)dziN|GEd6as}kCE z`>V7+lkdfROj+Rq_GC7#)5Kqp>fS0r4J8K!2nPs={buCeasR7Ozvs}(UK?ov_GCWX zt15g0*kQqG)TDs&zYdNel$#3_ze@&!pJMHP1N>(}Ua2ofU?+>_>(_FOey2o|`>Xty zk6wF=9Vb$5-n+7Djk)ypJ1q6k6upME@b4~o@BAX=k0d%vzNxMBPZ9;Pmyhyp=u#Jf zTNeuHlV}HWs9rzJ=TXQTfF*?WJc>|bYUxo5;7yQQPh{P8%Zo6HrR{bI5I(sU=jY z4BmX|;pcm5zA3=RmvZ3jqFG`_OU74xiv1G>aHPw^7cT& zGgMElabs=bZ&F>*+?&2kRpHOslnif9=Dmf*qMKL0il!$OPef#EavpS9Qlr%5ZeK(OGSKKQe>-4T#HyKsJyhHfyi8h+LpfO*v3 z&K1st%IFEQI$ELXc(H;*W8Q}}JujRJtLKfFnpta|bqE628dtk#)MT|Rn??vW`#xYt zH+9LGU>qW22TU|wPVX01w;VRu@;WPe0ltU(T?CB2>Im#&MB(rYVT{+8ugT1~h_^m= zpM}L;;^o8d%k+lN44V~T=#KjwC%hL2G&AZy!xT<}!2XLuFr7OGcQ2{p=SYe7wDW*PQ zBd5Q@&cn_D6k;I{aM_IxHpx^YMUamq+LlcPrMoNQ@!RNx9pW8M=3Imuj^Yn(0L|&K zp#1L+pwCf?F?FVvHh%xW^~Yl1xfy_7AYgX9x!(6=x}Yp zxp*NM*2!LiJJ*?AWX~R0!1j)EaUfGNg~1oa@%5PntJ~I?vP3i^AST;Ab{I7*k^DPX zV89S4gTtGcBO!{WT5KTJc_F<;$2P)59r}hQL00oCvx#A25?kHJq8|;PC+yghM*g4{ zOneEzh6N5qyt+qiLlm`DWWt}OWis!ypB~|(s^2}BQxm%%l>Z45GzpLXZd(gm`H=Hs z)sW_7S5&D#%>Z7P?-0wAsndM6P*+&zhJx`A8J7C(vv*Mxm)4#?i|PP&6n9a-$=FtM z0}}9Bi2RWC!s0*bEV+dogm$%%v#3uW9Wz^#Yjb~&>nwB*SQxtwvjgelf)kgiom&r7 zOKRHU`?MTHUk}vh_e~y#VLOL=ZU0^A>-Rx@>(m-5{0z&?V_7};OQ!|*E^(gN~ z=-TZ0VJ*$uIewiqp2~H@uH{O$Wj#Afp0mp64jqKpL`3l6d!b`JZfu8ukm{^Z*@6#f zPF}s-vRP(}4z#+mx-;QEXD-$iB(@UrawmsaoXXI^-yFB^Y`g<+pUC+c{41(C33#Th{^D7g8oJE?N**y5d2^k?y z%EpqP%&6Ci9oNaEi)|=sJ!DN4U()zt3CgxE3_@!D;4IdQ)Q$f5SA?lhN{nr1G^LY? zh-^MQ18{{FM}C)t@PisRX|GGNv1i1@XFux_tY^^G?W0-#fkO5pHfTvD%J#%jtG>7r zxRE!}@y5b9j}8JBiN!zj6xdyV=HOeA^~{#n+vW0Y6SP&l*uQ1&)kTm5CbE$~idOVZ zdnGG8FE5e7d+W*m-LL8C3T*WLdEg%vJXf!Rd8hdVv*0cq{93;l> zD%A0R7>ILm?D#F{^NJJf$N%Zk=WwMBa(RN`#7+LqYCcvKxAGe&z2&f6(yNntpYVNb z(^i#>qTUW-l2QXM=Yr&k&9g0Uh&?~rUCJuG;0bBjE{7{?NE}0pO0n+Cg^8Wa7w5MK zwPHkmlNV=s{U&nVN#$zQDK-DLllXmfvzL!;NSG3CRlZDj^Y{9GFjeDj1Am6s0g-^? zyNr~b06B7Ibkjv37^@gpn0cR%!M(Wyez`^0u+-@k@3YNwt)#TiHP>u*j^^JCBF=D% ztY3dFwlkJ6$GkW3m*xa%>cg|(69u)=z7d3>pFZ5F?0Tr!h!!%C=tyfSm!<8aib(T0DT1+Lzk{xwam2rg;b;>vjQ?^Vz$T_Rj@0Q3*zU5}`KKSB3RY=pB|? zM2U!Ke9#8y64O@})iv}yC)T~*-REU0L9e${$kz1Cfon**U}c%!Dba%X$G|ZQwoDKp zQ0k`bqQnrb6TQ!W)aCD3+y6|0RziNegO>jBt~z00H8iZ8`B=<22Jc_U#yNeWw>4w; zNeH1MWo_qIVBo=HQTcP{XFss90n`gUM%wfJsIw{&GBodpMu%E)aTb4k_f{sh$M34m zx_~mh$G<&2r<2#tawHgmjp}3PH;C-9=0Q zE9vWxk@`2dKd{JHL&!`5dR^GLHEnir=NQ@4+&f!u&bdG{EMF~2!LB!TU)}q319ZnVrQ2(}3lUDKvaXIe?juUON|s>+b(!>ng+I$hIvmAq0m6*Wi%guEB!`w*+_h#$5u0UGx4q84?qmr(&Lo66$P|12R~()?0Kq7JuB<^aeE zQ!eBygLY;ca+C1P5gUO%f{>;C8n9`lYoe?HTGjqcP4>n9>30zT1ZTZqawBe z0ZVk&jjufMEqiC3!Aw{cd?}vZJ)W#l#+!|s2lx5xG4=pbuJ}V=??-fshr3-iPBRnS z$jPo#nmz5lA6*dy;T`!fzeY8_e?Q@Gb-UltA^{Tzmm2!+zqr2zdoFPacfSyJOBhU1 zKhjDF7RlZ#zpCNw3YV}za_@?)3(#{&*_)V5i5LAy9G+*=@5o0cVQ`-I;0Q-`jm&7} zL?(H^*p((z?sa#|Yj`AALw83|?`K?2EdhYem&CezHWr8Fi1G!~N}Jrp9;{F%g+DFp z<6b>5O@qqu<}db9{K87q%fFJ)d}G+Aka&@qde^XvdXy&+4d0F=sxh`uD}U%iexxek z{Qv{AdVW_1$Je&%f|lBOdfgUKvUiUQqwm34D~1FVSeF6DDXX8zw%7WtQ{jt(4 zC#@K4G~$fN2H!DAFH4nCroQXUB7Yrm_10=yfAY;w)f1Qzt~jhfF8?tpGT+R9UuyX8 z(yiqvl$-$a+8?8_Zb$XV!c=hJR}6#^om%<^Q=zBXjg2CW-XcP%$L5-viPhV5sj&XJ z)9Racq&FS(orP{mUz7V65@y-*WUKt`C{O1;04Xp^T~25tA{jRL*22$$aYx{!_IpEP zL!@BS86k}$pj+&tmhyC;m2}m3wuh5bb=l8k%1)HGHlnlUU!dcqz5BH!0c>MM>{I52 zXSHgzeZq9-5PIxPe}r+Bp6C_va_zX=NAhSO zSG~?TQQFNhtpa_((N>be;Q-_6WBRH^3W|I(Ihk;0p@~57`G)~-X1q#?>Ff`KlTPSE zm%EE<@6H}t#I73ZzLOAZRyfiYuX4i1E`Or*x`k~Va^9N~-nmXd3x?TG_dctOB#HEs zedQrLkqL6yX>a%B+qzs1P8-6K7x-yao2x9(9WA%)4HRyJRqo!*%{c9@%~WdDmayQ) z*wlb^TWxl~cF0^USF)d^tI!GVjhDuPd3oz{Tr ze6ivn%^X{|Q%igC5p~;^N$3-^yAz!I0)=LF|IvN_tC00($2^7KEdud40G?e z%`B9;vU#2EM}4rQI89mYS|}wa199uwVZiX8pV9B=a0c>6KOENVswiv~GK>g8!Syl$ z0%Cm!b-qTA#J<%QlfyF1Ez&IyH@txQVW{JDHr}Y84c>5j;9{lPmA1|%mi&ZCvK>DE zRVxxsXIM3P&HZ++(b)y>VYz}!uzM=A;c*j^`g%r=AwcmkIL*I3V^KO{;7t+RvbyNq z@=e#%Gsyj6aPt-wqgR@jyd9tqp+{{zpwleZkJE!bFvcBgzL-hc$!JjN!*$&CMpT@P zX>fIkA*T1~+8JRK>+#%ep%!h8c7?SarRy%Ga4y{ZMFJ;ojC~_z4n( zs%3h<_&9X2-%u5W#p{xuRMJv0`8Z0Ij=w zm+Q>S3aO zz~wfy%V^HPS#QVO&x8z>69*--Tx{RL!;B6!HM84J%h*n8g^DwRwjh@Ox;JTb!GO>uiL#9XL^blW!A9R6qTgM7;WKP3cTfS%L zC_~~DhXdbvJF>L|DY&!!aQ_(g4OQ4WnmcDnH5*Xk#`SH(_^qz@*Rq9^f`XYN_08Y{ zR_QOK5D6ZPOkzIAZ(j?jMy@wgG0L06W^Dx^izV9Uyq+8;0-!3^cS0*2OmE-%(j8l5 zJJ{RPI$i4W*sq0f(5}qtZeAJ!_uaAY=cQfmr=&bu)pQEkZo8H4C<*ril%I`)0ij2u zP3_jN6{4-!OC{QMy;dLC0KDl$6>`b|v1Or3VdrkZ@L1ub+lOj%7$aljkz{U%?K)cJ z`N60}HnaElH#*|QTD4hLvo)hY@y}(tVtppH%IU^ze!DsPC*Ql`>1l~6ihU95O|f3C zd_`Q0K9bi zrOBYu^1cuK?RHeBIiDM2+YYqaO7Jz})-9{x$O-wcCUYV0`lLYc^79<1TDb_g3m*cB zVe-~>wF+czI}rUX4ena6w@6>2^%NPc7_p6PY7XfnjX&eRylWpJJ3z-;OIwKs5r$L& zA1;!xCxe2Uo6qE>==jukAq^z>yWU+rFCE!FwFfx>9Q*;TNwr~Rbyedm<{h=Oxx9`X zUn(G-U^C#%7wy>bK+?7Vxe4oVM7alyDYI2eO_~3#Lf)wv_umK*ufC;3=X3#Z(f6!R5(pYvo zCkbJsZZmnEsnU8LA@OE~{_GS&f7TX%FfXqNsg%{YvIzS5>J>w~j-*ZFF$Vx!G_x;* znL9i4XS*GRnBAOl(h3Mf4sxxs-7FH-D(=rz_ghQu-Jex*pLHf3Dv&KIC%bKI-_?xV zf;}1=p1%OB+5h~cH)0`a`p^sY!!tZI=GyN(dJQnFXMEo?V#z_5 z&^E_Wi%1BvDK#zN$G@C?Ye1c+HiwrhU?uzdIEdGH4(=;SF8K_R`{h3Ib;i3efXT&8 zggXcxT#iler)6hH52HQ(szQrDzL~G18ht6Koy6&1Ol_-NYjR6jE~pbVN+GdRaG=&& zCcEk$k(Qe_T4`ruZL&=5f`-XzhY%^ZesgrNbMirP`5S;>6e z4BL(C*H}{YS%h98+{~O&6&26rV^Vl(hTW&041!P=atM;kZRCdw!`k2u0SOv^{xh-4 zuI2({WCrwte)1o5W1sc(7;Q*J0h#fd)#YatmQn%tdAlw8V;4FbfpY7Vs*R$qe|F z8z;jrXC+8HlXt}w6PQwf;=;i?qG4mxs0?pq77-w%ilpk(0J2;l~pva%n zYdOBZ8o0Z+DYibVoGna{Ex+k?I4V+$vr^G1hMGw}_uDa=4 zz6~xHn^DcZXzIl5UJ!C)u?+S=)beXaAewQg>T=HE%gl)A*llRrIHKaB7$Hd2QsX|b-^>K77X@QyuqaKVDcYM z_e}8@=chkgZX-(i3B#ch7BMMXrteW~QK|svG6jMy4b0njsXj=c$Th;{(qhvBZCc%? zbMa=iGeEUkVFLLIpu4U|EcHK%PvCUzvw@3UgjZ~wz;KG)+`ER(G`+ZD6rSKTL>4`y zxxN*PawU@LO%y)ipAf#<=uKpHI+N>j0-3~CFYKD_8aoh!%y^4-@rjEa-dV#%$bBXR z&E+@pFOsguX*R+=5>_=2)O_(qnVC7Q8Ezv!d=`(brIXuCcp^$%xZemgKLGodl1724Y%f<%Z@f3C8hng`N?p?)>S|Zo+tCxgoYri0_Y9nN=tr(CqjI6tN>Pd79*1MJxP9}5ACOMU z&7z_$?_5XU+GU6gY@ReiHan<}&&cH+a{@JdK-24L(TzM}ziI&=jb#tTo<7x9EI_MR zlRfeNxIuX0LT3(pY2p*KwYGM$duT`;GWDmP$LG*YlSZ+fRuvZQJ%Dr&b{Y2aiFB%l z`+KhI1N{7ddKCXrUKcso=JQ!lBes)#C|WTUB2C z$AJGQ1S15&c|3_r5%lS6dBbQoGh^D!U>c_QKTbNKVO;G-mqffQq!NFXnM|0})-0f3 zl=QMrJk>7EDE_jxwsy6Ya738&C5$Sx_2yuT=~NkSK2^AdXP`=?kexd zQX8j2jCh0x&Uh6-FgJRpwwT3k@sJTo#5=?<`X~W-XE{#0oI_)HdKqZ|{by+vs_BxG znxY==@(s#L%0+SQVkSf&3260nQbD3@9q8@Nxjt>lriHZpvf1wb!G*hAW8*@2e(3Vb zX=_MsQk`C{WbGmOwi0^#pASf30ofJFHXJwd4#ieSnX*4y(ue-sFj4e!dg*&>~p=kK6EH zFM^Z?=D;n|r<$}CH3aedUxUU;1>9ep2TUj^61Y8>IZ*I?$AVSTHH}o2>#;nW`I&m} zz(Dr5DRpVdJdyIoOT3fQ6IxbQy+`mImM|xQyyYDGg{Ek432;B6cQAGl@--b81wI zHOF-j5dRw49|sE2NUkWh>u(KT(4nb7(~!KvNbpz12*fvf=L{MgU%OPD+M`X=snJEK%q zojMR;J;=$WUxC%VPIv*inxHQldUb1b`F`4Xf;P}4*es0;_#;}O?IA}v=dGVTw73I4cCi4g}2O~C;Ej5U$hMu2F_ z+vmjXeiHvzq0{aJquJ2FS^nvdYvaQR$G}U!Ez(YvCPdzs9LoA$@D%(qa#sS6F zf>J^IdAN;606`y&HnKG|lY|Z}Q)vx?Uc!ck^hpbOTd`6wlo~quUlH8z1EC?nB}2u3 zMfdxZ4<7Kyn!b=i!{vctw1v;_(F6++wE?xVC8wTLen`5z(=KkfKHweap@3S7b@@Y8 zAFuIbQ~AVht;Y+fQ0uJT0Czra!+Wdo257^!bYC5)m0@U&>+EniTxbGKON}6CmapJx z*4g7&&DR&_>FI7+j)33J+upN31#x2ATrmI4WIPi}e+N9Km*zu?$V}AOVLX!xTS{KS zWH{K^TgqR|K4CB6ZhC|WU5-y0=P9@h4Zx~=)Jk^Gc=D{A)P3knBSM$e%6@geBN#YA zgP1B#?>q*)IsUVPn^_JiUatMs|~Jw5(oK%ah9cn5^J zEF?g4&u^T%Q&8+_m%RckoQ?}>#_CKBGCt(yoWOJ^eAE;OHDgCe14|k%=$`i8gi(^i z4QIOti_1 z@3pE-7IjzDvH8It@#DxDwAw{xhRfoCit(>*#n|ZR?Kpw+z#d(*4%s(=M;cSOwX5>Z zhX7DO&ivpC%&Sp?68E}wRaAba!@AE6SloVy+MF*4e@~mga(O~XPg4q-xB$rR{BhYQ z99VK-Y@ya9p*JvdvPm4HRokU8jo&NXPL0`Iha&diYlB@fU(k{-d0sZ5jTKq}Z6xPS zSLFD7SK>MeXDUwIph6-}Yd`l=z$1Er3a${;>3QrYb#7wWXTN#4C6VIac~KWwpJHF} zeIK0Qw3L=mnr@PoB2C_IHC+LZy3A3Jc+|T)Mf2>R!)<*lo(>12{faEyRwZzkXCsBI z6$h0G)Z&CTRUFFh$X(9b#C2|F@s&906|ZmFT5@66100xq z>)vSGhS*7~)>_I2@@*p;_kEV6Pg1L(BPtp=2r8jzsiH&`4jeQzQ9Vv%^Z8LnM@s(- zjJ5zqog2Khve*#;9^PtXLbdUI_Qaibo|1V;EBr}`l) z4NFTlJqISV{)4d!I|X(1?uGJj%ZN|%!zZN-2;7hMMBju3y2{J1JihaZOwS7H9iKF* zti9li&H1UTmbx+7VpkHsj{k(934(kY$iR%PU)Eg7Q)QN3C#(nybR9E(af>XEkR2 zV%Wr@WAhFB$d53u+hfQ{@vIW9)uS+=!` znw<&$eB98b!x6Tr#3kEHw0>wVwaJKca!B!Arl$vz**M47+spHV(Q)TxqXa{729J9{wGr#@yAfOe z_6cXndB=lq-gA?Pt|Tt(!fl#DB64UBAUGdcqvb*My4lVh;lI3#GM_A1ACJ0=yxJ{g z2l4{Ud1Rov{gHLJovHGsW;bQH(nYV@5Mu8YTBiVjxK5(}_JB9fsW4u5e{a4a%Gm2o z_=2ZP&c=6`Ir@jvG?1?I=?3GS>M*D2@k&}F9Js;daJc!`uJt`YBRFG$pb!^8M||IH z;&h(oJ&g2J<0 zcqa~FdKmk5i7#5Jza^Xtq)|z=HCjsL;gk-R-(9yiSso9TE7O`jPezL4TfBKX(ZfAs z5#IrN61--3aSYQ`u1=}1`MvSYy9}0>=boUk5CRk#adR>W$51KUsH-XTrHx8kMm`wr z?QHO;$&wG}KA5Wd7(o9+3nTUwzIK?Z-FM;1q3_4#cg%0* z-2~vk`rj4X`ouAqt!CmkXo)$Z1RB@r4QhbZv>7*`F*-{b5uL#v+YIu!~nV=`f(;2G^N8M zo3ETwK;+FlKk*yMhh2XziJRy5{C~ zt1{XYsFgxiS;<$t$0tN<9n`6(M9hdV+RypmlFQOISz(ugE~s~~A#IE9%8*ohxE_oc z26xSvIF_M)L3qFk$0aYG(t3YwRr~T)!^p_CZ4jB?mlf3A@$>@ZxVuTmig8-O*3GW1 zu}5_@!hXZ@?oYK=)fSXW18eVG=5AZPwd6d_nn%@P)=Z2xM=r+htz!yQiu+*_3|;u{ z5MLOeek{Dp(`zw`nx(vcOYMyX1F9=v;5pJj?8}5|w)UEUVEo~0kmlZ5U8xa<}{_ge+Es7C^ z5c1ZzmcF}&%RD{klH((4I506aJjS2-ZC{pmPc@3gyDqeXQ&kexC{=0{4`xb>_Z5-9 z&|Zo)Y}^_$3dKX8MZT3LMqj7UmH%2{{KZ2@ei_a|cj9x>X@z@k_NBJ5hT1R7UyudM zE_n{>LL=x3ZoTJcSmaL3yScofX54n7J0HHQrjj%C2 z@~VVI<)ScgC5S(7>DtHE->*MEYe!)oeRg3@Z?n4Rej?=vDdSZsvfzkKi4#Mao;^6# zX5yd!M!^CP_GGU6#n0Se(B*uy7o%}@T9MWS2X484K$QLVCbY(Kx^vYW$aFLYxnCX_ zIcMDN?O7%YKJvOd_kQRd?9Ew?wCJ;W-6RVCQw$zfFQ(CS>+&?vO#{(c?2ErZd!wb# zp&!&_7WB-c8(9S{>+fec~I9LQjA5ll|4!13JFHLbCvjw;FJ2DUq>rQ4=sByX2fnV}W!j zIMFd5@6N_J+$h8b6uPl!S&qq4wJG)Bz=81BbS2M%5w$DRfa+Q$5}m)?N-qCT4AqAd zdiIaL)?DxERiR5l*fI^C14T#Fab#))tYR#gp!H7e2t&<>{(5zQ!6@vTaFU&#!3Cq{ zk(d62+PpW#!0yI3F<~S2DKV4*4NIzph(7(JdTwKkq>$-e{Uc09%1WqOaT=gMEMmmV zLAzR-${gs1>^^@b-KWdhC9A%qEAH?4qn2t`Q5Rti8$K<(J z3&G5J+hAXWE*RESGRz538N1SDMK)QhRU2A!Xs(?>>N_Jc zK5`&AwJAw?g}2lWTLROL@TZfP-j8|ogh*gqguTXD>P-xh`ABa;Sbx_>@fnyp9^r;M zw_iM1tq1!O?SN&V&ieMvE4NP1cr30;qFj5bfvB-2OR0V24``PZiC;PExj-4&0?35lnfXkXBU=e3x@Z6wR*;f&pu- zw(8T=3vp)K}8GS1QzL{q6|`Dky8i5P;Mo&Ty7BQu!Rk;QE7E}xTDkIJiR1Ck7QqmO=(wW6X)fat*q)mX@SgqIb| z24+^smldk`%lwgJO$>10Wqx^6)W4>MJ`jCy9=Sce-z8m{cob;s9`JPmP7##a3_8Yv zNg5<$QqMcw-oashp!X)D?zQRbu#Yv~kA2%fkyt^#*0>&M&BK0sheq;W)Ug6425DPV#jkYd~fWBm3^33-1Cv)q){@^5=^IQzz0r>)< z0V?z-UL(1r2LxGfCxi%hQ@E$R86fA7^*0pA&nWA7viejNZa zQ>@{PHZYXF#64_Si7qY*+RsP4lBkP(A3U4qHBezr*Mn*zXWcy89LqC)Uj5@BfW?v2 z8(_CBJu2xaO-@jI7282tioXcCNF<{zxBq@l`mL`tZocXAi&=rYQPEHNl7#Uxt4Xg~ zvy-OLGTjPZ-H8`Uqc3(u@pE+a3%4t}}W31o$CwtNE%CL&PO^oVXjXZs$pJzrK^jlT<~wARDpo&7}<5 zP%H)i&=zjwK&(%A(|1pB+vI_2cv}4tp)NQY^u6Nc3*x~X(O1*fqvmBU+rI)Two!R+ zC7Jg5zbx0N>|ulY^jn)O*9M;ftK=u{WkvKdU9tF%?!?{wt0{ZkJ?DG5xM0Kotqo-b zz(D|0Xk+WH2W9q1t0HZ zZf+0RV!Ss@&J|8Cnj z)r_}D5yi4Tefp?g9igVeR9i5yGGufpQi_V?jd9vPSBu}yeu|ATdvWg52NLzs5^{sT zZoINV^5v;|0l|t&(DA}CI-*y}5fJ=7Q)SlC1Wz(iq9ZSQ01n11RL!1FYsB+_6)*?G zgV`}@Sd4tFUSIv*~7EhTkYB<06n z5-4r9I#g>%hBK`ng|`llB%C>=BN>DPEna|&OIg@)5w%iEqQ7*ljI~7QNGj$wlc$h; zJ+A2`o7r(%5V3?9>$qle%r;uqo^Qk+I?B!_qA;3Q&KJH7z5_nXylRE~QU(K^7X{Rq zXSf!Xd{eU?>@hGs6TSsSbVDa^V0W|d%&iE6U$Lh1r{@CUOyxQ8LZ0a2#i@Q2=+){_ zs@k>f>#5tCE-TNt{Bo`-{9{Oz@*{^cnOMqAn4_0u=PX^YY2hUMOMMX2?p(WOQg!O^ z5*%0}3b%ekT>JF3KB%gStoR0f>BPVCE;B8%HyJ>$QLIOvzzS4+>(`<)d|Nv8Jtj@U ztObvhN-2=X(wZJ^JFRNmrU61D+LjMM7s9-8fn6Znl4edPxkWyF)nhC44EPh) z{&bA^@$qr&SEaN>4l9xI!f=W&D-l%8%uz}%hp#bujgMvp3qRzGJf+VOP?Z{y0>6Gq z@eHW3o)_nJKF9+6#)4lLHKxPKiJUf_3Eogo?=&3}KI(+tOOx{7x`w;u#e>!UbmdQc zm#sp+2&%nFLv{IgUm^l;8@a3SvYgs*T()MtP-j+kQ@E=(RRG5Di{^bhEj=T1h8H#B zcc-iWGC@#-rcwv$kHr6bhXb^W+le*oc$#Cz4Qd82u7OYLcFtnHi6jwp#oKDJEH*rd6=-==7 zcNRXK3$C9#yw%7bXXzw415jP;Wek8)qx}R6 z^GCi=0r#m~2vC5i64qZ~EfG7l97|8|y-TBZ5fg*a=4R5o{UU0i%{8^^u4c60Wu~L{ z3p%lhD0rp&pJnF%T2)_tEI?1bRzWrKDs9imF5ibA{0{I9Kkxks`alC`5)&@3BfI=3 zW!I)_ulH>aTI5}=0SQQ{qZYPgPeSytd7eTrHUt3j37lK?c;y6;*qju&9X4mtN!yEOrGLFaKk_BqZiFIuXlo(9Zn!^(kazTiH#kawg8FCP??0KzD>B>uXSPOs z;kb;dWCtZ<^K{KAH+P2TK^8bmVUx3DE_0dfv#~elW4l(6RQ|gq8aEa=FqKJg;=d$| z(UD=$m&E<(W`2LU>C=~+nh>u3wPij%l0ScFn0yU1eJoy_gmdeS0*EEEv%Ki1W&Q`~ zu73*oi9)>|3<)%jD?0@IC|)HtqjhIQnpm9L7Kn+&qpdK=#n^uf5-I+rH2UB;Vcmk zcBj{xyr;)E3y30Zjd=5s4ej^9{`yzKPoAvgN17MEuL&Rt`Ru|z`})@_{htFL;#2|Q!wfx+r+|xNRxBO z({28pst^5Gf2Dm9RxEuN4=$*YAqw)8C#vA%Xt2UDW56*hx;WL2Uy<8vqitb`=;*=y z+z~p|5_9ONn|$&}ROoqWUOP^FsZ(f~#WRg>?lt|==(xxh-{M%4mLR+LR6R1goO^mF zR*$13XGKFXx>G5-Q?s$shS_LPV``LtRq>z>^}4S9|F0YhWk$$z6a@{BfkQ{lw^l!kscWMX%$JmR4IH{#RR zJ4vVqctF@hM434f$4y^LnC+hSrYmd7$(YXu2995u*NfVSC$-+pe>2j-u%II8x^VWu zMt&=`cT~my3qhv5K4xF;I@{E|Tjvu48O3KwSh>v(T0wI0xH83t;tN;gB*r*%xtgFv zJvx6RWon?7uFRP|^4^WOubd5N9!)usS=UEarvC5K{8Z0JKJt0g&9*lxL=nRr+aMHu z3O&h*hgt5L%$a0j$60ItxXc-MqchnOm3?tqI|(X*H#QVqjbBG{L<7UXuE(jnu0k@4 zcTyjVnP&Uh*IX#hQqr^w;_i_Nx-h6(=Lop4@KB)W`7%{I?1!mu=c6Np((#AH*Vr(N zk)GC)bwjGbN*a8{B9mGLVFodOyN7{YRTzrVkKMIY?=dtv{z z!hr*%cp+fkvJ8B3ccG=B`G5w-(eWX`GI-C_Lm5K`c9MN5>_f2U6n66W!ToWJ&h}Ke z6c2j#``VHiu&|jaCI9{ne>yBpf+oSd-=F)3w1#Qdc9lw4ly)Vi|)K*rfCnaqKG{RvK065{_ zHlU|t1q8qZXd%eKy#MQ_xHbUrA*er1337QF@lnRS{9ldgcxn$lfg-L8Hi#g^0r;+=8>q6a6MXOh2_^PA{r|L?}3U^1TU;RnAwz*Z{EzyV}qW{wkwoleEMom(OiJk7qNUix>(>zJn4(TyDt?0)bQ?z zC0D90^JIzTag`BgLq?NqeQi@w*P7VKh-moa32f+TW>cXKmyqf;WK(N*eEgwO+$rVq zNDJu|PNI+YtzhX@ob$nq=s*&C4gdzv8{+dLy5n4AdP0}8TkxQtwzhvIhbhS zN5#)l0O+!51Ox{23nU&EJZ}MzMa+u+YM!wF4Y8XX#&v_;(GXd#zV7w;?s%qj+)C5P zKJx8U&GQ;r5e7&DCy+4Fg*!&V0$}gRwuT2rDekE959OAiGPvGR^}bPcKmMpLCAZ{U zgKf(=d9A)tc2|a|jvnXSyAwAj{SQW=t>qr5#C)pe;9tp`udBtamb3oaJDot#kjn zc+#Ec3ddnJBW=@k`IhLTux<)Z_4Y(kX^tkl#Roogs+Y$HRZVP0I|Ouof{}ti;kG`0 zP5AMI*!gf;MxOtk#fXGkglMKVqm5Hnw!Hl9y62ScY99oWyIne%4rGii7GN*YGJ$lW zTO2DEOJ&8@DWqlO1QCsR1)^Oqu%s9xXal6I@~vhk9HkZ)Ixy`>K9=@D1TM)#Iaji> z-nj#`CH>Z6)oGkI(4PD*!sWf1D5y=h&gOIA4ECN~^-gZPl}hs@!-)cw7-Ekl-BNqW z5C*{JQuN^!|BHbD@X8Hv(xk0UQr4*R#bmAPt0GRzE3~a~Qa`I;HKcPzcTes=+@$R~ z?{MvoNiHGlkHRv^Sax_8BiTCH;4RtX$T5GN?8SfsKf@&Wm(2nx8nCi$u-bQ{_U-^V z7$JR_njFS5hh)CQW{MLJyMcTz5-BO1m)<>R)5%VQ^~=je-hd{R9Pp~q`p1R4LzN?1 zzY_<@f#U0a_s#q1D#K~%6#2&ciQR2*4P#$`PBe!|bD`kPnhfqEv&!KNXT|0s7Tvea zwY@!xvuzWHt!mDN97o)r(pR<{&&_AXE?ss9Q}UmhTSftyvUi}1tZP28^PTbR@Y}N= zzLPp)Dg_^oHN-JT)vxY5Kf7$l$O}+^hm@)^M&o*%)-9eiv*>zSAv6Kd@a77boB`KW zBc20rEAgU<=N+vqKqfu&IwJIPR^GS?t4zl*C=IyvWs@-6e*rNA5E(?@CBT-~qcXJO zFkHh21|e#vmd$p-Xy;Fq7=_KESY8XMu|0FMT3aM=&i_(_i( z+p{N<&;enQh#_kW-@!Vn zJpdudOleR8ic#^yXyFM8<~!Dx3irsitSl^B!{u0}+aqbT)YJ((l|vW(sr-4m^E^8* z_3>&sz1u`)8eB-cnbmSFN}H6#zz0FsqyU8vfa(Gg0ee~S+Robm80EVe*NCK~WP0G@ zU^%V}pYC;EX_e`)ewY0<-$s-`;y%-5+pWzBETNdU$=s_Ff7ztkp`&HA;R&nRc@6ZX zdd1isU|-D+BS`s|hY2hYQ8czpjutAkx)CZ+)q*EwCNQV8kvJH6-O(;6#3(t-K=~# zsDdMGG=jp(weP2kTc=a`8C9#(CzY)ovD!xApRWHCDEtAYYlnO9Yr16J&;5d_LvZ2G z^yYWHwiFWXY1f)DCfLJ^w7~RT$xnD;8M7jp=5p);|1S&pWR_=}2(lA{wlAP80=hBN+4gf7w7n$94WE+H#cFXP2(M|rjb5wX z#4G_+{s#Ak=XG!qagthrUYu*zqODQ^xQyyrVhH<+@x z^_UfSOB(7)oOa#YTdbAM@JSbondJd~yvK7iP+LR}=&(5spObFU=EH1*jbH@9C1rMQ z?r2a%(wTb|%O!Pd3g@AgyXl!aBi(`lqAsUT*8*xq%lFTTKBCq4B|M5?QS%p~ z$&ML)I_M&4k_8e=2ODZd+G0RA#Ebn!Z=VU9sV%t#*kfw}@6<|aM~iHrNAhwJ)}sF2 zb-c7?G;es7t{2Rrh5J1 zM-FP=MgVUTq0&@^0f~{}xM@zJjl|K3*o^?HRu9S_PcIsj=}k_vH9V9CWC zKojn3v4uZYFw>P#1sUCK?`^X;EAdfPxH1HZ*|foxb5gJ>i%pU{7yjCZd-kx0Zc|Af zRuZi}UyfSoxlALxkyhlKTltZLhc2P4d(RI(C`~q-JwhZgc(|r}0PRIDA6UbjGhT!T&pf}t zrbAmoq4&OTAYkb9ono`TbEtAzgtn63i{2$y_;PGiA+f`7VW`R7j2V>~CU5Qg?bdv8 zjlv=RVX!=w+vA&HxP5cMsY$t#t3bFQlaBD=z}<%dp51=s{Kxes&+qEiBQ;iw!uL0N zg{v5LmO%Gnp2>`!>V1wG0FcTg@%r4H%B$Bm=l$3OY}VmpZv${Xd&GB^B>?!F=ZcqF z00|$E!gR*F2C6@a%*gB(6Y0wG{DG<^>SFnOb@k#AhKaZ1)CU#IJm`nDm-CNrJRk3) zX4W#%1cmT))^2S+W2+zSljC1b#q4~)>}QqFUG&x~UTgpg`ad*CnpMav*KQ?aSRNUMYt8 zD%K+Anmqe5n;jIXRWb#b5G==IhE}7fTE(|J#bnZOwa+6eotP2r8MI=u_vSJ9f#f98 zzqQv2(ZCs|wsW__mc%Inby+29-dm&yVpb{s71eyD@10Ri5YZvCng+8|)f>-qd|U=1 z)#D#oYWYfHfrUD9dy=yFoNVDYbBFT{X{z@R)cXrfYVbK6jUbHIGPH&*sfaJRG};_68z=YYnqycxoom3 zPV3m)L%pRPk7VGjQJr{^m0iBY65e5oW2b2z$}iH|bI)C89Nn9xaH zTX%|Uc0AZsn~BSq$O2h3g`|4UIU|G$G5gNS8Ox{UrnqB{8k|#+lsHfNSp*Ea--vpN+3|)S3xkrb`EYb2t+ci>G>i|vwoor#z zVq#d&Vq%vakWS`{=&g%!ZbpXmwn`2%cd*ih2i{bL}G(>=|m;J2I zrqJwg0e0_q`mY4qA!Aj>qD&=rQA?J${!0^5xD5QIhyL3F<}Ys?TRGcNbnE- z)MZLZLE&%QcrM^=jg`;CY6&2G2aG=LgMc0piWBPA`?FE*D!WnK6ggtoc@?_!^T4H_ zQO2Xca#P2P-bM*X;$84SbS&rVQQ01613xrrVvgr)B>|-@u}txZZ1%^Z@NZCR0Ue@; zb@GqSRW{y){FnVPUV$5c!#T`%L>>9^By$Wo8m_e6WWVu4PPmOWru%78h%QDOh zsg>PTb-dZ0&sP-vxmsy^1H>U_tdIM#hhlD1S;ocqj*6wH{O`uvKJyY90f|~fu`1|) zi>(xhpBfL0eCoN@F+bPi6=+K<0!ex!qCy|N1W7(KMybFO>K-F#AwDU?jWyZ^QA9K) zrRstYwayhxlD`6mDMFnUq?2I0>~;8R_NJ3c!m*^r3oRfj^c}}P>4;5Z#-1zs*dBY z#@96*=(MQhDiAx(p%j74Fj$`BJZLmT<9f9O1Xj+v3DEw`4C$v}xBMbfti`V8o8>xQ zjQ{|FwJ*KT#^(;Fw068|O~j5={AztZ|QGL=EcviX#7-ILnLcF8#o-rTEfRGGru!|Dx-J+@XAlLh5f;q zDkB0}_YIr~J==rtu_+D#0LVQmtWuUa`YUaFO^uc2PzPR$47p@=Q0XRP7IQPpyC1c4 z9_)ZJ^I+n>fY+hF{B{==J)402loj3B{cRcm4U@5{@4Mo8DR8C=1P{@?G65TUmFOTw z6kM0R_f8HhC?D1x#_Nq(d9rtry{z8$-OMuU`|bskK!*2(Cd-gY#hy2r^{Li!npq@~ zOWO=LBHwS0gpb9PtpT;Wgw6^VoofMXyJZTr7w5Z-(>K?Lt(zA$S|tvgEuU6#6CdaG zXZAKLUA2?q$0FdTOB-(@Cy?1*xMbGAUJrgb#Ku_ZP2QRszEomCQSP(&;y|8SweF4= zo&EXx8c$bMvE=h~8k8EbarY+-aKOynt5Z(zyA%4-(ZbSKBIC#MeA1iAI+V@vhh^_C z+8OoTM`15pcWpv}wf%1Ir$por5^uI&OU}Y&FFLC+m>{xlp$mYTm~7pCi@)hoYhm8w zqYhpLl*=#AOta;7lB)UK*8<|D??EXwRcGCHI?ey5O?XE(u+I&zM(m5ZjrOSc7 zg^}YFo}r^pF2nUsyJk0qHeX#O7P=OXjlX#DxE#C#8tPJ8YIzfTvg?DPYCqUzvi?h; z4&`eQ;v?&0;aaz@!JCkvnn0>%z|zL_X!uE5e2dP4&}>FAm2zCEk(q|8SC{^TMzGY! z{wl5Ug{2$_kQ2|z3=N;i$7pyoy^Rd^Ei&Z zzkBb`_n)yiZlJKLE0|*cPstt_lq~jA&w5^6C)jsa{|pWg%i7Wi3W_tvaPNa|YF-r; z%dXy@zq}-^w?0G6ev?1m-3`FU9gUaY4m5<8Ig?qjD9uAwnZxr6Q_Jt~&}QhyAE2ziKE3R+oN~0g+V;BU+&Xgl>M3x+ zRv_n=KKRf4B=FQ!O+uvcOi#STy10YYS+yTosFEA>x^X!QZ=qMqTf1p?wUTpgH8Tk}=X zV36L1Y`Lg&MLnH)A$NXkBX&-3E8<$RJ;?OJ?Xr|(ecM(=n%)AgJ~2`z>`BNROyA$n z+!^~LHdf-%m0oKmmE7CayW7o^F=*wCuC$S1rb@PElP(!yS%_;hHS?Br$5Pkn8!oUG zE#9q#n9!TT12`=dOo(UbeD-2G+y2qnnMQDje!V$2Ht8y9FKHBn0=c(!{{zdg*kJlB z^`xZ;G-IgimV+pJfy%%f!Y#i|R+eVUTmhQrwmN1l1F;lcbN1dYQX1;H<%gO7k zssPmV-6KqRSdcTO?r@r{prg$AZrnd6DZ_4<56ThYih1>O|yi z*WQ}Ec6KQ z{`ytt_L=Sav8B6&O}nn2EeQl;v{-3+R@ELix9N@?8h& z&Rk{k8s#eDGXIP*@lxDJi}V>Feq>zlL4P(mR&SgSUhg-`hLgM|SG^sL%zogC0gWKs zuQ}qu->*@Ec}8O_j(Q|fnNUE?pLtVc4+qn`Kf)bfzg2wGp)n#)8!(3 zcg&;fHJ5~C#G7B7uC4t}Ds7(HDJib(tJ0oH)CcgoZb^hsfa@V3Vo>WFE}J2?AiMKA z@Z&$6JNDKj z;F`_M)d<*ZGXWPAQjGobE7m>dKN}D!wzUOCAIe+fz`ba?Ol|qpwNiVhr$POQ|GXPu z&-tJ4CO&^(Ag`P!jCNyREblC3C)gMmqkifM+exvu+LhMcwRz}L7Y)rT zoPP=W?y1m}w23FsA>#te#t&^QMEsTF+-K%f z(UxNpW8+Stm=jHRy5iUqS-B~Boy@uo)(6hy){j~NxjoD;`wa&- z22$%S_PDWCnk`}5(IIz5&x*QK7YnmP$0sVGurJQ)&xraQKYbXe0#wKA&|2Pk+NCb0 ztJ56vJZEQaY8XXc(_y2#dt5s(yOymq2`(-Br3rru&G>B^HKTf3!T7MZy&avzV|kS3 zn;!eb?#DoZ+iL64&jLvy-F$B|9LfXIazCn05k=M}oYndSxG_w13X-GFLlXum3dhaI zKftE=$L5G(A~+iFnJSKu{BuGR;N2l$+T{a~E9Snfc{XC?X!LilVlol?QHf;kvh}JjyljpER^UBQ<|EBOL(yfpFD zpn;Zz_y$}8D&^#W(8lTb{20~gCDigrDN>2)&W6iR#fQnl^IBIF0P%`BtN#LN-|3g{ zvZG{Ge2YEyC8lJ!b)^KLunb%%>B2sSoBHZ%g5GLV9`uB?@pg>k%xP9SiD`5}%crkZ zOBeGH)EpP6^vt)|7MMbcdbR!b!z zftDiuC;pVpoB^5qEiLzb*)h_Fzr2YB2h7lH78NE#FSybK7Kx6sU0|}ZQb|Fsw0g$* z72MwnWqMXb#%1YeIDLn+{cC?Ia;RtND$LB|)qtNEmgXY3OtsfN+R+7mJpF<+_af2q zZ>vaPPJ9`<=Jydc5)mG{)?-aHZ>h<#?`9ZGpJ41RxicC}2cNG};rny=icZo!YGLes z{yUr47NUPGk|WR?)^R;X{U3~f&H4CHJ8}H-It_;r#wmbu;mM$$b-In)%U$!ne$;$j;}|9J8zG*fWHx z)~l~sN_3e1CGglbotM{70-L}L&cySgRy91!JJ&z(kvbK2Tt5Fm$knZB3$A88Ih4g? zqmggc1W0keq8bkh+!5Bl$={W3c(ZZZPEBOdAL?Jto(q*9I5p;`IUGIN(Wp+V4;zgb zNS(^>R^va6r}??0o)5L(cie2Kgl>4mPmaa2Oj|6mgOU|Yyfx2bW|pJE1ejYrty&#< zb1irJ)!JeI1SCxBr)zH>myIvDkXuvq^kj_BrQ|=fwou~VfjKysxgG=I$ZYsQOWAd2 z0k`bo6!ToNX8^ITyGW^X&-U~+|CXDntJkZhXz{^R=2imS>Qc z^Lm{e=Bd~*FMF=EWH2_4NspVNK_B1wBX7TcEWYm95k6NGkTnxtM;sn${9fet65Bqd zOdHO0Q(CS>EF}m5?0qu}vdP$!%8TQWc_-4L&YqiD`!@LPYFVp)G?txfPVP`83YmR; zJjuKyH;dE~P#Mox3S|Ab&s?{2)abzi@mjxlNWy@&hw4)+_@xRg)CfLAE-g;vH8YqP2t5DF)k2N01`%eAo(j{oXO)#&g?vj zY=F9u0r-tt9))vjOV!+-o4VowgHJ%AbgN&jVJAs=OsZ4xjK=d8emLuWb4X@Bq!d|R z)>x+@iYk2Xwmyr?vDYZa7gLvdTf*8C0BRPN~nqX(fvQILOs?Hh2dA13bbuu|@z?pYAyC2qtG z#b~Kn(0id9NQ66O+>zSdJgw9B4!#n2cvzS;3Ae%19zhTde?5{>XMgJ2cgsC{z!{S^4?MXWPafHw7JmseyjCfykRI{{(Z_CFj}U zN+ZpdDSUU4>#L@iK)|P2{}jSJujKk1sxBmTR9&2x<}tC(Nw?a*?C`~uj?-f1k69w9 zQ8T?-BJfcOLKL~uTR!6Hb~RmfRSL%+MGZem<=ZH?qVc}T&aW~OFUZBI-zGX=zg#D5 zs-PTuG3H`E{zYuK5xtd)#$)YL&7yCNZ0d`oQ0RTpw1iS_V~KSYUkTx?*Y>HqwgML| z-ojm_3z-i00TD=aDeClUyTq`x5a}6Gw@XO%wmEJ;3M$SoAr*g9G#gHK{Nl7OedE{) zz6cNj2ZN%rE^NDO&ZwrN>12U(2?Cs*=c@^@90IuwW6qZ43C3p6XltIrJlnzTzxMN; z$$vhH(mbul^XXk< z{YxEE8{}utm>1^^T!#qn&2EaT;)74v&=FB|VQ2qZ0FO}l+lkIk;>adUr_YJ-&&PKr zbEpvWVfw0inT9P9p2hmMM0zTe{s+GoVbYBfnvJj^;jch#JOs&{V>op_!;!MJMr5`C zH7gG(jp5^AF7^^A7)|p1)Csd8!*Vaz_4`g1PfgLflAlWC ze8mejT~+?>p)XzxLfw#Hfe7t%$p(g*AMig~xc>Q5-s9mOPq>c?u&|Z@ zOGT3b>iGF9Bb-a-ikMn5_K{*GDS=-ue5;~03livRZF_IBR*hLr4#L$o`GYmO>JkEL z^xSrJWbkcMm*7gRMU#3%uA%W8_V@QE8I=PYC0&hNOPnryH)2UDii2sTF0}oO9=H4H z;0frm{awh=HoIVYT;bgxkHg2zy1umhY=;DocI2z_!CtXPBgL<5+sxYHMU_aItp7@&=i0G3SU64hY`uaGqPq~&C2GMwey&9~ z!d^+_dKx*nSk{!n7ac+GWP|$rr;vXuF$(8ROx;^+G6V=&RdM5V84G0C9>KvEGW7 z{)R#iAzo>^VW|JsXv{{rc!>Xa36(BiBABqWn#zYrZis4%$bN7BzQ|P%yyRRr?j|tn z?ERk(k%B{w?TL(HcSkOECD*(|=c@*H4x+`2ZUd2#MV}Qdj1{$$`kz2~y1!@*Uh~vP z>Pq9KR{L^^f3D0W-=fVjUrS-7Ly|l`+8(TmBZ+HQ#`(Mb!NJ?F(=lJXOEn5{SvbH` zv9kO2j5rN0K6+@i!5;uXI3Tb8dH~!mE>?0VL6$jNWK+}1V#FY>(3g3Z8{z)fe5Nn4 zol$Hu!=Avr%KYzJWg$oMRCTJ{2Wkyz-nXM&vFh*w+L{gdJESbu#DSbg+qs$=Zu-MF0y2~kqmBSl) z6+~pFadn4$SKT$&5%y?dF-N{V*C!yR2eAr%LC$s_87eY^!h+7H-+9#ud?)_JaUjb- z|5bx+#yF=oB^R1y@H$pOtk>av*G9FZ(tqpk{cn-*J65#g8s`N7@TqyJj)92Q&G~8q zIAwgFTbTm%sJdU{lTLuhyQk(awfG2g$YSJGTXNcOFo(^`Wv@--V;)2I(zr%C!Mk)* zIqzG6tJCwQlZz5Qo7^#$B@d& zURC%PAk3o(^<`3g7yLjCeKLQCQZf+%ktCbP{I_>qX&mMUWSZm;wL2FyN7%+>wedg|uqWzfhbz9X{-t-+=hFoi zMbAnAhJ`l_SDA5?n@T)8hh|$TfJ26P0rM^j@BYDC_xW?!}3Pp)nO)wBfdnj!z5MhzYjFD5WEk_ z^aX$R0k0YnE>zo&C)L45CX;0Di)KFoRw_9bRL{v;mJp20vQ^)8@}V2$Pn3!zJ9vp~ zYf&=p%6*LoL&;nHN>t~#O{oB;biW3t&9V?_>xI)4MUos91+wR`sPU8PQa=C6$|UPi9?Un%cp>?XYS?v-KS~S?1FWz z%CO(`s>Mm4dUgcV8joFeq(_W2>rGLLE-K0brpV8$ogvFUVTi! zyqMuKv0kDu(B~?<&ChYvgaelt`-B!J_ZWYOfva-B=sJ5$~(lm%{Dss=K_qql^kF3%QjT>wTAht-8& zmHo15fnF)A4D941+;ViNuiab9XS%_SJ?V08TlY+z0G4vW?8(vhVy8*Khy-pi{IwF; z$%%8NGXbGNy>JrO{W*a4{;m7}m-qj_Tc9uH z6Lk9KxY`%6?$vu0X+|hsx%(cDTs1%_6PT^Ih=*76W@t5IVq9Wq$_3O85p|8cVWsF1 zEgvjm=;h?^s3Y!&5OsPo&pN(K%4A!*tDY*MRif8%py`XtprFtyPnwICbY2n-VL*;0&(76qLg)lm?pJG`6tLCAT}ng%l28XQEB}5yb)QlX>;Vz9B=~sSN{?&fy;4W zKfM57`0nqq%O7_M=eaO5r}KA}X#(mIE^cK-DwU5V`8uBdK0Mi@2P+(AGR$$%&Tw7u zZvB}PilpuHGLXwjGykg{R8>TVt6VU)wqKoYUA!})@oXU%?cgi)_ewa;1r)`CE@}$* zZy(qzPaw_rI+-&ZOJ$oQhab-ir;1%Z`PBdLhx=>UG$!#nTdl{e{8u>E5Y=X5B=;MK zzZa+8w&>|2u?Aj)nOkx<{Brl^-HApPGSqt3$G5>vd=dNd4HZK$kGvV49fR4>2WN@F zkq{l~rA4RSP}@J>!?i}x-H@ID5PX!$*5r&-ClLvuqfyQPz?Xx0tf1eG=m@Q9tGr-T zLy>ir#q75|QU_{mch|v~7`>7GY*m)zA)T7}oxvtZ0ug8!f3NQLi{)%V0QvQly4VKo zEptfVd_D;EXKmFHly)ETvX!=((DVrDINUE{K5V*NcWF5wu3V@Zg_s)POnEq?eFt?J z{}WZ^kaO7lg>t`UIJXIKvTe#(17h4j*18Q37&zh56?L!}NU{A>^w(U|{b~{eF2l** zY+t3m&qUDmm*Lg`A@krR0OD=h$}0cLW#8|lZ7Hp)8z^|L?I(YC2iT9Lg@}Qil8o+K z{1`k;I`?)wolphMPWNC=)}AxOoXTeBZ$~k0>x=2h=|i>W|BH6`PelHL8BGqYM2fHg zTbcRU>g5ZZJq#vEyMD7*1Y{MQ_~9Qx%)vimsp}|dJKXFgiQ+{mY>N0*cb)bltZgG?r=qy}9fshX=H8m$l_npR zyrOb8GBoak!ahaUF*cewmq|aB_~_r_ zrvX`Lo15Jh(~^;W1GdX zImeXIirvQ)N6E8I4{Ch2$puUSn$q^VV`GLJ_A|5?NDJ~hLKq+;bG|Nle0b)L>Sp6* zmGs_;!ZTGZKd%%@mO5_IDq8h?@}wBY^WuNYKo7oHDj$4&nI7iu>rytZ_@uS9_bWkYdHIyWAP}z~z|BIWOJCdZq)zou zXJu289k*9jnW1!ZwD5tj1WGhm=&w`<`}C-EFRv?VVg{hbIZhIk_~*eOL5$N4Uqj1W zZfM%5%YvpryHGSh6YvoY0aT=G0O8Z!%BC^pn#}X^w1!0BK83x?mL1ht69NO0m#U{}9Yp2%R2cLCPsY;w z&Mkl{U#Fgn%)8-GU^((XokXF;ph2s{r77Te5;%iD$$M~~N87gn2(O;T+L|b#Dsc*GQ*s%=<=H1Gkmu{q0Fw1zegn#m*?H4G!bb0WHR7J zr{R~J&{WgC&zd*iJvM$+ng0=}d6oNdMGXGj(G`~M<=cly;%H8M4XH)UuuLPv*npyh zZv5|a;Ykm*b-61-ifQ%6jjFy|8Si#7cE-ois!^waV@Kb-cg69>gza82=EPt2z8_lo zBKPcsc<1sAp(YS`*U*a@v+$?-Z+UDkPN~sebr;TTj|pX_MdI!{1EbkE^jaeQuB3(i zFrUE+E`XE#`E@8kjXnyfyyx9LjObt(_Ko?^#SKbc7Qn)Ymp^XfB?>%V7*T8QS~5<% z{fza})tqUh95U*<0s4_20h~|JNkj0TzoonoBLH`ijW~RtMh~r#UGLvK2HS$NA^u%k zoJ4_ly+i7EqsJ@%teo|Y*nMYM1IdE_gQiD29Rf>dzK#MZK|{7jmzr0 zIFCaT;D6Vp`MU^h(y8ZX4LotKRrCw`q#po=^bnVQ7)^JVt0qlG6F475ggwlxZaZ2Yw}kL^4O z=N*z_M~$d;wAdNJu%954FiOlX^QIxbBkcXZ+x~BTRbjQy@+xka=2OfT(l!o!>b3Qh zKqDS*&2cAxGqR)D%?6=&3UvoJl^aWQ>s#fuQEJ_Ng)3q|sL46Cs?9A;-FDbNRH#>7 z;c`mkOEH{om;ZdPdVGHoqh}&C3yJe=dwjYHq->e~j4J$FUumu-o`tu-DX0fX&LlTgjiK^+jB?k8(6SfV0 zFQa}vdLRkVR|w1Jvk$XoocsOS0@=-9LLCOyx!q{#)$;H}Y;$Oc8m^u?6zA>9W_|IP z+ZxHw!QHxMTnAY*hX$;YM8CiCt)Hm0wvNn{n(RBCW(A?lQoNq(4DK7IjW2@PCmc^0 z+Z?MvXeAuHws+?zuR}LzPwwR?G!f=c03(gGf-?HqK#d>Zr_SZl&pm zS;uw#uWR5D@-S30$KA76bN_4-Uf0@AtU69D8fPWF&NGre$-PUP25l7bkKvQ-+bfch zm04IK3+9+HF)h4wTpm>#4-PzbyV&%51y&^Zo&27Z=yLc&mvY_e!R^Y5TWp{ibLA z-c3Bo09~m_Z2x}Wxfg{C)7s z;}tN0y1`?Vz@o?FoeKbPHD}s=9F6r*+iMRE7h#Zx^Wk3=M;FS627o>ysC8nwEt(pr z;M=lY$uJsGV639~3rlTF)$uRX z!bVCar;D*1#Xeb$)^t&Pe2^gd`;C=WHo$k5g>Jw7xAHpW3o_sIQ@nJ8Y~K$1Y3X0?^LM4LuW(zqktF$vLU{7D^_M>Zz{{wqw8my6;(g# zoc6lAHV8)ohu?p0XYn8e1<|M4q2m~W5H@@(D%+rj8=_mTQG7v{y$KkrQF*S8SxaWl zNwbLDhI>2&L>LJJfHqHfGRy9_l7nMATBo@#-F_Eos&7?iHDcQlvub`m7r5|0B6z#; zIxkg1r{2j467o}-f8~zLq%MY7)(5&PbFL`a<4zbn@7}ih78bmEY;;2a`V*EIzah7_ zw$b)Qo*>e7DmohHWTJV>-mTTtHIqV5R)aCIq(8AjDIuG`#et(Sn*O=2; z5kE|TS!x1$(41atpmt+4m1fmd&-gH*0btZFQh(EPD-8 z@#KN7A@4KjEr8jgByJz;m~92or4L;>#VG`bA-7#siL&*81u*^H@rS=M#1u+MIHK+cyI|5C9keuQk_oyFXk=__@5AdatrjWh8!pG{Pd1F?3W%p{fW!9~ zb;s9jR8im9F7r_Pl0Wt1CVdjS8ToES-@wjm_w-|)^}X%-efl9nwK;vardc>H;L@an zhn)Y)w`r>rwJI<+8_Df;i&L|S&^lb-=;zj;TH!x?*f1=s)1X3~y9_|q*lg-o-M8jE z^U@pDiZx}_bQ}o)Os&WC2_H3UxCRN!^^W1Q#lq(X($_ala~Jf@n3Jd$YAw zis}XfbbCHvT(<p$bN-^Wpr_4(0%Y9 z_4b+@7_AJrsT!iTrDdvxxB2Ngara2<$*S^@;lEMFAD|o3P|nZy`;JrXxZik^0dQY} z1si?5iMGf)aXk}I7&5b&iYPExzpTtI=P9Y{?r^A{$Xw`DMHz=5a;8KRsVWAYm$?Df ztM%wG&{N;_2L|0)OQ`@xX1)og9OUFCbM*f&h#fs)_0&&iAZ zFvTq0kZW*lJes;U$AOCWqpW2d!oIm!?`(A9fkeryDesG@HEqo_aK` z+bgT8Zn;NbeRkbeyVblnI(q6Jj7+%uaOo-lgFM=sHZ$Am{kBkK1!i6nc3#Tv*$P%> z+=Z_{xZ2i>7`m#kpH`U1KqPb9=1%W>`G;umGi8XMmyCedZAN1CBtgdxhf5|~Dz#sU zC?35{d2pU@raS0JuOg~E8*|-b^|NKYB$C=Rh21q{!02#e5@Bz&RRacXHEpwQ%_5@5 zxjWu${?<4iaV+ENJwfI&fgak%c! z64P7^WwcX;2#s}o7i$t5jrK8`#!IM@smWFQB;`mHru1u_U#YhhLSLVaw=cAU? zVng3B>J>%&To~B~#v_WY1n45iQ_bS^{|%)>`2rgaOx8B?@S!$$hPlAP*JMc{8Pmaq z=_&2@;Po^pqqBW*d2WUHK+R;^ZW27+tnH>@>}uAy*pTF|Sm4@>tnsQo5?@rgKuq8IEdGTQPi8f3_6UaH1<@%)Z)lSYwxnnlM zYlO<`vz6oo;~(!1&Pyg!*(`3CFelv_T``}n{FHHHUbAjJvtph796DKF0$GlOr(|63 z%LGP}2;;D``_<_VeD3F-yZeE>9T>hbWu7A>r_z5}zF3!OIG13Vh~*^5ZzKI9XxLiZ z6YwL;1~uIYBk7sm&jo#|x6k@gm5B7RnNse3h;Zq3nY$6wq)mCCwl>Pn%t$C#wz+A+ z_)Z2Tk=K;w@Qr#Xz5>*E6(M-F0)`c8os!mo%-am-t!~j8A#dZ{m<{Kj*+3^++BVV` zuR9t_YTWyI>sBK$-EQsQzyaq`7H(~lk-(Mvgn*TKxht_Q>SgQMg18VRDUBc6%F3B@ z9%4V3?4JNu@QQSX2WEN@olKH;_G7r3Zu7Y6K?A(c#LN5o7IiX7Jip~^u^x)4$`C`D zxh#l;I;8G%kfGoRtIMZ#$1riYCvY-b4POeAR_SBT{{&DTH-yYSp1Y?to5eNvdAhBu zj@jUG*1vpLs%M~8u>Re*0CyXQ%gU|nCepmt!L|Nm$>X3Fn&#VsHo1*ltv#oydDs2j zDxpyC*+rnvl3rNSIC$uF{RdHhdG*^xEtszn;J{LG4H&f4LTY#Ctm*M{6K`HOMR-rJ zfzL<-k1>dE{GPvly^~M&P#eo`8Fpa)Z%iOcc{8jFY&(-zXf64og%sKvpOqw!?-gmw zYL4O69IALFt7vM9DQjY%f+xdC*{st+3_}A|5zf+5N0#ea{cdkwwm)xL7(%G3RZgQn z?I0p-)MT9S2_KW)U5&R470@p!)wOd2-G^do6V8AAY}u<00j2EFRn)Y@dFAt8NPvlb z%hlE`F#a#+51l+RVsZQ>usl+Oh3PD?8!7wgzIBga-m3iG$!HP4xNr+$zL zDA+sdWagbtKrRtg_2sSWxhsV>WHz}S6AdlPHHjJ)LWUX^DDr?;+nt%c=$vgGmjdyI zwh!+{3ds$^$z9tTW>l*%p$fBRrM`^mP6?Cti!|g=?=&u@j%b%gBym(ykO$^|EuZuD z)T9O|`UsQ4ElD7Zb)+EpsT~Nh@))is+Rm*DEkE0w)ppxWt;(;86*GO!u?KsD>_}=n zo)ecGi1ZiloGpMt2{vDaCNO6~$syW>yG{H0ymvnbU1HLa5ZT7%IdKl#rnk_cCtc*^ z%B)lXWAz1YnouQV5I?q8#gRDoCh0prujH#hcQ>5#+6tv{*{xH^dnoI`faOwEI2YA;?;~6R z$t;0>L4gx^TGw>f0q;d9vEE?>-(pNDhnD{WX5`1_68tJ+ zFYd|(wN5&N_A<}S?l#=#1Rwl28tzDtc7t-MINrjPp~K-;%D~cw~=VZvR_@=bj9y%DmS^<3UD7Zc5ZMy4?D)IV!hGJ z+)uaCEvZO$yJ4ERD$;&_{*|q zCPGnJO(_sJkv z$PQ<1K&N6H! MA4>3)mXZ9vqCuwlWbUg=dUsDHwL2*v-UMHkV!cyV=qDFNt7yth zO*Ta$b1SXgE=a)t*Z<$Y_k#GG+8bPzYhngL&pPnoUD2e*)QLd-kU4GSU zE!|>e(3N|maiP{>*w%S-WrLRzvQh2Wb;h{lSmW3gI>EQ&K~!2|0LmB=OeM|$z=#FA z(A}9-z4FE+a`zLVsdlC-CJ-o(p$R1)Sq~J#@@B8k6{6DXy_*nPK1{9SOVOvj;<|^8 zZhb_%g*?zo>zD*7s@9iLrF!apA1|JK!2!n#H{cW72y!2E6vMC+^ql8sp`QiDhLs( z4S%JN4ig)?Ej>&sM`J+(&o%M^H#&dArqR`1ssnC87l474rCFX z%*Y!XG-yYhBRx!F8OLUSxQo>76&a*??yXL+n)zWS^IWtEYw&_XLsIpEH;})Mxv@FM zubR{<<(-X0380BT6{;lGKBQy;0&G_1i~ewB&Ua1zrM@a2EH+Pmd*hMzp1#v{%DZFp zgWaH*G`-QG4+R}gB=U+kHDggv@!o>et3;7c^jt>+VyElkh8r72MOS!%7Z`-LA7nJ9 zg&)1<2;DAOM#TX3Q3c$l8jb_Yj)@7$QpFm^^OfSRghS$O``fmSMx`YkypgzkRaY~U z)~lpm=eMGo18JMPZZ^Ao#{20gDxSc7?}PGX!pn5O=Of!~HfbAo!>C5(Mc2@^ev65+ z+vTmjbv?R5eGQUGo|`|E*GRHD420axwLub(BUk7jv!nSG7580E%L#db<+Ht6VCIw| zMMOXXq>TvjN6nsRC%Y0Pf)(D@ejCuJpW~5{kAyv z@XZSIVv(}KqSdFczVI9v2j20@_}tTAf+YIU%O=aWB`R{y!5D=UT0U>eJ~2(YxybDN zt43rY`rt zotm5?X`Uc?N%Zt3VfHCXLrIIYPHd1&QW<8W&xE9CGZ5jq%u|t8Zcn=n?jRq|d}l^P zmj``vVmfCK8X(dV6@4T1!Z!0md`QSs{6%wW)3=7K{u56&F7J^b zq>q&1)|Qx%_iD$7>a2+vouxC7n-kzr(KIf@#Fh2c|CHe9xDQU^VIZln<`DKVjc(GS z%?>Ob?0f1~y4~N_o}C5Fw1|&fxA=oLvLc&CY$AD=UXTbnNp!!Z(g~$%@cbEY@}b(R ze($qcIrpw{BttubH|6bfkSHnZafMr@>D6Rx(c%U!=2pvkoR-h^3c;)rX|Jbic%|4sqK0n|J5eF_N*@!WMN9OSS{SEI ztYqp`xhvKt$gqqhOuZ$q`H!k>BdUCzS^M=*AyxQZ>a-|nGKs+k=+i`(ZWGmgIkQG% zJaRIYkIcy;tq)g~O6b)IpPWKCt#5gWX8l}UbrGGAv=#XZK_ohlhvwUe~wmYTucr*=QCua=6Uvn=wtZeC$UvO zUaTzY)kL`6Rg0oznn>Kf)J{d z`7}Ql;9b``XK?xMYP*4QY7p(Lurk4e;xaihZ*`x)mmv`+g3)|fKcUPmzXE96VsFfK z4(YnaZpQjGey%Pr4mdH3xKSC+A}p{8OBh|OtOtvpz^nJ#BVykK{Xyh z*O|YEUet6Tt+Fo%m~qC_^mz76V%k(pAr*TjtL*PMAf*%ySSBpRf)AVt&Voj4#MJZ{nzOzjNg4dM+r3`2es zP!PIIOR!ii;ItgZSci4$3fGI7q>(NIa*P3Po%c}^_^}RTZayEJAP-7caQ^<4QeFhT z^@$z$*Ea8@3h2;Ti7YZ^j3*QgA!2EJl`?kfM2wz?Jg&Ez^ zZE{+SgbrV~V&E-lyKVw}_^htzl(fUrAP!@1kwa=}EcNGX9Cuk%oGh z#$%C6edkpTZ%`cg)J{pD=jUNivs@R1mjXJi`dO$!rCqNz$(_DhsIK2)_+}pDk5?=) z`|!{yy6a(HE;FfvH_s3I0`0^=(1z2@#Jgnxa70ur;5IDcY6Sx?_h39MP zaCZr;+7{3FW$Pb2wc|S!2)p_Dj?m9FLk+!{j;P%>%B5E!_dQ#o<;h6xB3dLw&=*oPiU(KY?$By2+7lWayt8{)k zvOE$L=SG>%V~5k@20mRDv!nIox_V1hRuHq32t& z)=mx(Wq_p1a}zB0$GU_l4PL;fa^X zS@v=Sd7LtCNr?#c(}#Ef&hkwdUBd(Ja0~=vfCnZL#fBelR}9LBls@Npd}z-O|JKJfG?5BCL*Sd z=;6$Y9k5+FAikC&5@eoh0bg}s;Ykv(7P0JNTn7~M&9Lm0Hm#cDMW09~@}{npQ>u(T z5vSlyneVLf^iHQs%W_;}QARZ!uYraZgAcg!+#D^VM}PKCQeOaa79(r*m=~Y3l^l>r zi`Sp-6L5yO9TN}5&fkx)?Q$s>*=LkkQbiuZyX?xg}j6r_a>SjuVP9`n9SRdGDj^MTDh#C1S>9dqMRoZeVBH zQe{P1A_6UQCXIOcad)zuREoYsv8poj#8XRd3wqsU-YRQCDPp*$D|r*qwATa1<6l~N zBd35{;+J_v)xCpFZAx;xVl`8qLH+iE)ZN5|niZ}C zV>~iSU7r$YO|<$n8Y%{QqSR6eSMo|QXKF)Ld8CNflfKIFviu0}T$K z-PT4LG@QthJ6v%1yn0=LY7wjb^YL%Hzm1?uY{0hRW`=QI(PIz_{k!$*#yEq(-uEXp z{9L$*(EsNMY#evBNW;cO-1)@l*4Ygzx*tU4oqWWk;D~)r##7Z9ad{B~`ty78xT*RJ9EX8+g_ zj3S>k|I>Uog49a**|=;w*AUQKeUv?P=KTqe=gMEr{Sma|Uip;chph z1NXX7=F>06wtKW)apwLV$qE*bE8kEzNiu3TIX5bLWfovO+t+CkVapDjL`%W-FSaY} zvyQEUoHg|LpAZ7)&07z=H%2;KR7w8W>1-0O3?`nZvtfnOE=mI%z?WC$j{yHC(HMEO zJrjaf;&L{?IV4jOK}oo8;)j7aTIp6Dulvq~TeK6Xilc6BDJ4~S{D^1gQuSrdP&j&` zwAi*({?Geh*NK5$SLuC>(D-87L;vJq{!q=Mrmb;CHuS~(PySIr!J0?0GbI-M>P)-C zk|Lj3yY^&LP0yt1Ok;$)y(}tbdw9&r%C?q!7v8R{n{3238Ex(s9+C4Mr4*h-C-ZZPq}K?}Id-M%2zHWn=RKdGOABbkUW8r2=6C@#p0c#0aPWvhzBQYRGcX5N(2hAM-To-AmFD~chA`7<$*gvkzuGw^E6pqJ zi8oGo)3rq&*5%?F)gEJAn1BD{?{iZWv0PQ0llb7;e6Q|_Z(*D?mj7G{=OKz=363A% zP`A9`cQXsHDEj-quz6t_B|Y&ZAnpkQ<9cobOYpl$XXf&;^Q1Q)BhNIyNZ8ANv3fXT zeM1J@*M(z3b+Xa!vDBp3gdX@tKdz&r;!!zjdvzDl7(Omt#WFtKDWv&N_H+>lACl7$ zq}Y_Gdxh{8zcxwx#$Y5G%Z6p-$cR92$8mNfLT^sw)9|dpM1D`8{xG zh$WDyVvjzO`6NPtG+shF1!1SdC*k(ziqg9i(U%iGXR#@epu_#6j4!w>q0uu9tR63B z-aqM(W%hq4`wFP2y0&dV8UaBWlokY(6e($yQo6glyN48M0i{ER?(P9*00|M0j-eZA zkQy5P!}Gn*^SJ)k?_cX*%jG&Uo?)MT_TG10_jS1vH%Haaq$2BH#HViWBT3^x4Ezfj zI*f~ab>0bBj_ypDw2<>TBf8WS3hAu6CsV?Cl@I#^3(Li9xoZjen!D#daqjgz|Mw;7 z!>u?ef4 zQ4uk*dHs!y_H36O_Hp9Y3FqZETRTak&pR}FNtoA6oFzF)dYrSlXs}lNQKlgDy?=GyqBgGtDx04lp?44<2)@H#VM059=E~<^e~@j0Lt7Jn zPt%{-`l;%@1t$92r2i%w>Y4X6ELR5PH_7b6(89q~&6b2u4&)JtY3}I(ZQ#>)9Vdui z`}dxRkM&EnVLP0Gx~~MqAcfEoqcYx7chvw%HZ@He!-uK$)S|8r{z%5_|7sLH>;3|! z%E7_CcT{?l(qso(&zZlsGj5^Asno)tzaVfJi(a$ZxRGU|-OiEvprW=~2vd*8&6oNw zq=BIT&r@H^W`a25@P5xkF=-Tw9?$D{-EGl*%C8I`7Z9X*B>gu{_orciEmn48)21!{DEhq?Epn+5AnhaPTxDZ*KN~gbR;bLFLB>?*3~Vji9?k>2d3rY z{JE~OM7vO8eOd?5JaiSlg^!yj7HY41J9bLjM84*7*P^QydrJl=|_ zk>s77YHqlFC+BtyiMUo_Gq!_3ooyk+ehkk}i@(LY`@pJrN{c+}-r`-NsVO6EX)o=x z^1+HfrX)gB0nf=XTU7Ml{FcM5%tOX2^gj#+7~y+tG5S{g@yKu$6$oRZKhM{~S>i#QLW^_$wGNGm(iDQ~y$xzTyVnX0av><{yYWfY)k=MuY)HiWboX z6f`=n{!D1n-jRgOSj7b8sj|Ri<*i?lkkGc5W`!R}X{pVlLp@nqZIk-BhBZP{CE|ZD zMg~D?n@PMae@F&K7{2_rD_D$L_xoD;=eqJ<1%l^t`g`=pW5&w!^Yl(>wZTnS`nVC; zGa$DnuBjOrm?Ev))Yz03&nTjpU{Lz`t<1RW6C3N+9gkVDP1|L`?!?+yCQZ>rYQ99( zIOVf(Cnna}tm6wHuLk~Y?HGUoHgb1xIw}SApI!!yDh^OW)OFL1*EtDZD5!8gxzR3$)Om2hBQe6AwXz?N9C0uGlGmJ0| z7Td3-dC-`&I%}gpmiF(Fqe{|jP2WZP|691&poPZK%=1r703dgBh->_#R+i#q(T7o` zNK9D0hMo=+6Vv2{HGQcD{57F2phjtXm{Li);DYo`Et|6w_wFTd;Hx0j30{3;^UN_m z7u&8jhQ4bRMuTdnK-al3Ibq(`kIdV-oSGny+M$f#r8LUQZ25G~oebEXZZ+iwh_0j$ zZP;`e*bzPUyOUR@_I$2&b{_5P}l57aYiBD~%U2 zKHwhNx|AMe%l>4WuNpe{yEzGU=((x6DSBP>-t^#KCI5W=<_;Idv~@8rrIU@QUoAf< zkTtI|sV9~n#6AHuao$HH4MYT_k-A3a;dddUI#UTMJ8!=`<;O3IX_Ml@85c<8YURg1 zWAIyL(FRMFyaO^y>Ck=1$0@3aMGvYiBk7cLo;dKp?IV56YT(>tm+v0oWdPL%3XEa7c`h2)N zzG@Sb*o~10`SmKe_{o)qyW^r%Y2bMrcuyC;@kvg$3(xYNXmFvue8XQ;evg`mL&L6Y zvr;H0Ad|w_k%+UxX-r1Y>Se+P>_Z&+x%B3j|I8fP$e?~{RHs42?ephEb>h`gMRs;@ z|2#A@SQFRHwrsD28}H|d+Hf3^Dzz|h3U={KS~2manHzhu7#~hh4Ua0=kwp~3B)W)= zV2s&+z0R)2iI{(0=R@Ol_8ec9M|sUctGCW#A=jErodHW(*h(^1SxibaS(GV1`{UK% zYneluOjNR{o!YTf0=~M;7A?w%ub>ePnN`J)^cwzK?@9FhwROJ=*Nw&+YLL%4X2G)F z=ode|h_~jo%08!UwH;}EW@;9SHN$0XUoP-VFRNpPk&N?D8qmdBzX#GaHVLQMkufING-uGC%&K0tgEF63sm||1AIt&@wK{OcbPr zM@CDF&yu*_Eah8Tg7-8bF)_T9L`6~cHS_o=JF4CEOkUjQgx8PoIb9sXsFw>D)O=C< zdnE}t4NWna2Y@Hb48le*d=UD>q1_=0kWqLPWd5cDjt(4Ryh&I}zd!uH*9P}Pr2qq5 zp%i3$%pOj!uXH(W>Z^UPMd|bX7&@aF;HWMtC`qSs;2Z|T-jmD9b%}Wn{K#&Kv?oGm z##!rXReC|n0{Y57#^t6N@xXu2<8MiKlz?@dms^jTWfxEpq=dNtlu9;*ZXJWG2Pl6o z?O>xD0sXrWtz7DTU+vP)T0vMi)P)?+o?b;ob*Qd~X-Z2`u6W#T7$z))>(Y{Kmj}28 znXC2vdBKm8M`?s2g%&aO$~)%lk40WT<(Qkk%Sr{()^@-{EfdGk{=+EWegN!n*r4cd zpH%>MI3oFfx`Y1f??s%47|=1oVju^&xvO^75PmdH99M;=9+Vr;(pt(=p5ZiCuGOR% zt>cFdm3vV-(H-v@)-EM z7L^0D#aN@)Pt^K&kJdf~Lg>aehPvQ9u7KNn=6gFgcLYn*`o`NzNHo9O?AHQ3On;(F zM!^=7Z@sqLnFl~ze!@@xaf}Q0ZoR2JPLyS=--h*1;W||8c6(uDC)`yLoW?|l22eeD zG`QqM&})0Alcj-PI!IdOtJO@=ffMk0-xWt}CIY%fx!4XP&saHQU$Bg^hMlYBK#4z4 z+EWIrX&sap;MtKdx7Uui@ge_R(Z9W`A);SpmLKc^%`*?Se`PsQP;VuCl5qZb3(Y-< zza${gI{FQe<@VKNWqLnUR3sItQiW0<(^*dve>`%>PQnW_w;G#Q7ae-(r=`_M-%=YR z)5F|K;#Ks+6}|o|+RUa?nMPNjJIkC46XAe~brx{^xqYOM@0X}$t%Q&&Uu{C_{eA$Z z$onEXV+sw3whlHSN+M>!i7FT`VNo@v0_g$5c{`@^zRF~qcQr7cE+c->HzV4(6u?;i zl+Di@OHgIdzRxP3TWQQv=)zNE8+Hs!+EhQ;CM~8!Wt;BVdOA)RcNS7(rEo`&u5dW1 zcI^NY_Os1X$v*YcA^B$i-5Ot-k`b9d z@d`oEL^`hozoq!}b_Q2z*Y)j^tTcG%gS%StPYudb8~D|!N~A(gg5=ZKzp@e|E={D# zK!j$0f(pI+955g5uJH$ow?}&+*Q?uSR-uaMc2oAWjp{Rz&RPYM0wa~rLH9F9Sxz9l z_WazXbtNw*Q!G50A}NjE6Jzn-PQ~b`|=MoWa?6TtetHbw24`HqdVzZN1 z86SUuQWzt&kWh^^qhyQ7mkijwKY7XTi7N{c9NSnb;gok>a$C6~WEebHW#*nN(v9g$gU8@?*(GD# z(K=gyg3uV1y)7h+{cfiKZOtFpy8;?zGu+UjKSEnpdY!^cQZ$P3?NG}=fap_wK5@x^ zwp0LMq=Zp-c|Z$VXxg6rUvIXYpGdp(o=9G{T%3i(HI1Onq!P^7Z8TK$lw7ckbnhdL zi=v(WaOeTsGBn}U4>X;P315FxA)Odk;%oVFKCz_U8>Ws}X>pABYHWAcA%@yq1^{yR z#bC9(RhNv)ozeZy6z7syn5Fb|1EQcf~JRtJP+a(dC59w zeP;>(+N#;38&?Zn_Q5HIH`nc~^eJ<(qk?OpwYqzK^#Pzy@;(UtZ(G<(@EWjyluKMj z_x`xQ-_hJlLs9oj(YcZ~y2y;VYJK-1yQE=E{aJWq{Fj2e9<92{fm9A#?@@Sp7f^Y1 z1sAGN)Zg3z()1+wIj-hcOWMp9^!+9oNcPJ3I_8~G(LaW1G)!nwug2?n(4oy93je?l z750GIhW1|m|Dv@hMzg@&>Pn@80n9bDbbKj%UYnrtG4PV-?8U{j6g9l%WyYAS5OwG(Ti{oDmpB+oxl@Y78M3Y0?D@mentxaxhwerDsVAYv;|KHkIKv?(1 z6@Q+9ruDcp@Xg=LBEaib@WD$21LaRq@GBa$02wKATv}A(;;$?6Hy1#T6Y_miqeU!NR?58vE6Hb#$-?;xti9IBvdP<5JgmUX z=2f0(OZzi-j5e`KKC!b6N}=xne6Fz+0I5&>XDS0lB8PEqZ);JY7auF=pVxbQTYWh8 z#YOq=X9a%p3LPyIZN`5>nZB+F$iYd70@K^MdZXdM{2C}Q!Qy@B*MNB)96!L-Qr2;% zayWkVtg#XU+Q6qd`kXUx_{9qie`}m%^3Z#{2KBg3X>scQ%<*-q;MTF6cml32fuR9j>Ey84kxaZL+X7w{6ZdU~Xa4A`N?TgfQA(HPK2 zOIJKXX)lIHSl(`{zLXWj+qwzpwxn;MK+`$o6372{bpN^sX}~O1a*E>p``Ir*_YEP9 zZu##|{`ud)MFn;TLu)(_OBFuRf|DBw7(Vubt^5HY6qqXjpT^ypdi>VM>%qFOf{>{Ji_u+>noM~%@O0sdf6go7$2S?FOu@j^IeB7B}7Z3ajSBuLR0 z;h^qbP|IWx0vb{mv3m=h}@Gyx?MzED*LJWs+PPsJFeeaX$8koX@~Us=(i`w;v;SsGN$ zYzGj#w*yx}S(knzMy;i#lGw&#ymu)VlwV z>;LbzKtWfEe-#O&lvWmF1&v}tBq{3Ap(H>=Z3Y0!gpXN-j*kurdZ`(G7dv)BL#-Ka zcvNHWxb4X=Q_rF} zw-r=0l6}UYE-qeCQ85g(T4$F_aKCL#lnOXtTyE23QTMI>O_Tk05RHnUnW2_F74HzLpqR`%^9q}} z6~DsHfCSS+9nWc}?oXJOb(A=9ZIQZQQ~J7h;Y*4idOmPeXoEB zjnlj@H@W(!VzC-u4Fb}n+#W2@99kpM>d09A^GE(b%cWiux$F0U(FWy^ludrqi)T!F z^5rmO*%YG1o}H{}AS14pBv@Sj6@_n!Mng;jEAt9(f3D&M5@R$^R@gKrUvl=HxHtwY zvrgIZp_B9Eh)-<6bR%<_W>XZPeYesd{?I-pO}11MdzW+tl3P%aq*kKw&KgmgoxrNC zbn)H|Hn4B4W^HKYqzY1tYV4VY9#>m*5wO*|EiDpp5dvnyr6tg5ObmBhzj~VRA-vRAsx@aM3JW}>tp!3D$t7pD) z?-x+F;FEJXTGZsOJ-<^9*>of$Nn)JBP$R9bwf$HTN$mo)|6K|wd8DAl!}6}wAZWVx zIfiV~uVgLoQdrk8BoMR1^sIWIMW#hQ4Wv5lb26J6CA|47)b%EbCy>GW@)1cjN`0sw zdbQ)S1o4oa^!3-*dU|X?@54v0lU` z#D%yHXNfD^tgW)9tpFb8qd!VwB=Y{kl+5E++0|;i>Hpq=o3y|oVJu=jfAx#=>g4#Q zbJPK-__}QBM@JUoGX=h4LFciX5mTRc;1xix5JaQ!>3Ga#v;Ik=u^_%NHeV*2UK;OM z1B==Ph1+hlKrL#^{S(kql$WUQ6GF*olPyXp{7HiH#gFoH0#zQ?9mA38;EGUW_;g<$ zAeB0-?Quou$Qgg50F^az?3FmP3M4xYd7 zh|z`osPw#;`}}Q*GL@HdOGEY;euXfbvQ7oc)SW83rRhIvZi|Dlmf#W}W0tWF8I~ez z1`)HW&fD)}<%$PyF>=~g(GMM%OzrLnC~C{@z`KCoavLx1ST+GgYi&3%#QK)?;W~|h z7PmW+qm25c|Cjk{NojOcI0Uf2(B@;xnayTi87Y+uLT+4ioH5ch2fpkqKWcZ5>_IBu`yMB6MU}Q+TDv zGqX0;p|gjr#wt+n_|+?9jNd3Tdxfc~_J)46P_`bxtlF1V%r4^Blpb3kN5RC0zOuI+ zD=#8x-+abKQt3WXXM13I8k)I1_EP?)pG~hSuKDtSoXM=b5|9MT9FY?W6Y7g{oRT(q z6ycW0uKyaKWK3&5-_!>1*mcT~P(V23JDmlf&N^D8Dt+9%1G&=zwi0^d$W=TeyeU|LW?s7Z{|9FZH zRlT(7IFMo)5IoYvrY=Sm35+q9aZ)zvWWAF!at`Qn<=18zIVgQYC#{$`aCDxNXI4GqDejE#|Q2++< z!uAB2R#2LUoLjaXr~z{0XULjauuW{~oRj_3^gL1qY>j_m`JsJ`iwC@#?6 z1Z+d2%c^K^r-f%kZyIJ<&YI_Be`S&TlQ1@HsP7wJ02XTLPyts8JXQF&J(cjr(gRQ-Z048GFxufZY;lRE1g8cH`} zDsOUT&rh;J-nQNIlib#bp#hN_DMI0+hd2JFoUZE%uLcCKUM8wX%-h4x2ms;$zMEFF zLgaEDX*s}Od9W*Tq_AVP&^o*Elf2x`ot)TyIERDVTFo|AWuhwgWB<#obT0FL!BW4? zXMUMP?Sv|i9o^h`;^S>IgCY_JrP<+9>6HrVZMEw95|R`gQp>gQFnRx`zO#}9bE@}6L!HjwP4 zliZd!mY`gbX4lCK&9Xst^73k=gG_cT6~x3GZ--Ss3geZ+IXJhy5NyyVXET!C*PDEi zkI}tV-;S}r+hD2uEZ&yYSiVy;E^VxXPYrtRM8O9^_tgG;8LObzZ|`74q`oW>`IIr= zvqQM2r)Oe%QKD87z3WAt$D1d@G5R_%z3BNGO&(JTk4Uc^ z`92Y7OJi*Dy*y`HLlpKVX}wTCIdeT>EZ1RYV#;JOV_JKz6w0NZ(|k4Mrs?jSp2+Im z&-07Vx*uXe*GFebZE5#5Spd4#um;Eu#SXyUjF@Z8aoacAmC&`iB3w_*yG+?4>ZSMJ z1J=Rre&6*Zsb0Q5!%dkgurSzbv|Hwy`%JunKJy{ZCu__R13=7gRDHeP+AcVQY9p)! zvZVU%Jp-+bo8g5Sy4vR}BkVPojn?HE93k3owDMm+_-xvXyHQ{)H=ZI%#gS6ha6bH03qxJA z!htBwVaYOO(l)>BXr1n)n0IzTORU;_Ah!kLlwd|EWPm;Ed}2GtR2vhFQm^)WndYDD z#P1ibpI#|pK()_~!vOdlbAqr?-9YhYtF14$!D)z9+Q zd4GVsgLG%K_P)>M2BHRN6D|cGgh>t$w8-U(MV!&8dE=%lJ%5l%IB$Y&sY9lWF{>kL+tRVs&PP*5hxLIA*|`|Z+k|rC zB1}Y?2v1d7T3VH2A{36hwpMEEzE&IEn> z6-nWmajb2IhAHu5NtpQC@_;QrprW-X`{FUP`1(yhslKQ7*4k=aR$%a+WXm-Y3k=hF zO;64<3=%efu_iX!(ADZYnyVc0sd?7fcnu;@i2peLrSX2uoAaLnTduzVija`=?P2B4 zrdtBZQ~HeL>a~4A_MyBNyktBz9m{UI_UXF~EJlWo7BqD|I&-<|^1Ce|bPrDIxO2s6 zzL8oKT_Yg`1pq;o(#& zwT0G)Z6{%y*GMxSpvtXyN)$wC~efgba&GzEm0-Rz5^x`LW39Kp-) zEgQ9nIVDku$ED%sEO@O#0)BEW>9S>eVlio3uO~@ISOj4l5W2xtRa4!J7HM?bkg-0q z|LV#+Q{)P8hR8t#cS2S#RJ8x4}!~DxP|Hmcu17sCn21l&{wddj* zD}7Lq2ql7dZqk{wprE_#<>n_tm-Vk$R!XoX--AhBF6VJUCe4elws?aX@1iL82%2=}iz##bqfQg%o?B=%EUJ_HMHPi7Z4eGiN9Kg^bI$-=-( zsQBbr8p}?!IF$0pWx5a#pSqEd~M4OCrx&`9JZ|G5a*>JwevZ@`LB;52D8qhJ<%d&HORGD8NFN?x#MdhIH!-fdtq+soY>;pX0uc3TMriHS89WLXGb9L~XpLZk55S z%xXhB?l;n@VIIgH=>hz$Ggl70Igy)9tXk2ZFy8N#0u>Y9M~3Z``&Awk%|Y;2$$6 z(gT7wDdF$&0F`)thH8Pb;aj#+CPbBP{o>y%`7c)S8kPT2D zr0$Ih+coc7fd-;Rp`oU9VMDd=t?8D2xo(AXNy4F$52rD&wcRJyjgQFIM+@oT`&!3` zMC$JEqTl$Zx^%q!EiD1~HUIhZiV{dp0z1joWwXuZ4`juIXi6Kr=xDyG;%c2t}&{sKg!tX$z zu~mdeux^7FKC5oy7q6;Tl@G&9h8q3loMs@!^qXkqz-`xo__t^?W_?xhxuL~i zKI`jrg!qLF5c_mf$6}A&cp8LUQ=RwR=}cIt!uEan5#kSP$@yvP9_2n;v(f8#pk1kl zJTBN_=F<+ZJ5FC9o@_S_&>#~8B$i)L>zNpC+bid9T&ki9fv0y`DRN}WP>D|6HZ?NP zu8WFny==eHwUP`>4Ztlt$w&whetg&1wWz6-f&M=drP*5&7-Y}iVI3j0+4m`;E_s@P zLeKSDGU@uh-;HFn`!p+}kP%6L`G{f8)s(G%wZ;7Ev~j-HUSHCIif{+_THtgk;wHE2 zn@Db7w9wDDjY|g+OB+m!JogqDKHj7JcMboum{G8|Gk{cU5Q;li+SEhP-)sDz&tLff ztJ!XwGb0ZJYV`WXw`s6-_Cm2Yf%PdM(91Ll&hv1KUjV5}c})a}TCD8~C~_j>oN0Jd?#1p1y|7P<_v8t7DnCzh4x}(#gErwC7XuMtYydt78$XdJXYd zOP|N?b8e2f#mhLM#X8$W$w*CDV_0Vq(DSXhX!x!h)7SRu4iowVjtUr3I8k4F{yjz- z2@5i1psfQj?=2r4Kft2{w9B$A+0xFE1^z|sNw)6A5$*nwc9kz(sa9?9 z+~Q$<@<8rr!%~dj^H?jQG;o<1P_6I;l&$mH3HTJ?J3V~QfVT5ac+e4`(=ZeqnSfY{ zl@|<0QVF&`iUiwrFtx^4mS`G#M)_=vxoZeEDO|wU)BV&@E1pz&e$?FdQGWkpH6L=t zE^ACw|3Oc{-B=rwsd#&vp~iB=4Ajh)hqL`y1AVk@tz<-Asj`75)QK)@VUO`Tt5%+W z5qrwKT*Tt4jxcpS9O=Z; zjHW$5nd!P8mR}*Z?BiS7cz4Jfg6-jlkIkv{efRlBlQE`<87dQ3)b;$-gTB#T3K<=} z?HL%z9{08(qAb&`k7~ZUHcuhBhb5irA+!*_aJGBVB~8ko-$DMoElPADg1seE+rBBa zJWXjTZ9eqmd;7`ee9&9E5}>4GTR$&-1KtxA>S#r6+Ba|2N~=C-zl+1is-?gP*#Z-g zz0JSed15sKJ@2B?dfX-AptZ;s5I6S~**p`2J22JrR8H}NV?#bP{Uf89v zsraY>b554~9}aSqfJW&IIUEPSG{GQ-LlJ>5KtaT9bh72X4)3I5Hfr?A-T(LiUwiIO5 zjd&w#K`H0trl1w`=fdm|5r8q{m)q5{L$wP*+EQkgG(`!pQJF*wc*O}Yf3Gg`NV&Qw zWK;-2?!4cez^N}#LeJ=;c820A?Kpwiv%ZB;UqpNLJP6437~C1FPSq^|?v8_|v4*uQ zqk?4A@tOMk;Z}RZq_KT-I3IZ>~vdQDM= zM6|ojVin%~^YVFaI|pe~wER8?$?6l3$rQ$=HM{|1_8OM+n!t&R7kCHD9A4Bllvgk%%?1BE^|Co`d{{?;dtFS^pb zhKR=J+(uTTP!PK2!V#aTy^btNAmOd2r^b@X2!EQ{vU&hg=6BXd$V8R^6Vmke377P@ zMMT#49nB96rE{)X?Kha;L;?W{XU=8`-{F{Z4YrLbWUn*J@`NG=GuAhy1d>26d|pB1 z^8Gc|+qj+boC_-N_hK_lhT9nC!J!{Ii}&Hn*QK<&`!+sfrfY?7)qkGoo(T2KRjOM} z-wD|jHHO*~jZDAZ3}rMmWNMSb*~fK2R2N*OknfHQr&QK23fRM?mM2Di(45!$^Hc2` zB7&xzM~#s}?(=UhwuL6#4Y(h-3hiA=uP5r43^4I&fFiE&Cbr5hZIea(9^0BOwxAO& zK^)qKj_O+=4_Ah?@!D6w!F6kz%&kSK&|(GJ&rOEJ|SiF79r$58rg!9SjqEtBr}9$;YB$n%XsY=^f8)_Wg+gYg4YtC$z+dFeuiTE zU8_`t4%tgjZt~BZdx(0!v!yoI{x6>&15FG}OA{2`aL%nM75@ElODaETPIt ztHBIztfUqj9EXr9D>n%`?V>&5mQK*7D(z^L@y$>h%){uq6vn&TC2f&(?Zd9Cm_vBD zBkICr(U}+>T`IiRz1e=_fplD&1W=U$Joc4TGE(4%5X+9Gn9#4cQ{dqvF8G3^oPAYY zTl=I|saRExhr8E~q9I^I;}(7_e3fW7CsmBlEEfjdNj2lm8s{5Z0#RqvJ$UrfzgsQc zX{MKKLgFRekjZVsZ#o#7c%14Je71e4Ndsrt(i_*S{#C7WohNYYvB?4ud5B0#pXwFe zHXGzpY0T~MW2qlkM@hO|- z3%rJ|1y4L8OS0V5?K+5IUq@PGPQHvFWeTQ+G$Fm>ZmQ=BVS7lv3(gPnma^gYV6=+Z?U-e`yo9lV#R!dU$7;%C|roIZP(*oMG&EdaPVYuM-DOYiqfaZQo{8ud&Z4S`32`j{e>@6brazIoM*Jwlf4v8JKuVDvI>wVg3sp~2+A4( z+ONzE+X**vjW3NULTv6Up1YvdsrWTk4Y6e^U#ZwD_t~KSCF`#QONM8C?!u!h&E9kJ zM_*3rCz^IiSyU1oP78=wJ_^5Dc7kc|c_@frIZqTH<$AM*lg>JP?PCUr8+EWqb=_j! z(!2GbU9(_gsOaPJC?btYC;C~>wL4snF~{|bN!eY4oup}!kz{A3VZ?yS<;i|mdLAE3 z6hKLFA8(*Zi5mHHwn&xvDi!)39v$I;Y$X6eNk~Tbt$$jkd&%Y9G7!DKmaE^f1LXK|d99z{d=2vO)1Lm43 z3)3`n+Q+Ac#3H1Xkks$coSEjm3WVuS4VV>RJc=z4O0TU zyD>4+;iYKZjYb6<`I#W5SpnhvcbiJKt-!v<13L9zXJw(Tli!`$UJR~FRj_RxYA$dx zvNnDmz#BKc`l)YX$55t35E(G=h1;k9{0qq9t~WGA7|*+B2dqgB_hIkljdN4O-@`{F zMwc3414J9ndKnzQ7Oj$E8~v#kFG#sC!@Rvu{nTC=FL0V?pK6n{wBpM+HA(xRrqXwwuVRpNLMZ-Yxb+g(eK&|t#U4ApAP(i&w-*F2bv4}UG_ z*r!|5!%_P9=3%yUh#+H{)#tMa^?hb-&Gq}(2leBZ8Qo>NO&6xj5%1A=oe1epUKBnY ze_%_a`LRkgb>=6FgZv8C6E}J87SaHN#iC7Wi`9y>GaGv*%v!BHc!Y;f3W4 zYt>AwP%)&9N{udvo8=xXtuuPnyG&fAhB=~ms@lKO8X>p6&m%9C`VAbt`qR19H*hlW z*ZNzt!RT##B#>(vK7eBpW&n|f)bcLJZhKpouMZetoLkD#ePz7>4>qo_1QkA_u+Bk%hlb6&o-#LX(!=p>RT5VK&s9ODeeqS+D<9xi1e1fF}aXz#d>dF&uy`;EnR z3dp2yZjA3r+B5|P)i|Yne`(iG=H+Xv%ZNUQrI=n%z4zRetTW$0?y-rm|3MgTtn0%mD_~E>l8PYX^MeSR% zda=_)7zsZW+#JmGnKGHN`T@R4+=nV;K<$9v!mnZnQ z@Q0&8$|=%8=Ygx#^7ikDCKd0k(woY)O-&dBkS#vb`XXR24Ax>_x}N@J?yk$bH1`Z{snM^v*e{NKs|oN$+^>A5q+QZ0K^v@0j@HJY1Z)6<(15?H}*~wMwz^PI-;aroErYAsb2!eUX{M*b}Ho9kCyc6zA=bbfxI5KMqWK= z5RYj(*=sL9m}{@U?|A`$h6FIi93waegqNRyLUxH&cI8gPm}ZaJT99s2Kjs2V`@}wk z;`_jU-td@`30=(;Pw5DL3t!W~8470sBx1QmE>ES;Kf>$OFnwp@#&S4T*Vc+o>olwL zMr)lVr%V&6Bn-2U)(Gr`yQsl0cSKC&-5nLY0f99a#8tHAT)&We7GA%Q?()szzU)s& zse2rjZf^G@L#7`jmgFCA@mdYxbW!$Gsh2J{>^x7)cerXi%-Yzx2x}Q+E{7NQMH!ZV z$EtESu}=c>wO7`coGFyiCXFjPH|s7Xy)t@(_?l-r ze!V_SdGTIOeOy)#u4UPlxV`xCY)Dyjvh>ncT~AVZtKHXFO;hH6=s|WC0M2sr?Ndhm z9H169&a`&3%(YqT%o{n7*7Aw!5-~!yHv|Xd1m-sSQ}R8kLFMDb1Olh8__se9k`dNF zGnF4v*8zus=xJNw2aN*nzA-H76V5D6WIdV~eTJ4QC2e_mn!ho71D6L-9EJAtb1rA5 zq(f|QFA44_V82N?XN*~o59cQ8igKE3A-aH41W>kWI^!X!w0#zB&kXKJbOeFe^6gu$ zAi`%y(zc9C(-*r9kr;cmEeW`&WqXCvQ_9SnS)QuP!`OIGp8j%!m#Nskz@1P&xW1 zH0?|%qC=hJ>|n^H&}DfH)H0z&I1ItVMue2=*e5|KrNyS&d2_3Tmq9>dREU%9(-IDDXr)^AF zIIg%HL)_np1pLb?<7obm!MiQ>-`Z`(LOr_U>n#*%(RB8GS@b-`I|vD(i*FH;fwAzs&1K%+8Rs36uegfuB~Wo zu2R6i!_S@A0+^Qssx7o%8Q)_qoY;JAe2=``!dmpNe{C)5@wk}{)wIHGxZ;e;1HrfK zNz=6dLwIr-ZmI_K6jvYgf^85bu==bj()m(YqT=B-RaJU>@&fZuJ>gPCduTcr zuA2u664$Z!#_zDTL{*_8h%(Fk3HJT1xkr(UJgZe6+nXXnx>2T->^eR|j?Jr!+L{ec zc|PZLYce0$R^nZdr#Vu=Feklll+PZXOaIhhnwXBfz*ln;o~;W>vH^Oh%CHU%iJV$D zKT0*b)nn*cGc~+e+eUy@5l)>l0ETCm6I5CKey3KFNoL2o(=?OWD#=;6Ygmr>VT5;c zw_xbbxl=Ng^XPN6b`7KEW|?iHy7}2wKNi=`b0d3o?1s$L{MA~D7V#}e;jLU)~VYx574mFrk>pVMc+*sadA$JckJA|x2OIF zk!Z*g+|0ZZKfyLle0^d1Qt$MTNVm)*7O%1Sl!~DgaGH;kmA%A(ercA^lf8*KQVr&K zcl%E3$6Z)rOL5{tTAIC~Wb*1JY>JM&9|3+IWXTH%wminop;G?!_>$hZvz_j{_T%M~ z`l)jkz{9)P`xsHeIF)g}N2DJUkyw&3wk7p6L_dG-KUnV~_H^xOk2A6NN9BIjXU)=b ziQZu~Wt*6rrpiu$-Zj&W?c8kuYtrm2bf)*@#159rq$l#(_b*P$AhX=-2=fgWz+hi+ z6U(#Wi`9xrC*v=*_Dy>e4h5f$3Y%6t57-@@D9dMTmweZ=Nb8|+!~?K$F`Xe;Vj$}N z)Rxe1S6k0)=ThN25O?G=GIww*C5KH*fl#*F<^%*@RyQI%bE~!YVb|{$&T7?7Gx*>O zpU(1JUrxGjHc;-Du3kR&w;nLv5QA}ElyNuQ1rUFvVQZ@v?LLIpsi3L~03?`r8OVRw za1wlru{bvzW+U~O?Wpq+G9Z0YUOi_Huw}m!!OaM}^7>ig+-S{)v)RrRZR36&R*l^)U)u~- zFPaVxKrz1&0Ja-^$>SQ~k6obeb>`}|k*i(^&G|5OpaWlT19a^JE*^~wzwgpaMVmPh zIZd)_IA-HsNMB16&xbfERd6Wg316bB}qLfY4^?Du0YF(xUumJjntPK#% zZMvp2SYJ7@KN(0`;Uk`Zo|~IrOmv{hC{1$CD$#P{EYobz1Oha81TWcz^&zT@jqeWt}9)kk@v3Q=g>jztjTNRLgjf9_?Co5Vkv~;Ah*q2 zZZk0odv*Lc$aT^xX*cQS`2OhwXI|`ZfL-ZeEhj8ZpKsjM2g>kElO~pQt4i1=u*}ZB z?WQ_Q?y9u2vE*b$E&o2Wc^j;0akt1(f_gfjj2$p(!aF$n`T#{3A>!tIziB?^+JSw` zUEjd$?j6#W`N8<)Qe01FT<48z;)2SF%b+Vdo1>L9IZ1jUsKQUNJjwT^uq4`ZJ~1@2^9ss=G*V;J{tC$A8!N(5D^}+ah|$| z5bh}6+u_yEbhOzdK=s`HHGVTGK-l`Us5CnL!Q00l<^-^%R23eOkRyYQI?pG;UGGUA zRGgf*o>v%o3i}}EP!(0;*oLj&SiE~X;NG8{HaR&t+t4)0wcr<@*03|QAD+S_YUXk^u8a#FH%2p5bDXs{j2Jm z`B?qzd`MmYF?m@_3Q%PB=o)J=8_1=&b_~f8dimadxnv#fg3ozvh;L1=$d*uOg(l^B zGg5p72&DnilXx&S;A40rz7r5XK6$wU3DqH?pG4E?hwk~jg$uCXNB%r6>S?UO9mRMd z#dscpkUL5!_#;ycO28@h=tq?Lj~LKZ)63#Qr=D4j0;=PkM_1q8db1%0#;ZxSKFe$I z^yOe)7VpKysYoq$GQIYqUa8|s*U@j2yEzW;2vS+r=lLR%@^AL z(9=8VsU*{1N&~`YXr;?xCKB)ZE|n@AHLo?Dypu19~T5AL`u3O zrI8kpk_Kt%?if0yK|l%V5-I6!W*8djkWPmbB!>a%hTq}&ywBtFuGio9pINicVwgSW z-22}5zV>}xm-S%*8;^PAFPXGRVlBxapl_-WCbAtCyjj%wVXJkk8*qK9UfqOq%=Be1 z`X3Y>Kg;wQ3pc$8u*#GS_FU3P8%k}8&CKM{IrZ7A!8h>!p%dNL50ZgtR`oSWTtX(x zZ14+V2pPJdf{EwvGqmllUmO#8Uk{y5!oqv0o1;?_491 z4Q)ZjwDw_{1mH0Tx_49Pr^4bivPtH6%ZvViH+_M-LQ_+%-$onN#LUu7-uY^@K;lM2 zoBGBg?$_*eBgHfFI5Q$ph{arw(4N1fQ2@V2Elov|_2@3$s{^4Pot!t}bl!(pDWO9; zuqM>1u{+~#_QHqvaYN`MDkMiT_6Mm1=clyNWrTg)T(K4Lcs;*CKiI&hY2+0Zrw%PF|veF^Zcz!d{FAOx0D(2dD7n(-hwG46i2r;%fkj~j}fi_0#l{_Mwsgfzu?DL30 z_MF^kL48`DUbt5d^8Ct*Y2#51ya<~2304nMI9+tL>N<_CYuer>+p1r(DvneZJ%5g< z?iK4@2vGD5YQ6n>!3sT!$F$yTl}H!di~e>S&52)k)`kCmLXqDPZm+iLh2{hz=X~&+ zsqil{$gDJa7i)XcIck6bIVF;o>C!;%ll(Yo;MhKeXc5pLYJ(;Bt~{qYtt>;JL3KHt z=(m*HgK-_%7QZ%6p;i8&;qe}FH4c!r3FWixw@U%Hy@RBqc3OPi?JCKQm)Dc4Hp>-$ z66r)=SLRp+>u3`pHWLxjF^!42w0xr;`)E!}Z{dFNMMZj;_2c`UF<%TWPal&g43`r< zYm?&+xK$XG!f8G=Z2C|ap6nc{kw5g6Jo|K$_I@R3COSA<0%se$-57MQ}NNh+FiaHj=gS2ZLze})UU4=HJJrZA^U@oZ?%S1 z>yESW8&;TVdy?U1EBhZ)M4#EAQid_K6FApM78};` zec(F3W{Sxk8R5uFX8SzG#%~~pb$?I1-X7O1l2K3Xv?61xO5(I|QE2Zc8p+It{W9Z- zDC5J++L!V7JjX;8Y=)adC*yS5+zcp!uF& zD<4g&)3h6v?0tx27mSf6_k1mzxBk`=Kk}aE@is5{ng?mtAXD8^tB*R1f6T00E2zTU z1o4rit>oU@qo|p&I2lUPgL4+q@waPWrlY-pwvwzFgm#h8d44!^Q9YvhVEc*pRd|4n zM|+?@&-zJPk@_?ELs}2A?>E<{qC7u#9}46g>$4?q*5jepL-0|cU`6uPKa%zASWrsD z1NHhY2l*c`YX|D7=|Uu=+wJ>ebQF@&p#3?mU=--<5AhoAgQ)2MjaGA! z=GXr!zZmP$8%IK}u4Pd4`Kjvfc@hzJA~+fK#Wo!{F26^SsRR9-87pr?GW=B)DT146 zkwv|}U5~VBuSkcZF~6JGT@X}fuIzk5XqPW)HKHzVq^eqdgQgo2<+EFzX2w8?vNMXYu);sz?OHExdP(k@FL;@9zOKdyzwWK+jb$vsQ`Ar^O&+@AsoCbDN4gziVtgL~ zlY2SyUAI_=L$*e<*$jNTQ4=#A(4Q>$?`$ILBOQIqOR+hbM;$0}FD0DJlA2-D;{n*9 zYPtf8{H9kId-^5C$M56xk&@L{ANSuv4ntB8>#Lm zs-U)3A@zFp48~g32Xf}Hq|)ipNgHk^&lUoEtsIdoFBlqv3O?u!;by@3p}9^S7i2G9 zJsUgH3wXptXqFq6cFbMB-<1>AMw|Pbdou8HrsmU0y^gE3QegN|IKUNdR2I2S7CGC* z{O&$(@?l3A@Y$N|Z}OBZ6WTi063{*NX4{=FZjruFG(#$HUgCG`->4=kY1c>DhzDx) z@I0Zdh8gQnNvR=QNf~mFrwHB`#3pZq_6PHb40Ck?bXU3~IbH-`oGx@%bU-rkKb-@x z1>n&)(d;$t19Xd10)BAMeqp1NN*y=LCG^zw?gr;f_tLccEob*`JtVx5H;(GW7W%~A z^79JEhsytmX~AozMRyvkU?sTu<=W;{ylHFWoSATMIF&m_>e6W3+aG(->S{{Ms36Cr z9%x53wnaHET4JXzhWhx&HXc>(_!PCib`dbTNtj4B*{n4P=w%XeuB_aq(Hkv~e^87uJ z59j==C^YEY8hWtY|4zus7XT@6Rb~f}rB>l?a!wwTor9Ebe{l&U}xl* z4H)AUzd=bn$b|#jwFJqH#A-=>uXcZl7dh*=)GN~N&j%vYVkEE9g>D_Aa9|Jv(17h^ z*ns4({+vE!!ZCR~=k?-elyI~c_O+9SBAy`~coubjmwexIrfMj4(oYZ_jIi2yh@|kU~9SAk9_0q-2L)N!! zGicw+bsdOq=~+Tv0APZnu9= zTxLoY&X`h70W+@j+M!;Kfr6WLxE)(RAbk^!zw6VnTk`6pcI3ra|6p{Omm|exASJ$6 zTQrqx@WEr7kk>8rP9uKU6HR-%W08QPvM<05whjNDE6{?ExwuE_1FEy-LU&r57rK~L zXXNMCvfrsw$M!}fZM@o9+xHBVtnxc7_dIXfI#;>!hZ=0{zGa0f`MWl)sc>aG&5wq zePkpcxDl`*)pM;xPJL3Knj(OZR5`u*kOf+#+wnc>-^f5K$6oRjio8cA=s^SU;7>M4 z+9s&TQ`KqAy%QvRD4-xC(vC6bw3^MyjAS+=xl>U);a#8GY@abER@tcJpY!LSVc&~z z)Cihbf}k9saHvYo@a|yFz`{c;G_t{k>83rx*65cO&n-eT8-@tm7J{Px zKeafWSN3IUWWBSVgAR$VB$Qts<|HfdOqfN#oV8i?tkCybplD=ZLRJeuB4smh?bH@d z#>4g4v7dR*ga38AF3ZX#uiwaqDT`%yB!-WbX2EgkE3=Z{O+FLMvFlf-91VU`0-B7~ z)x|@pCb zrBG*oha)$ZvcI9uo-6P%x?uf@mK90Jp@CEv=D()igqwBg^3i*DQgLZyX6dD2lNWG^ zs_Fl+_X%}H`rNZDr#k6UkC-3+OMCOBLI%$L0ve`Uknn35?NeOSLd7)PnZTxMG57JV z-rN&hA5*Py`}#%M&KO~?yz=yv)t)6~D&Mp4FI)hBoyWJ~QzF0HK$BFYg2W z$scKRKKMTa=uIEqQ~2Ja;J>oIc9!~t#2)LzSZjIRJ(eq)FF@YycOH?%ya}F*c+m#H z$*ebf5}hBYy7$53j&BtRt8G!m@CQ9$d8vgI;nM_TM?xuKycYraxm%hlEnt4i7J1_`{u)$ zbkyiGCp1hf3*qiWx{Dn(2uIAxV!TliNEPb^SGgohl64x*RYG6tBAsdHl1>qGvHhGT zv+WVYd1LKLr`nX4ZR1=PWzu(-!;~pJWUffHK>FcscN`(Tt~ zo6Z8omrAWSv%+Z`7cdR@TPM3s2mKrX^Ej5uL^v}7;#OV|{fb>pCBt@KQP@ykYvR(;Y3!<%`@+(fl zW1vGeuxY;pT7@9v-rpl*C9ifWPS-md`*7o`OX45-VVMmISd1vk@YfNkdiKqC=<}W7 zPcIr6Z^9|&(mc~vuB#fnw(+wfv)VERgDa(tY#ZDBnY+9nd#@96%-Ci{ex+J!Ah}@J z1kDP3`XUUU5SdXu@*lYlTh!|;fii%b1(xB5^~%m<4bPh*z47Ew56JHJ~%Vo29eIG8(sG@Q3kBO z1U}S4+wGU${NVM8;*P{lw?KVtYdYt7ytUt~{?*lSslxmWbVPh&zH@y&6rQ4NS7GAH zd2U-$In+Sxi=LK7l$+gl-uN}9rEr)>(_p68eg36uWC{p8GPNADH~+{F|A=>o{Pk$2 zpHhT@YlM0rON=zOzC^g+aYmN68J5Ki-4^Yn#SVrcZ5-(P0G&f=jE2?TTMF@Myt5?c z7d0ibjO;A=YJ?pGgu1FK50Bs$9)1rURlmKO$jLEX*Di)XCt)pdlX+Xt{?f(QJUwT{ zRJejh={2CyU*lDI&r=N8^^|@>5FOAC()a62st_y3gI{?4Y(OJidqNOrBZx^NF>SKK z3B6xGbxN0Igg2(y*#hl)PmV3;!s>26I>#7Ggj<$wg!k=flGLWnyvPs^mS9A2 ztZDf6bjnl0nzanQm9+H)Hr879glDAEZ`x^ZbLQt?+AcOTMYY~=4SefE zgU2A_gh`5tsMB{}+;FTgu7|QRr1;z?A;HV*yb6w&U5$8Z&~+0<${TU%^EAF?n>i9_ zgMD_}?-LV$yr^8Wi2VaZ-O&4{-$*ivAd&pcB&u1|!bZ80G2v$``rbY`who*y`Jp-H z+;!4`!|zC*#mUPG>}~`vcAwMl)3ke5^T6_g%uwX8r4=3`(d=XaZEy&)_9Qtj(rmk3Nk^Nfge)hxN%L=pe&BR#OLrY-)9bxx^ z>g`66iq-X0y=MJVzlsL|z8jXCXVZO)WLz$}czyJ3C)-RdM8Szqg+7Yq7pxFWqCy!nR~TkZDSubn01Y7KF8#jhRc z_Oa-6surpm!Uh_eT`$)sp{j3>a1m8eZFWqIITob{jG;u4pDhYOc^Eox<=4oZ;@!S7 zJ(uyxeg=JE&h}DgO5T9T7FnCXyRSpB{W0GkF}53&GBD;XU(N21x>eD^6gDFX0k5F|Ai= z^~pukby5?rZRbjgk6;etpVOo2{LQF?sRxFw`(i?E`;hf-raaX!L^C7mX`mL?$vw$N z<+olp$-ky8w~H4j|Q~MK4f`o&HyNvO;MSuY3 zqac4t4!V;Dy{$OwMlb!rc2R^2%fKM7nz)S)Nm6p6sZIb7VoZV?RK7l?&B_Ezx%=7>PNwlUR@C`ral>uth?6CcYmc_?~5OWBs}nu2GZhbL|9ok->|JDgI#HnyRKF3+~QxeZI?kqB$Y-%PIM~jB>X!a8m z6HMH+!Q-TPDkWD6Htms(QR12|=wVT#=7@Pi7Y^{HFl~ zX#=`lWGqZ|rHaU)>Gjc-{6Y6V1MlN6mWt(69y0~l#F!}Cm`Jz}IP@U#d=87RLs9k4 z!)+}{=buJO)sm2G0gg%P+v5%Qr)A-TNWoM>tUwHU&Pv3D|Ivtp7_Ez~9UPi%I)l41 zAR^NSPLK>MXDt0vGXU5QfOD3UtI+D3%hDqvB8xuOYnJIZ^+M_iIPGn1G4c!Z)iE5& zYJO?vF1etDPv$+5S5kZ&{wuBPmBG})Kk$*1`i&|w9O0SQMp@FVr_{og-`1%QIc zA)^DDqFY56Hacv&Uvuxp2Kj!8bSU%RjqkfOefFu#hz-4Y)+tc{2SWUuqcb@yZk>PhF8}*Y9C`?blg?&|nmS<;tYdUEO+(+P-(A1>vvypr zF6_->L|Afn9XYyI7gSAOm7QkZg>b0`Ed{lKo*t;4E)FoF-w#?OnTF}fryglErKgNd zQDPb(kmhOh9bU^pD&xZwyEwsAhBoN-<(yNhBohv$O0tG8)hm(N-_&GkURmrxX+mii z3+N8p63q#h3)CbC=L-%ryBhkLnC9h=>YFS5B-7J#qP06wNNg9^N)aDEvfT$QYE()$ zbC?_lHF(WwC@h-Ksq7t3rC}eA8FM%#b~I`z1XQa}{j;>VRdWMxW4>e5DF8m$u7}@8wgY?`A246g ze|t;Z^5H+{7~fHQphZ zic#e{-gkizXCvXapNt^BSZhD+a|*ue zOjfwN4t#rEzl~g()VNL^a6FiWm{-2pU%E*~*O`c=gVRpOL|NENwt`r^IK?mJi426| zc!|B<;fT_Q2@$0vsWDZiJs~744n?~5-Xi4qJ(*NyP=GFvgfqE77mlt*?D%h|@@LE+ z;?G)T@s?y(FezKKXj%vT9_x6=vQ*GD?9ux83e(vm=#EdWaZ6wC#-PCSV+?J=ag{XZ z#Cn(`E=XwcC4Tfz&H9!wCGa?n@E3~=-=lvundSh8q1m3TVb zop$=j>_2zXH%912CxK0(#fH7WdsY9sC8iS6xM5nQmFvp=5wW&AsET6GnG;+&?K&(p@nXXi7?V+{Yq+a} zi8ZusX^E}}2(8oTjWqu6T$5?hk;RKIw2U@Z%gS~ei2oBX4L*m4E(I5`^vJt1-RzSB zAlhm2oj+p-6C9UHf^M#_;GcmD3*V61r&y$H#crMB#9K3?U2fGVks}w9&*h2#BwK{?%O~Q`$ zyC=@eG<1JlL|&lH2IyUSh65W^IAstRrPqJi5s1)O@I4(=C%~jK*Q_F(xqXd_vsMfh zS^qXSMECE16VyoiR}HJzs*I-*I5;D9VJ_yOx9hqojJp6xh@E>6_}xluFLCDAO+o&KcA# z1R@>IrPWAee3{HR9Z)wE6!Jcl6Vs^Syx@zdO zZrh2IH~C(?GLF!c)bqDfbE!Eq3%4cXS?*=oZ;f!gALp3g!q%vf@KRc(oyBas%#Gz( zvu41qy4<__5PaytV)sX>ThqVf3Cc$Cey>(Jcf4s*lEgpO4Lh4CEBMPLN{MFBhzCih zY>H(`M4YANaRhPY<@QsufaLZRjf2Xt(3-{Cw+!0li04{%&PusI4l>zp2+U4edCLaW z+>Q6Jc#31_QCVLoYAlmF!3Y-zpt_VaeFV7WXrc5MY`13B|M2gV%ex7lX)r3ZOo zD#g#2r>)167|>h}>Bjq2QXY&7@!dgyRN^>7z8mAI1sMB0HF~|8|1-KbM6U z_qJa z263;3Nd*b^pUrh~=8+BvWVQ`zw+QSOJu4yzG~M!{li@0wlF)c_bsbd)sTP8E9c_fva>+IHl}w_%Mte!B z@v0bPfGkE4w>^SG&F=E4o}6atPFP-YiHOlc&qq0ofF=qTy zePTfh8vp;f)E%S)6P zla}?M(^ZgU_8uLz{H%c}qJK_+TfC6>P6|vTnp7SV1ePpJO5fls=?3Slz!tz6XE?;) zYKBPWzVJN~Bw2|pF$i|=5uPh}w6P1Pr2P`_UUFYunQ*@xn(t>pH(Yzhmx`&;TuP9X zu1rYUn53DU(SC1S6GOQFMCyYn6{5M2q~`aM{I3d*6Aw*CGz|73z!FqR@QZ3^Fu5{2 zy;*URM<@~oc2G)9-J%xGFJG8n7-62sB6amK#CP`pXvfCfHxal~h@zqSixmBKRjY(C zfj1t58Nd(6~O!PYteuwy%R{URRP8#ARB5*~z z6m6cj>T*wtg3@G~ah;3(66747_akV}mk58z8#=JcNqh%5%;**b{fg{_@ETbySU8Wy zW#q&8ZdhM5y{@}&EJmv{J+ihO^_p%@{#8eCgPO|ZfZvo&sbP05Z1_Oj^S*(7mfN5i zLpU_~QvPVp{IMU4WjtM{Pz`u45>4xUN;5CXV(sUxX;NC1r>-d{LCLlXq(c3s%jTUP zua8YAY^&OTM%FK;oi)x0tT!z{OT?Bev0dgt&?tkio-)7GFNoG{hD9v!EA8<5qKK^-tp+0J$s`BuLO?p z>6yH}eVCFPd%?~AMS`r)-KA$Mdd+^T$GnRt`xojN2>j!z$u>bh-tSxhh}>dx1uI*M z+c5p?W7kW4;2l(7S*Fg6<#Wwx?O|o z?LUo^vnOb86a)3Xo~o$1)wp0w@5ML`HxhLaDY+=qI~hrm%K81GjP}4Be8^s3H*Q-> zuW6R0RcVk_pju*14rk_YxexqWss^ovL~p;t^%ld_?G^-x%kdz;01k3-Fr53O5F3^f z%1>nnv@RMhHG5TlDDZZ?{QND=SFWy=!7paUBgd8VIA$hG5_We<1b1l#K~`D04*@Q1 z+hzS#A8(cRC*R$0#nl*$w66Z4?M7jJtHE`YvNm=7Gp4g6X7$x`NeBil%~8#&0; zVX?Zo)$0(@G`)a*d$wI#+~&njiR4ffyeJtj6=$rv{64Ylos-G(dLq;q0m}B7i2yhi zkHegF%m?1-5iG&f^dPha=17u|WSkj`_@QT8+TzOOaTOmCdB!d3Pik^A-zUDc?B(x7 z=9{G2mntCDCN`z26Kt1sC=TD%e6?J&F|MMgz@g_`+Fjwoi9;MTcbM5o=aDfkrfQw4 zEsgx&+3)`Vwy>B$+OlH=1046_VdIUxBVc9$CpH~l7~!HWMUBTn(&Ai3{d*c2H$7G1 z1qg#IKb|tg|D+7_Q=nsP2M^ebsqM9DnV#0dEy$qxIZ~Q)?Y!wtsv&-r3uuaewo|x= ztUCPqhmS*oXORyySIvN)wzbqs7q^M#$}G9ct(1=avC0zUkDDQyZ#v< zgj`|S1)@+lWNkWmlV3QjEZA?@E--}3V47lczxj^}MqP^SIx@cy=y#3*Z~k!%*!cw{ zm4zS5NcVmNlmEJ(VXvN++|z>1t!USKOf`7r)4Wj-v&B@fD5cRvloA4q-H!)#1!}Sf z#L~E*39mn5tNSse*%+hE%=LWuG>^_OsW-| ztvdf#?|Q7odRARCz;ctN_s(jS`cKb5EC=Nsh}b_Fus_KS7W}<-2i_yv_(w|Wzu!nQ z0M0B)?B2Bz8U@j4Q|t-ydVVDq@z}BoI*O!nAuI;-D|)A`Q~Yly1_|?EtM3M1aG{7X$&aRp3Q{qviDY}V{W;%@hJtgmga|nOgc+akjr;>?%Li&QwpLL zJ@KGF8H7x|dg{hT{keZxH>6CFRj>8E%K@M2#15Wx)rxCutW=ChYDzuA-%{ zrytSLZ%qW4SLSr++7!KB@xPLMYNOR}p*CFkMwP*W;Elefd_H~t8*Od61#7W3!^ZA^ zRdthh{+{p)G-Kc2H|BRp23^QMA8UlPrCjf0Uc9aP{nvJ;Ytr}EBNBvYvcHV*B`&g z8s%#G$vZ!N5cbtG0Tie>*X+N{lBfYmyW#tP`W#?%^17X|J;@>Y>2zFrN&d1TYpc-R zba`BgYm}Z7c$TbDRKXB*k}N^fmGp!LvesiN>edxVrO7||zNK~Rk4@(;wGL;lh5xB!M8YW| z4O)hU8U>&^U2lH*m);}*Lkaw=cKKag+(V8-?_zIHx?#n^8jxOir_HV*ZmTlI{7Qc+ z9TuTau~afc1McOh@K)FarN+;M@ek-fmMpts39<4~h$p(#D6ozV0#Xf+)+!05} z=_m$!e>ZLcb}U2s54v%cF7RmTz!9B;8LhMbES2|yLeTo$-}{xv$5Olf=ZqxCK3Xi# zJ@}U#beign1s~U`6FvJM4Boi+4&9CRyW;f0xffJ|*WPHS(VtEAcMbrij+g;{JJ{}} z4B!b+LG0$B+s)KL(DFf6r0gd7OoH}XNlG?2rY~ECjPE<|AlLs(%=AfMVZbkZ3RG!S1rTE>P0bnk;Z)sk668O zbo7AImW)iADXazoLP0?GyJ>U^JkS(f!)N_PBkh+5qY3@{(f;SXiapA!Y2qAR_j0LUS^L0w0%|D6@1Z8%4Rtf9x9*Qa{fM#x zNV0)HNkL15-OUTO!}P-7vo75=SkgUH>lH)_N2GI6+*SGE|?o5|GROX=Jo0rg}1AfGKZshLrtW-Is44>u{F33Mw3(ip>Bq z=rXRGxN?Y6PDBL8LTOQzCK7W3lqyB8NuE8y#XmoSi>dU>N{t#b8&iHq2MvP%ixJ1d z%0J6H;CcNS_-*cfD9``)Ao{NbQp}GYSpF-%F?UCmF?J+|S60 zl2@wygCHl;4hjtkp8B2!te4r-T|=^j!R5_4dL*=lKgy4sSsy%|^~itx$NkQi3$&05 zUddWaBnKWY#($X;{=c)yQ^0=hle2?yH(f^(B~pHQZgWzNu}j2#Qtiqo(p=q1=auHE5DOF5{_)T*jb|_T^bORIq$gs zj!D2|3E1a?68;FX13RBr=l~&z28UNpM*`~we=YL6N!gZsMSl}qf+vJR8MU=sjI_dR zFZ3n5%O_rTMBkmgqa+07ti-Fqpbeuov2lyBHDp%0UNRE!ofin2aN7*cpmQl(v(S+! z$zeVUKXyQkGqK4eav_#9uR!InKu4*y6;Yd-;smYYn{*o_+U?u_V>1#eU2;^xd_wyJ~FgZnL%oi zr>dFjCZu;?FQIY_J~%L7bKT?H3y}EKiggmCm0C|cb1s=%%Z3(yLKD-|CCfkaulrv6 z29$4%lylu&)g+vKPEWV9qP4r;pv;y46WGJlWTm?Eqgx8TrzTEU1tnlF-8H{p*As)} zeoULf)Kq@*j10Ukluo@e&@=1jN!dK6&$p;EQ4dF^T7@H3tA1)aeEv> z`FV8egO&$3C0R_*9Jw{#^!b)eHcIhHwcb?eNoF-I2_=!}UbY}x?6N4A;E|r*AlK#+5u51CZr}{=2#(=(m7Gj1bA2&US@K^dA zjaFfy7;?3J-7qr=E~~Ztu|aCYErd9m)cFs*ZVABa5Jk*^pKUtxOet-k!GSW+cX@yE zXni8O!{eZ1s{o5-jF;hUG39*I$-S~G)A|eu=JO`q*2?oF=2=Y(3sizTfIZ+n(ZNM{ z9ssa6eCYmHGMFR@DnWN*dD}9gtDNGF-VmCn6(U#jfRRYjcOma`x-M_guC83yv4J)~0b~nW z`=~QDysnafGSTXGfYL?F?cKZ2+7vtw{AWH`LMV|c8YJ=vhohK_Khks[%)ARDU3 z@#CqI5eD;^;Hp1wU|4}oU5I5F&ym6~&oW0=@-^Umf|vp{XtonvHKPo$jwoJ*lZiE- zI!O4pf<)AJktrK57$n;#8~iYz87+Abvg^Rp?|0-{&F~!$N%dx}mCj5|=X}|$0QDx* z5y>2L_ES+fjJ<7|RxEaoiqI`p5@+X`UVjj3M+31fel=DyS5}w54`bO47__OQU6i8My3*a?JQuAQ*K6Fb6szEct-C&?YaVXy(6t`f&^N6ZfN&(voG zB$s32LI*wV74?JP^fqf%EZ`j6XKQ#L2THy8v;*AZ`d=WOrh?siK)9}*0IsX)fAr=S zufhVf`)OGhVmZ44yg(zSJ~t+VXP#aO#{gyzA-4}W9_tSdWL+%?fpZeyh$2;hUjh2X zx2j@nz!CNnq7;?I2Zm{@K#Z1p`v}8N1jeq1(&~SK_cb$0zmfd4ENtWd6=NAx^Mj2c z^Zs$AG=Oua&sCdG%d73XzyfUmLNzTV<3vsNPt5`?<~VsuUECE71~tD^XGLqL90w(c z5dZ=;fg2M909V-wudJid?%lmyx86p(C(ox;9z}`sihVRjCJjbYDar0@O$IA|pQ-U^ zZMAo1)8m#wAr1cg10za&$cdnIl$fpuq6;|CVN&x$%)ucE<@s3nY)(Jbaqov5Rb!ny z*hjWTtrR^n`m%3G&Tk>A2g=j*QGM3v)vJqz>1dDrRJTg*&FwUc?q&~gx=`dhwI@+V zSico%M)+`gMm8S$BKr8z$F>DX^XMGFL|tUG-p4OWr8L28VRayi^YMEdB_Jbkz;E8=}C~ADn(P_Z*46!lD$* zO_A-W2eJ+vu(Cen;&7z3pM{18q-(b01}ZQK3uj~zCQ2dZz}b^;ZmCKMYl@s`Pot96 z&U!1NxVRX(xjS*UC2ir5i5E?ryu%R)U9FI)^PPHtfR+XrlZC(JWQez7EOkK63OK&c zcICrKf9Sp=V3qN0L+|FI8P9eM$@BsLOVB`j0znkmJ})2 zPc}8+Gc>KP?*-fKl&#oo5iGwl!@+LZvo5?Q&%OxujS!eWb4+faZa< zT6^`bpocLU7t z6OD#h=pC8i%M}?uuKk3CW^kBQ8U_w1TA8K>9&t*H9bcqsr9TI40qZ3D#NhtQ|6du==P(b zuol|l5aKZCA>$3T z^i(Egz0CxnHyq(<^Sx#*F{M5zAh9M+G>!CEjCf5E31(2t%N3PlCRmIbA*;S*Wy=Xe zxlxu(8lPjq&W@e!SPn^sGmL4nbVdnxqdJH-Xz8{+mrnI-liQZ0mcGAphOjsW@_g8b zKBlh5vfvzDPvEJSzo0PFPH|UxbNP7MqLiYTw5!o>$SJhv%iW{7Q?g>?dBEGLQFfQ= z{x9GCU((aiA7tp6286c-irL~6zf~>FwSK3MA)V=sdZrUYti0OGufQ`_5@UG)-abCS zyvWH>d#0;@-#^h@R|4+b=l@PG)pd%}!u*$pWQ!`z47w5Sqq$?Ie!0Xr_Eyb|GQXV? z$Z=LA+ABMwH4=55RJ^ZUBU%AI8i$+^L%m4(vjWr5RU-yhMJ34aQW&9cbi!2Y`nsCF zn*70s_#v(qlae0{QFpi{E#CO6ef6$;Ctl0`0aANwS_ws!W0!-KrE8e;C%p8bOGY;C zBuq?=m9P4)Z{lMJ>L>NZNI-`+qFd_VzlP- z)iO1+XOCmanl}8xcALuYbN-b9Nci#h6Q1ITdJqZNO-cu9YJbJ3~Hy%|-%7&9)U z%^HATXTA6laO05uK+z})b|hm?be|L0iM_Tt8~gA;=yFHV`v>pm;|+a#=VO8m^$|(~ zKi%At3iRfSo&Xzwk96$VHOO%zO8EA)2$W)L;p;Wha=k0Vs+m=Q%RaK!*Vcr9)ob?j zJbhZlhJ%BPz*knv+Y-Ia*^O8}9)w0U*ju3~hS^c9=1E7>iT%vxQ7|U? z&@jtq!k2h{=Tr4{sok}4YFQ#pqt!B0;?L5bzqE@|$eE2M3lI&c93HIz>>hFfKE(8O z%Ly#FXI@0`H8JZ9HvY2~S&o|9_?~%xdiF5+GG_fI3uG1MF@v0?BUQ-%1y>q&?%O@3=X z1U}bSuO=J=%PFX^$bI}t40YO~y!5ya?K;Nwr-&w?$928=33@SkxPbz^oz-l43~1E( z5=x3%0eSz}mCGp!XDaZrNfQQSbpj22f>GkhZ&pEmY^6j{U&$TNcj#j!Fkkdd1AQlS z$;d_Vag_LR`v)K?EEBj(y%MCj^(`*X>-nX`J-!P{ZFpXDs&iZKtpWqxW zVO&Hlm)sZK?@n9B`8O{1d&gEpiL5$9{pwrqvvz{ClY>CBEF$)@8d+q05SY60o|a?- z!Ld@{xVY)uNdSUCztSdtYjS1Irt+&{V)l#)ADe0b6W#EFTi!+ zaRGxO=?5GSOslziM~Q_d50C9o6LE2Bnfvpv6p|~932A!dazt8u#=l#ocg3s^JHZ+e zfIp`3_X>}nzD;}Cg&MyWO07H_k2-2S!Zzzq#Pw5ZGb!Jm8Ihva-!-8wXb=gS@-$&V zo>tM~#_oM4V9|7Xa@c(|HM2B!w3U3ONel?mCm&)L(Z52JOo28FvkE3oMPIL>?M|O2 z9u-I2tN&6JOZj%0lW@sDH_n<~7ty}(K;`lTQIwY#vi>bq*(l&J<5S^deGfPr|0tzT zh_veRUp~dMUck+7*x4_*w4)wz8*Pe^+mC|#< z7n_}1?^U%_EiDTS41hpE)+bza`4zv3JTKp3iDR|aWZ-bWUn7pb5x}mO{2Zl#E{>)w zI|SV|Tsjcs6Ug>2lRZr{Z>mEIDBZ>^EJrSVO;0 z82<%aZ3l|k!Le|by|IUK0QrIL0Ojncv@*s3Kkw6=g@-3*CaQY2lZ*-R0=fqN;z1FX z8{Z6MMX!#ylbq>{!p++Ny8W0OZ8Qew7UA%2(}=O4-K@V-OBWLR`etJ&d9ex#6sW+2 zWsnw2kkh%PqrXu5Jdk?rAcV6lh*n>k5hHs2UgYYhLdJwnVV0~9)}npW=PVnpgH+!A z2CXd)!lVAntqTx)ffB%BY0RcXf#@MSzV`Y62wnQw^W&GXYL`19`E>OPS9L zQ0H9fPi*Y#&-S2d8Ys{u|I_;mzJnQ8!dlWzE_J7e!@`k`o^bgg0n?_$@@2+-y!;bD zfPXCRWWf_n_-c89`qlX5Za~Q5`N$=?P8)B_4J`7)fLT<8#Cc_F2hKq1wH@xZ0M>eu zSuxn3JqGCU8r5#7Rb~oXcZ6_G=DR*CY-RTV4t6oOiT{_$58QKOy{9T107p770%57^ zgc4>Q%v$v))F+j(IBz^lTyJ1>F{m1vOXMQ=aL1fX;^0cLMnZwM!>u6lCT=mmFFU!DTz z$&CgonQhmcX;e|I@wpF)ToRXF5xgs?z6X(tv?Moyih^wxxbk8$;>@bew_GmFru7ke zUGGK?4loEUc~yQ`#q4GPg~%fFWX-D*(NHQUD1uZ3WnCV=OkOjhX>-BKT*H0=HPyw@l(ttlu%=Mn3>HzR71LN#~8Ju)Gr~>H2H;9 zzl%S)A7_j~$<@zmE~k3`$y_}v@5_alL}m4LpKoywKOFH}OmEnK;asJhwp2{x%Xaqs z7%}kG9P{{TRXP6IdfMK3?J*U>s^{itrl5zlOyS3uGKBlOan1 zLWs#=k?SK&@9U^~uyQl>?o#RQ?igSgkQ|zK&;5ID@B8^4-uH{+`-fvQY-aC$?dw|C zTIX8pJOjKCsaY?-;N_=x?LlIiKtBbUXf>ct6X~0B5#}ajKJDu=&+$o$kj#^H=nBjO zK0kr$H8~IMy}U~JnL>AfW!a_V@gXSIQ(#YcO{%C){d0#+m)lc(nV1fQCY#>`qK}v8)9+NuE0ek{ zw{WC#J-g?ysZZS9a*~dhbzxGQegLH+b@e_r5LOkQMamYb6gl7!IoOY9us32S`G!DTt@2rd#Mm1 zfvc_8u)^TExqYuMJhs!>BJ-jv#KcB9HjN&z=}xGgKl6`KJkj&etVK``Is6$X5?e~->!gV5&Sg( zK@;R@riv_}>6`_qJr@RRe#j@t&{lJEBMuj`;=|oq(my(A5`wQnnbhJ$;thRjLOq+W z{uPB8rry$fq$Y*mKZgT zl5it-w97so&We8LXd*(A;!O(U`4-8;%*vXjZFGxw-TBp>nThG-Eaa@7#`#MF5lc$n z+EI;j-f2^--dwk1gtk9(;PvH%`@2r|R%jiFstSqy>Gyk&Ufg$}$&i)s_wGtKIPS?a zwyruD5(P)rtdk5kc^;i(;P-7)-56|?$yv|U;Nm_WjueGoNQFy?c%K?H>?Dz$IJ-v* zqnGowmW0~*rJf67?dkXv01Uz66-4_D7V*ii0}`_&Im+KT$}q>b=a$_3^1CCOW9I*#^kN zXjee=fcEhYKyf#N-@GU4!al2ewY*02esw_qkUwfoJi`AfFijB9Bg~R#7m}xXVn6rU z!n?~5uiSs)aIJJs`amf8qpSC6(9~9>D8$+`a?kMH)?#3R?h)O1l`Ky>*9OaXLs>x3 zDq~PF^H2`eLU6Q1@Wtram;`mSL5OfBcaky z)!fq&Q`+j@YmP6@9&P#wp;6A!89yrF9ppw{`q|*Mxmi-C?R+2r8JPO3&tV~q+5TUB z4kQ2Ra{#(n+NsJepLyCF+lyoaTe0Qs{-^{r-1+2eExE+rnd2aMWQotiM0topcnB5`T7mZC;3n=!@y9>6t=YDg38v7VFS_ zQ!db!(KP6JR4q*M)58e9+Dm5JQ`N&K zhx>p&$gRn8c+p8I3thuaQdprywoXtbfh4?j->*KgGYFkb9OR%l4aNn7B$C^?2VuG533~X=7D!Khp*sZn4eNn^+nfz* z8R9n;+2LfoW2x?ZiY#@Ezx&<$;1_)zS^ay``{>Oz&RS4)WL}%e z9HJDMqF2M7LerjIdvQ6k$l|QDwv2aw`wh@!1oSQm-<-XL&Kcm`Jm(~NREy~CYPJ$u zs!w3TO+nPU8Xf)V6Do3L`?zL8TGR=&91VF>pKajQ5TwfM`2FJ{|}ycEkgg z0bZ9ds}1Fcq*|r?MO48HkOM?cU4Ll;Zk1{@LA0h$WPLxwx|DZtf-B9wre&aGS()0I z!!ZnAmpGf;d6XJfFxu9GcvfzE1j|JNqUQHwJqAv_a^t101wLvW3)@#hLx1MX`A|STVxVUrOOReD^X3#< z$z|xYlGu>G6{gSEIP_&<`^%fx6wyBve}z&Lr~Vu<@Vhm8fGriKq2WB@nWqj2V)EH7 zxUGg@>BXZMB+e<;E@U}(cgy7Uu?d7p%h<0(R5d$p zX88J^s@_illcq7RDmu6caAXnv>cMshHkpg{O8ct5ZuO5gF$O&{OCc-~*EWMFC5`?7 zt(lGSLM?P3yk+Ifaz)BYhUjxIv7uiWTIsG^+w&bKP;;(YP-RhyUn62{27GDb1GYv3L4WPak3cj?|ieQ0|?7o_l~S{S*r2M6KgVYr-Yl zj%cJDwJl3q*e>iFtS%y$Z3wCa_!_fn?DR2URomONE^D78VY>jCWCanmrL!ucU3W5AaGY#T(9@=Z%XRvl>h zUD)|K+6BA&HF|`JU|&d`*U##BhhI|1VPd|N3e9C5j~TwvcwmZkIJtk0P{>f|52lw)n#==$KsIs;uPIX8=qcYLm%H> z9@Xd#_3C{6(e0*8bzHDk<_RT$wMCTZ`VHjB4(W@WLi?zXu-{WV^Gm^nem|E+D>XR) zGdEa`TPRhn0_2+72c?g9hOXJ%PMkkuxDm4&$wdm?q-+9qn#lOMS9vy@VZsJ?dF8m0 z2XX)`M$8V_-en{ljo^@xsT=@Dj zCuE$Dxev732!@F6k7Pv(mxwPhv$Y1(Y^7zww99nm`{JEZU2Y<_`qK-5pyR=#tP9f8 zO*u@5q9+Xf|C19DC=#>fMU;nu9?;UEpxp7kmx1cc(&Uex#vi^ z&NF@_2CWnq)MHX%IBASFpOR; z!D#icckxETnNoGv-XjEhZTPB^w)!eM`KEIKnNCEKj)MN-k>(2~H`9v^B!gyV% zfViIwp*l?0dL_WB^P9KCxYdZJyJmf;W5JC~EH6cfdXvgdf}$#v=;5*!K6%64FB*<` z(R+9tbO7zi|EL!hq(iKE!Mz_)AUMjdsBl8SZ+n#9W-_R=XT@mxjX{;v-(kJ@!V9vf z1q8a^Ik2DU*IE~xd_`3P31U#ajFG|-owuXgx#1dW5wC>wPhAw1@uhp6Zjn}()UG}v zwvcntktIp>6Tsb?nwyh2Dr-HbL@;nKv|5eluxQxrS3Sa?qVgNeXx(Iaia!Qg4KCS3 zP3J5SXrdt1&JCJl>8N)iVEY1PWNiZ6GdbiOI| z&ufw3iL%iEfozbTFCew@QHpYMbh$6xZy+mVsI?FcguI6!8~*`TMkVX4qaSgi^4l7G ztp6ys;@v6m?4zgD!OiaTTfyLGP73cNO!Fp4L(L6|5!{G1dEp*rBvFV8TJz(ri%4Z02WPW#4K|&Fv4gh9LuVs%f2Kg&mTH4Tykx%}0uXWb&TxwoM*14=p%pElgtENWZ(msP-HrMs(W zRFDT5e<(pcDs;cfkYJ=@!-j$0{tsC7%`SeAh!SFgyn}+`x}AXJ^lWR5F@l@w!t#KV;xr0-FxwaG9?=s7 z6m4+J<-Y_?)eylN;U;*H{|{_>Os3kC02x zXfFNO^>!t`+s)N*r-Co;?;2xN(@^(Y8hfPDEa|m`<-6xm8WsSW@iB3WUjVvloe#;f z#(tNNq#LR;*?=ABhg^be!^NR<0YquRRdh5g_>-gr3&0CFuqIRNj!IqLTSwr@m;1~9 z1NhS}zPh^AbDvUDZmC*ofADcY`I|^Rc4p=*fZ;xb__|U9#?u2ThFC(iSQ%1j_OS5q zoyv5|lNK+Rx$M@${h5R0<4eC`P^RXeG<&(_6|o7%qcs<81B{;|@C_y5h8JZ=uRBTb zkJq)AMnrPA`k?%32MGswHgkno4zxe^#~#rag?kLT!u&}dPDk7y&qdOHk>=7nQ)N5j zM0){b+Q)O`^YUG8;jNKY^B*p&Z+e;8aw`YPpH!FlY%2P0;3n}MpxunfKUwJh>Z;85 zhA#{(zim$G3~O+$f-icH0D?jpqACfT8x#nX5CFB})4Wf6^4)AIP*CQRva#p>r!fLP znd3x&IU89ROLu}fnFJ1~6{`9&XsC4{p(S6@@WqRvPkQ6dc_1byyXo%%jk3S4YZuS` zeK95c7m_7wXq2&}Zk(|l6jwWfJMRVgRsKF4p-&r2kq|`e{l@L3FXz8IJ_@(sF!!vd z4Q{zCO=f6x)N0EFK&<#BLDNA*#U>~fj6#}PC;$X!Xvj8gP_^-W zv8V)1p|3D@U(-|iW%B?EHB?&*aM1}c{u{YeiHC7A?Tn0!5k0cx^*m8X@GRxl+(?mg zxj6~}TTy|%>E*2P)WHCXTK{R*Hda>Fv3I41M%JU*99*pM)iStyWJav z9oE9~W7eC>OAjiE!*YbrQH|+H_7XEKYw7lkOVRVvZulZ)xJ_)01R?OvUTDM2RXRGqb&> zWRaUQXI9_C5DcrK_D1hyzH`6wgwr5^8{}#rt1Jt@3!@byRVpBL$?rBAM8%ahS!yW# ziQMVog3nm>c%7r!wQA?KWlCO2XJn&c)lE3rgyWbEX@@*T$ZdwK~z=U=SdcUZL%n6X! zzTboAtgo-tx%k>}zzn)3`tO$Hp{T)2u zI@PgB(CJF_`bzL(d5yhF?nCWb=lr*$!v)Q z>Mmp4Ba^)$xaTF)(G=w_-DcRIIr0f5a|Fo8jk;pBF7Mii({g46JjRP&sFA7<^fMP6x0Y#$pog6*;Xf6X@#=9T z&iP6R0Y6=h`8ylZJ{5Le-KauWHs70z2@c#qpryGEVoJ(hy0$Ky6f!UYP|z$2CWYYs z++ZtDb2fs0Y%z*hZ0a)j;mk1&PcO1$qtpL*(U2O3QM~<_Y|~We(<;o~dLLQ_;R{lX zg+4l)#}Wk587rQI^mo*QY=Qx+X4d2FZSv^n+|4=v@VCZ2kR5+ zCS97hh4DGh`5?rj@mwG4pZm=J_>1N+bp}BM8W4WV4?%+s(DP{TJ05H{XC+RL?-<}1 zJW2~|Z@D!P?&>h_Q!%b}K1c&d7lSmN!6;LHozDGzy~*&4N2fC@AeBnz`~P{EfcoHt z-|MOJDfkY$zq_>`SZnPT?XxIUeXOvF(s;}m&h-3{i3$R+Z!&{D&j4jN@VIcR8d{ia zhm@l(W9(s89yWH^_^H2dvy1*5`)Z%1v9I*)sEKoWGyGe|CC-B|a^}^cCEs*K zb-y&(qs?2O5zL}|IEN%%F`Sc&d_n+LZuL z5>auGZh56d#tV8|?jTC)tKdO6o1S|uSEg8=nfhRr2a*adO!9&(M0z|>cfI{fg(yF? z6gM4cbdi<81cZo2CGeSz0PC>ZeJ z3o3!k?NH)?p_^sj?%T>|&-Q)N8{Ib*_#ugn?(E6#LyO*U*71zy$^?1N?VAILXwyyE z4tZ2W1j;&w?EWZlZO(Gr%INJFS-K(Rj2O`9N?3Iq29$N zE1D>UHtH=`mMG2Burj|)R(*Fh1qH%tyM-vW)?M)~w$3$vDnHpitzxz7y)}=aiPeSg zj?9Y5R())Y-o9NWrKVf1P~H(~=hinIj!8*f(MZ~-im0vB{&B@WsIQ19A@1+wZ{4Q` zK;UZtff+x4-YJE<e42&-1#UaiIZ z;6|u+NuDno`ICufSoHliRL#GLl49_4l-|31eI_sX%+seVCSE?{{Jq5+rrPEmHkMzL zk!QX#7kZMr#NHE~P2@0~FZ+3i^eYc)T56yrb`Q84xl_j~an|sa?39S=L30B9+;hz6 zjk_g#-cOGW3b74wzk@87Wk&PPcOo3gK*49bnxwz^Y9Dfj5KFDV;r|uGp_!;rT2N<6Kp;0q1A{Wf>#I-=`Z|RFlX@x?#iJmM!CPsiM&k%{`3N zEF<_-yjYhr%OHxu0`mBs{-M~n4+LNE02``|%r<1DXp?SS_0*d2=9?tz*3&i%#}L9H zU_oqb5|aU*KGSN4G6XDLG&L=e6U!77jmZujFO@B4xw!wPy*wB*@+M!aG!{^A%(i%wKJ& z#)eN2nAU(MK7$%E=rt{CCNE8}Ust^()%T!rR+Z|I5UtEX`s;DV$A>*~nseL<* znn!&B^YHa99MHw1m4~Vlf7zRDPLC_qku4~oH_vB^0GN$*eo_y@AwE*Nx-)W*0op;c zLV`ynzMVn!!rhi>3E%E!d?aJYT^aUmi8? zMn!1U@>G5L)xAAmo^GUi%c?gszHkUjgf|P~j@5n07@?@maKg-?{o-e&H*Oz#|61`g0DBa zd@UclLqDg7?;*6@So=)%l>x%idoi)Ej7u#u?|*5`d?@eVM*W78Z z*wDr~*gAUL@Dt|_*anD{L;!Dh%2H$NE>!2KN)+ZaT7^;SN2Do=w0jt9+hwisqo#v{ z*0I6Ca)dp%A;FTr@~o_^+*YiL;uJOG4DgrYMtsv6U!c`hauEu`~#IG6g=# zW`5&zez+0ySoeYt%R#bD5E5OsJEIVk5&Th7#WN+SQno8<8+GVej^SLKi+-yJ%U((L z&h|DvK#VOSxy~Y4F{l+1k?X_~C+xe58fF>2MR=*g&!l!=B_|Si^R}P;*p1o~b#H6n zUwr|kPt8nK{!(3QL0)M z59IL|c~9%(f_~&xK4lJEdA0h4cU!aCo?3+xzWb1VC3Y8*$6^#){6o#0%CtyBm1Qik z@~YTdPOgw(y|3xIJeyLhxi+ElhEwpCe{V=_X2ZaE&@r}7vZ!IlUD#Ew94X-F zu=5!UGlmnT{o(S>*_sb27pNk2JxrZW4bsO}Gd0Hl6E@CkIa<4P-91&W;5tyCn}y!G zFY!BGHEQc=t8s5NPYPEnp2s@!&IGWB6ERJ9>0?L}5WG7J=BV<$mLk63%?)`Zt$yv5 z$5kjVS|5k=L?DWo-AInxS_2>gp3Seny>=(^!+##M*L0*sdbSlf86$atgADq*+G%=c zxK0}kbYs)Lt6XNft8mAEAC(0;7mg1U7q8Mh(W4cF=CaQ5%kQwodTQ)5XLd|Nek;3G z2CJZ!?s4|B>Yh@8kGH3+-@!rJDnonP+hb>jOSQL8SvNlyL3wOdGv(bM1rJw)8z)_Q zf*_8QZ949TKGu)E!j^7}zX79f(q61MZG~$)T8He~Sjcr*o)}cxr+E~daZlr|M$u5q zy-)8(GA&q47m6#A^k9?D<`Sr`yVDVDd}XNwM|!ZsCNKmW5Bj5-69}Rz2@A(to&E(b-ovkS%=qAphvycyL#&-vfCS6w5ioUzgt# z;6Hn(ZD#s@E2q1ge~bz^gq&k*9=Qsa<=T|C%a#B+$M-tcML|&`T?*ymkdR7AP9G?T9tyKN{e_ z5j`EgRZSJ(PK`TXkQIwG|Li72nviBtg z(1H=E(K-Yf%)K~Cl`Koznkjd%^~Bq z#7g%%gL`vTAW6g0h7{1&SRZ3n$=Y-ErIc5d5T75^w@xoX{bS=fVV5>zQl}7D?NSaP z(KS7V@3@~6Zy?#7u4WPez^n zWY)~qOUd}I`qN8p-YYohyPAYQqbXw-wdq^@I67L|qT+f^W5P>@+aPV6Ji2gbkwQ&` zS@BvR%hl}9C)(t|N(PxPVl83+2gfxlXFKom#q3tVeq&6L)VY1m{ zq^*m^39o1g&X-&kbe^QQo}SP)l$wI?Y;p!QrTrqoC(L`ESJ>ZN&yrN4lF_86E>U}; z`;(OvQ+a7S){wr-G->-cdj46)p*!w}|{Bh0kpTDZ6py_ZTV@u;dvR|xt9bTke z#xqd@V{vdzaX_b75e93y==s3X?6B}zs zvJBulfl@;J08yisRvbaK{N!?P$}62gqOQ*)KXfFz8&7x5zPdc|dV3~DyIZa7fA1l~ z2I}*%U3Xv!GmIDMe;O1lYyKJxB&Y0WaxV~Mg=_-{U`e;vpn zi0$M@LG5=@WFsM`-wzJ%F!+Kz)!#k&T0)MR+~S%w=;KGGl^nsZQDsL&TCEBPVO*h1 z&uGKcC2^h%&b*Oa*O-)fD+C7`e$?<*U%uG~17TX{Z<5>wY zR#S);YqHmFi}RF`*ZD~z5Ekm1dF`&;I&U+V(XQl@;4ik^Y_ia<+Vz?4+%7mL4?#YO zkn8{p^9H}Wzh7ga40%L9ep%vE{(O3hH~RMB zauR0ygS)&M6+M6?LSN6F((#V$M4PUX*e~Wy6y(xGe6JV@6sMcpYL6!+x|OOHD!U7n z%oEPhU>(#PE=#b&C;sSCLj2F64#x_y=|Ighm9O5nUvJ$P-R`;Wceo2O z^>4)VCw?f~b9z#3Ki4bykY4=v3>Eklu-j;v0iQA&`YmuP9eEUX`!*jf(x-%bJPLE} z8*P)`%lU}ARkO%i@JQMv7H`wo`9>hih_#; zpjezGaU**%pzk*9S2U@rr1aqS1315TS-%Wqmp&iUU$36mJT&vQa;rj~?OU?_ZULw9 z#mmR3hz0Sq8$eKTIZYJs?tFEo_xZ3LXt{81Kc_;d6U~}tgd<(56E-=g63?37 zB70hK^b_Tmv8~}k(Fl{@fJlsAvNRZ$*(~&!ox_S+q5)w=%wWcGP5^)l zW*obLRwZI)9O1krW$73Iey5|@a%RU{Orm1@vHtpGV(Er01^1@z*xmL;_{46&g*7SF za0_22ZCBDh+uIuNOZTE4?dXN7mc7WShG)cMdH|N^7JsgIm#(%pTLa2XJ3vA~qkRgQsG(@oI*c$D$3wurCNrqLOz!8{{ezxnMwn8_=kcfqS{Py1l#$0wrMd9+j+PSo4eE^57s zV^MC&Agql7x!8B1%jqA7EGD}m)4u_M-vpGOiSvDffhULI%(*G?>c#2UF%Tc;PT24k zB(OJT(`Xiv>Z@pT{KZg(mFn+}48jbGWButanQ;|_?7PlRneUx3tb*0E=AF}I5F22a z@)cS?|D#B-?xDVDi-#H}ygGC`XKDL~+r*UhSMR(l*}9%d?FD~b3Lz1}A!upxVSj4- zBpt7VQj3+LYopOr10>qPiZumY6nKT!6?1MAVNi6xrq3=L<_Uf4Hs9RLij4wCK6kJZ z2Z|=a2Q|lZ0vDFR94GAKV5f-jla%q@2750)&_eI7r(kUQQc%yp39eg;iJ_2A1bEjZ;{DJUlsFO7_qEmyP`9wzt1 zi@_wHgjtn{M|QMLmVrkF$u>`UiPilc2`&h??)Y{BG}q?5ou_Al!WnTuE4n(v!P!O0Cy_i*UhRA=2j)-M6v@(Jh>5&>MXi&vi$xMrPM(&$zSbO+uPO_2SY3=Or-RW z2qH%_{j`Q>U6UD}ar9WJ9&m7G5=;PFKHKhefL{98XD)c0`_5X4)8RT}Z+E}Bl`f`c zDfxB@vn|4RQ&~ry$9B;5(2wh=0b>6vjKX1`fD!{5NweIWdCU6_^{XCWl14Mb_v6s> zT74$p#I3zW0$NgXyz~0I(n^^nRPv1J7yh=(ieBTe2}--n5X+$c5)-38*Oj(cmm zl1~AMnSvBGfbQ4zK>eLAJ zg8%Qq8$eHyO62v=zU5C3>~vn#fq!j#|1<^tCw&qyiV&I^^+kW`dq--8PafFWz2iVE zKmJgB{{OOX(*H9vJg9+^C3?=sI=PKXrTn*H8P zo>ZSS)Wj`aW{0zn7q)9-)ikRFawrh*>L?tM%`gO4DgGlu^>2^K{pTPDj&& zuDv<)yX2t0tk1hFy}kXJ$H(f{26K}G<6M;gc+tQ-cVKVB%^0q*I9sHT5kEI#s8V2P z?177CWDsWV#X8kDe|8f7aNF|CZ&k(J<5`WblR9B$gxyGp;YBLjpqtfD>w=o0Em*T} z`x#|K3gl$C$ENad-WjjHeawel#Ls4IVbav`U}4yp7uW}KxcP8_T{-OWE^^mSg~>xQ zIaQWUXBo?kslYm1Hg#Yqb}h&FA#joH-!FL@>Q$h*)$i@t$4zjepO_w8lE3V?{7r`# zSHz2(P`u;CO%b@Vz6f|#>?Y0zG5Kb@%Z0Hbb~Mo84wfxx1@WYfvE4&?hdCVYZ-(3E z+WLvqR5;m`Bki>ScJm(ZJQ8{WaQz&wbeDcovW0$EMSo~6M$$h+^{;?K>>DZpW&~1v zQ01W~Hp%4`HG`_%9zgXo2#5z#_YMRhO?@Pc{1X*-d;zvxHf;O8is{KLB;H8ioSN$U zHil?*HEzrX+Q_Aqh8G)4pn_+T%x%?8zqtNcIRExX`4FgLB8K&!ul@Id<$Z)bvJr}E z<}p_76Q6CqTxER57-X7BoiBBwgH@)pXjOGw-5?kdh%|No5!0W4wZsP^r=iRN35Gu( z{reyYVI##mLVE5Tg-~q7MT=hlWd#33`C@Q6Y=9m zC8AP|qGVV;F{ zz?RQK)MKK(FHUG%LWerayU&>*C7SExUz{`e;y(AY2zc%sd)oyazIlF2)D@MQ`kH=J zxpnGeP;7=AQ5Xa&|3Q$k3-Q6nk184x2VihcMOpm=`$l6=w$D<;-&q zHF6aWe84M4le0NLz@5#uD~B#AxbTXImstCc;T1t$YUzwR@CpE6?e#9XUJAWRBcp{^ z`1qN4Uk=dB8QNiPY%cBhRx8ONyl}_lD~NROKwOPMZ}(s(OG~=Ea_u!)wjK1X z0NuYlvE|PX8LW{@PwI1YpYm1JF}G0}HKpI4EZN<|y;O%(@sE`3Lsw3~UL}w0#(7VHb3TPIjXsZ@Mz*se9(h<2)YvHN`b-gUV9!QWAH|eZX$$WaG4wEU= zD3#DGk^tWH_S3-Dm){}Fs*Un1EDws+X*!MAK^Xe(9dm{R9KLH_hZjs~7VsMhdR3b> zuZhr-tvwZS&K`_0t%3oFn2Gqva&t>WPPVG}sAHdIA?c%6nwd1aCqG0PJXj7RBd!l* z-Qw5#Xt>uhVJE9DPgfIR-VxJ=OkJic=&pq`z&ta7EYjpjzS=byL!SsMX}fM)F?&vR zs+VI_!o)(#o@U(J)?8dIkLG#mQ_|LK`^w{j2OXFW=e+297GS|!tWjp*Jx#WXHeWtp z)vecZTv4~&Z}Di!lgmiR$1DUK$Mq%T2n*g@G9j8v%?C>gR~ zT`5M)8?#E#+<1KW5i>g9q|iqY8V?54sHW|K=ab+ei@+m$NnrYHWMj8|7_zwMZ}~WM z$f6lJ3Lf{~kQv|{>lPW!r#Z5drBDQPwvkP} zZ=Di1TMoA|;Q?mPntLZ8T3#gO=+?QKc&*XOAMsXnZF*@{N3P{vhL_{7LZ4AdY+PM` zeS^y0hDCB|k~xKLw#=Y+#LJyAILM{JY?3~@2J$^E{1JeJ*Fpb_k|pvmOns6!gz?Tl zHUf=^Ys0#m`QoC$&IWNoJepxNS{u>6&hwwq>N>dZl|nI^%R6{%D%sjPfR);W>cFng zN4_xd-dopQ1I7Mlv+XjD@W4ah0UEzgj{PVUet`_KyFppc_<+LtHsWtCfak=^Y0Gef zE}S}^SHb3uu~8(}eg1s~4iu<$DagFioGY7-T4%PsE4QSRB^ej5{fk~KBmZqjzde4) z2fQt)v#zVQMPqgEZH1$6M;j)}{FuK1THTq!>C4pjR4dLi?<;l5# z>x>O=<99edmK*lU+Q@7#(Qi0irl?5oA?|w&t!@&ybuJ9ck0xL?G8}tg=y3`q>f&)9 zXwUbde=6$NBj2}p*5+EdRLAdjFXu~=gR_Cm(`qXR=VD~WY$i|y_WkT+;J00Lxo0m| zHtYT}2E1LMZ-i>}JR zbCh{P;^p45(dm}DZIOFydCh{;*d-#x`HW-=C-v}XA&;|S7xD@#Wi8VqJ#HZXn6b?y8Cps5UF{liAd!*c+ zo1Nwh4vJ-ct%~0PKXE;tcHFeSN7g&U(ed)AASJ%1pIh43m$&togl6XO@Yoc3Q8S-V z9|ql%#FAg2&O~7j`H9ww%D@DxU!8Oy~K0<3)J(n za!Qq#dUP*iGP6Q0iT!45&ZX5#8N3g}%wIil%O$a4^-GUT=aWs;y)sI^JuK^=ny&CE zVU0iotk4Y6f2K#M_ssHlU`068^%l1`#N&Ph+V^cXmaqzcdzbpuIR5TdB|rw9SdVBl zTjMOTe=MJzoTQ)X_3xW;JOYHKYh?vR)j&1DPR@)pf?*Y$l?=kyF-fFP9PEM*{$z_C zHt!QwBTZcx@I1dg5(no0iIwz?G-b_@fRf+MO1Rp0QIh+U&Be6|Sk^xw6=<{&Fu6$l z$za|$Egv?06{k(dGlR+g{HMa-I2bUwmpaAFmdWV-ykD6uvvVw6=mREnsRdZJOHw3Y zcEmIBzeI0Ga8@FoX!tQ|XH7S1T|j-v$R9KK-wu|k0!%O+ER>*)Y)(E*G|{JB^y2=| zrO9u+e|xQB_o-FJQ4Fxd*-}_bQ4IQwh3-I%kuYNr`ZRGZ!qUI~+xP#c4MK$p;q)=p zJbCpe#6?X60>M}4pSSP!%n%BV^1GAmj(>Y*e<}wN2lj|{B!$8A&mVt>17FwTD9--R zNB@M)0i)80fVmbD{P=Hc^v8ciLX|^9T&shJM&|GT4R{Lp=Dgkh9KwGO!XK;yI1md# z#QGr%0(^HO>&u8cS=?&-7e?Izs76ikDs7?N3FlrQ#^&Ob9RH4S6)Sj(aK5MCqTc`e ze;*=5P0^pc$o*qh{&`RUA}>co-{txkU3ZRa6XH(DD5n3o&th%7z}H=L-f#ZrqkoSL z6|$m#au=$&941(F3n&6q#u#(=gRl*h zCz!(HE#90?fyba1dUTD8q6x0i?CmueTs+{tN=9N~p5{IK;@q2yD@k3%ISuT8pA#?} zxZT+5OcOWuOMyiRj&t+1hXjZYUGWgn;h$@O_r$>5;ZswB(XPNCgP1`_DlhB+cJ?Cw~XPj9ozZf+&C6)hL#6dwpsvuCQ)95L=xaTv^m@Ye^59$9E zUE5mq<@{fQYaeWae~kH7+ku1m)ad&z&F{~gx;Suy?6 zHdHcFvFwrzP^S^`Q~l35VSk_V&8>1j3290QN%+pmA@=S0!@r|uT#{rY-e|PC5F*1oOdGbH>SCx=)7adKSnWM`HKwu7C>>YuazHS2(@xd5|rM?&S!InKun ztQc=CTblPs0R)O-rLPY@J<`C@G|epVId`HJpfpZ#|IE+H`JS37=#mo$418NC2e8D$ z4mR7k|6bz%HYWjGh_IL|lq&3w6^Mk18U`%ro9Kb=?r&Mrkuw;R#kva{kZ&+4c8pJ} zkt#-@(jELKM6zG;W1EgY-bWoYLeZ~*Wuy7AXd$0Aoyrv&mkrL4+4`E-U(MbwXL-6D znxl7Uh2;8zy@|F2oF)Us{f+LE^ErH}aCXv250;B%;He3nx`|WmBp31d@L*R|2B;n) zRHyw|s1=?wTWw9;>*;ZIc7JxLrGqLo4~vM2q1Ae#@D)BjejGMs`q-HAXbbpqTSlC^ zL$gTEb!ReHZeuXz@u(#DtG8Y4V*QtopK}YIVZVUJ`GmBxvdtd$UU)0ppw%@4{^u)_a zG?6`dB5OC7_8O=a$RM340u<+`p3!dbfkpP2XB*wAXlW_3%zAnN!O%|Q7a=NT(7h?Q zoCpd*m6-~Q1>C%nIk(|1D!)!+C)v!HagET>P}2ht&Vr-9sP$z3HFRyd+}!I;ZxOjP z-9(vjJSD~Nr`Qg!7Y3)c6JC(#L%KLp2F!7Kl$n{CmsW@J#{gl&+-2CA z+w}0O(+1zC`*7@A1BpsYKXEc1(C9#+Q4rTkjm=yVIv%MQxAhtQ52BIX&p;LL`=#4# z4dS5&<`TW?Z%{8IdEUk8Ioh#O^KuH&6*RpD+aS`}I@Q;+<<9W}d*j&){oujABOxWtpK@TwS6NRwU`8g8L1IFBIJ)kk)A}lwD&KFhB0R@}nM$xQGRNBgF z`&3o|WnMBYZg_6Y(lKrZmf~7ZZs@sTp-~2+@P$dLikngc^vg5X7!L~1ftikhOTqbt zNrS;YeQEBMo|k}P;vs36JxQTLRaD98{Ha}m7QpVITgnTX7x!bil2=qso|6(0ju{kP z;)h;d8T;i~N`-5KDSfwm5!&Z=3l-suUY8UTr}OI^;~Twwsq;D&F8tvX@RZ(~xk?Ck zFXXqw(qdRD9aAEQs>3A*%1 zLM~sB0NlS2F(z@S)Nc%%Mc z&}leTLZpLHln!@>VxZnX(vIk@+n%V%^4zTsDiaoX+?B&-gF(})>sWg06~F6q=whT8 z?BP;!>{iEI;KTn=7fey#bb z;6$}`rAG7g?k?CpCiq&RfQaAXETJ65e?}Htan$v|YO`d`1tz@c!Flt3$?G7Xe{+{@ zu#_IxFWIY?W@#$`QtI_v*#w*$+7C7@X3n(uduYjq`GhoBH#s(B>ccG_4S_*Izr%7u#eT z*apa{8`GY+0>GaBK@69O@}OCH>3{-`7J7Xsl-8Aw!JboAUukx!md*1KH=iCA;rKaE zD=2G2!{j+Td$6~oxR!fTLJRUjNB&>+zArJrDUUtc;xdPFfipprS&oKDy_0%m9sG z80YVaVlhE;2r)*#k$CfVWlvpIHB61LEG#f^$wevbczD(_wmzaDc%4~U6>!b6e3nuV zwbH{rN|`=mSq(6~M>vnu$R#OU`4OD!XuG*D*l$L=x-`~LliPF7)2`m?M#U_3GC1TV ze8Stu0rRiwrBTU^KvFTb-TCkXkh4GNr0TnaGBo&hs)Ne{gJTbumvYs}=nTUdp0esN z@mGz(KCnzFXJqE0QWA-ldt%Fwq@7I|C-H1=ts)JzDQ~3BFv5my(V2?sg8IGD7b`*h zJB*xeQpS5$jG$)(=MhrHs*sr1vx_cY0#f zUj~Nfrz$y7Qyh9#112{ESh)-DLcwO?HUNchYe<~i6pur|6Iij>X#TvwYXAt>63?S%CC+lv43 zlvr^3O_K!y{~yUe^rFTW0kuG1hx8R!_8Y)AmlRGILfVjH{U6zH8!1jHOewk!T?i-m zY+RXG{yo>t**Os(gVuqWUg&vg5Fl?g!1wXd)o+|Xh2l0WxCiriz5*x7pM`Gh4cUX0?;OIt2eCU59CG9$$bPx8R zxkT?Y-E-aP0h%lQEg1*_>W+?1K@|Xmnm-Ke0p_>WMzZy{$dIg`#m+3G zEcL6VQ3mC|^{KT&8|v12@n)9FD&zI3KC?>wrYDj(8SgD!S2^hdzF1-#F)Xwszskpd z>^jhJUVA4B5m5l@nBPcHqlIdboO4_040UhCygq9d=_*I)?49mAgEW_OTr5#}N)(2F zUYkid*FF?Te*a-X_(TOt9&UO&$iJogYe`P=qY>k9joOzS(LY9~Kgoc(fDF|+WZc{N z)c!LGBkOfrYrf<4@n~_(!X1A7FC|qo&?GJ2ttt1}lCfTj@I= zJxtF9IJ(-sOnP`<6g^Il-Vu@Y=FrVLPnx`ZB%Ga@PpL0xJ@#ACEG8;Afk`cazXa_~wc#nwAxD z+g+^he7CA61nQHPlHNl$S81-U*TKEiS5=*z$&NR?q9?0c!}vE}s)+8ku_VjjjWZ-h zirI{(QFTlYFVg)^`je`1va&va%(qT3)Bf@DL+?A#-CBw-kdhbnLn}6k`%WU5#9U~2 zkV3WNGFgDRB25Wc@xb4_QVMbAC7#k^kvE8qXL}yQ>)^rKz@@Knhlo~XB}mxiS9{3D zWNqLp*Osipx=UB#t{eJ7RZ>2W=nQ>%p`+P{{WcOou@~~S=q)Xio!`eE%-}6jcOiQ+ z2J|X>gosNMi4b5+0do!NZX-Eny%*l~S)I%fl1R?|Rjyv9WYyW7+;yt(+5rYL>B<#sKM zU}=wk@6g?7=t=)MyA)oF%f@i2GT3-YTep$Qak9cjf)`R}Yu9kNbLS%)1hYMmP7~tp z`o$7wGC#}bFc@@^{4?)Ma~R=iN{#r$out&8=qnz0j9Ez`^L0*KN#A*CKpjy~qbBxk zFUg!^n+heHYe&tOJk*Fmv`4Y^8Tm~L7@dUM&%c&dUNu6lDk;JDY5)3bz|$&!ZDSg8 z*PixF(7e$G@Xp)JmgvPHAwZ05+C9=lD|XS&`!sq5cM@x9*KJa@9CrMyk$hlfArn{f z+?8Yd!vKUS2=_={sQ=ki@dpFTku(;U>ID)C;{J3$ncN)$n&He!_6hy+PeQcvO6J@- zios9E#Z631fQ|t2(K(0zBn>BBSyduOWSAb7K-fTWC!3Q!HZS#wK{!6|C)*#0jo&P& z$WV-w1jCKsl?MYVQy*Q*FQUX56bvqBbs1k)_9La)t?5oX#rRwY^PRV}0|T9a`Hd0)yGrPA8@E@ng8YZPqZ9pxU$>GcCi-(q=D#T$j$4#?cLxbE& zjihb!@v>!HQK}i6<{$#Q&rVrkW?d;P`*qmE#VY*U=jjsd{aI?p&ogar1lcA__%)Lm zMe_E3mnggC^^Si$j);m<0AJMkxb95!c!n>T#$aQd<}GJ-0b^%YYet2oW_ET!wR!ba zsS7j5h1I?7@miyMWwgvBP3~6_B$nOi#99VCbk(Ck@Eg(;ZwZ2YwOS@I{-qDGhg!kR zN*M!H;LG-A+)d{n{+^+$nPbcR?;=gspk23y*FQUDzKzzQ?*)AHsQg75_^y%xXM^DE z!o{AK1&BvO7v)5WPd4FOQu&2q2~X!c|Mg^ z{D}n6U>pQa>LZc+WHm>FK_9#ENppfFq&2F|b#AYGGu{7nrZ9pa3EOZ`5YX z4FqOW_(OCnEI-5zQxHiGTig?2^gMoh`PnDx3MjUDAhO$^Ma4Ute)lq>c^GAs0c74C zD^EF&ob01Z7*|{7i>!hE^WMzu2M5R;W2?LpELqEIrqRWAOfS zdHY`lN#d)E9PuO`^IxaM1>^gBkLtq!8$)WhO zhngK|yi(m|vx%fq?gRxC?4p{C{{UWMmF4d6a@;FXoSUpmNIockLh3GMf1FDKzm04) zd+S8YA#+KCs$|_bE;K=K5n`oLMK?G&^pm(CVX%)Di#(K& z%+{;id1w3W(=npf&a7nIVn5GxGzmK(8ttGdtWogJ*V5tS!#tx-BqM3Q=@9vTw&^nj zHfA&F4S-`^sXvX-bU4u`&I?@Q;4EStnLlo;O!2oWO<}kOWD>*ys|)6Ye#yFJ*6F3m zA9q+5jbVV>biJenX~sx8b3Txo<5*~0ic%lR zetcspDr%9>u@~PGIx@z}w-VR1K}qy@PIhild39hocSxwr?d5TO2@wGupUEaKh1dsTFd9_l0 z9U^ys@ni>$ois$}vk2Gl06h)JE)QPcj6Ybg0w@mPoMR?MN<|8zsjg{fNCp8=as)!T z|0Rh0&%1imwX2emkK*T`zm|+HudGAf=0Nb=^Bk@Ax!YS%zL1P~$+fx}mZjL$&Y~lf zS#CKVRaAZM=&>B)ralcMrg-84eO_GJf8KaXrIS!rTp_1WPI4`)RQ9dpSNu!uj4yDP z&EbpyoEt@ugEB;_;!7dV>$X7h9A%{KMdU2I;RASM+KlPB)c}ufl~-B3kz^9X<)(uT zMP6UpfWEDwf}q@{wsx)ancRrXh1Zhr<;IxD!;(#|hRa;&!_+KO*XRdnwbB}D^kKz@Y3I$ln+b|Ty7j#WdbJO=>2 zC>VHp$3c3gG=^1iNxxpNHDeU~mPrU)57_~k;pqTmMs{h5=P3#$3mERMU&$$?k z2>FC$RjWQ&ejeABk3W7wkDtVNiC`D5Pdk)yRW|Pj67B_)85#dsw8J87TL#9ylC>l5x4MjSP=3XT_>&`&QT% z#iEtPF<(JkXIgP~4Vgp+(D^e?1GlXSi6QgedG=;1xpL0ctW!OI|FvbEwWMY+xZ#VD zr+h42)darnaqD=)AzB#Jg!$41XZui4Oxd(>O5OX0i$S}x9iMBQm&LKDYmc(L50@3!ZI(Yjm2bKNeV_KHi`3wl)?5T{em?+^7`S$T=ZD&3f@ z-2Ii>BJIGmB5|Q>)v06Maad9Jl2#nr`n-|+`esYmnB+84nJ%A47n#!F0}uahS$DU$ z=kS`&0!+{F*7SNI!04 z1TIfuFc!X3x2T!D8B_7@c7ypUY@eeqiOuMZpfUg9F*ww=VG#scN2kq#*wt@Lm6tn{ zfOi|<;0F4ytjWzcVvSOAH-Kfb0edL`!%joZc0U=4)D*3b$l>KuAJ9vF z5pkPwD>vVk9&to%3mhnqrC9AQJhvwQurQ)!xUn>uEQYb@&L7&w+HEqw={!tqEs@dw zBC>ymiq7GUxK+t;ULI&_LW`T)WHm`G*ZHg}<4{-*Hw)kOEL+WEFJSlybNq8tE`#kQ zOQ@GzqL#jExSp>jVUVoR`_Y)6ZhI!^+Ph%js?vzzHrNih>lOfBuc5EhFrdem@DXuc zU~}Ey9aE7Iv~nmPdJ}O=OLB;tJZ4U9pR632#{8kc2fvrq@a_$S=yCjI$Nz^wY=t<@^6aR@EuXXtF=<#ovXR8dXW z=6qsIpZ-@_(7Z;zK=DsIc=y-wZ{mX8q%b8USb7!slaL(EzCcrQWpK*R@0Rnuz`)57~7 zBf2l^U>&yn(scJ38lxSQ!@OoVPm%;(DK%Ul4hGR?9+CVwbUqsUeuUZeX1Qx316G`_ zoh((tFf=CNHg}JDbM`H*tBMRh4rOta+u^Qj*a7gU<^5QY>(-RnovH9LBq4O`2~e=j zt?!#`Iu@9czC+ZeW&pwyupaZd)G1XkTPIJw3JzI-;n9hSX<0uuX9}y1GDU0~fP#C? zeF!6Fy8&02ArU~RX1t)1*S!np*KwXLS#*!Gf95M4{761R1AU_?%*$0!BVThQ!Ai>3 z?^;!7xXJ6k4t|n1fTTrIs$&1w?l_I$8w|R@OK)f!_n?dYwxy z)b{#63&st_YlbS9eER4OWys7({IxNXmg_M>$#_3XAyd`S$wqw1e^1ahvIMXvZ(qn( zj}OMkQ;q9HwKX>!IZq;+s%*Ad$J9t~pS`A-tF)U8ycM)Npaen%?m0L5VTG(dk}`8i zzF=)uA^y?crjePQ{OPBE#Qu^Zke<-$qGNLkr4)W;cIh0?*HG$-6!+L4p~`dpkWJ{k zS|~79tJAC*XRpNwOhNjmG z6|G%63Q>{YvX9y88K?_exiuFaG=xeSaz&h-O6me?l-}gqyEey>!7X5%n47}R#yucxH`zVsr|Wk8FzLM*^ru? zo}T`(c`elz<8BF^U$%g92<7y)oLv+x&O>$?F@<{(KOdEe=pC9nw9hF9~wxO0>VeoCC08|1NGeo z8S2sf+&e;RIF1nn_KjmgUJOQ%RvKK(~(KOtXyasn! zo4ZR;Kcc%smtn*TiHku&h5B7#fn{D{DSJ1t=aclTH%~IYr{}g*Z%+}3rQ1B5OIEqi ze)Jzj`hRN8zbJvzR28Kiq5fZc|2!AGPCWAyAMbZ)u=DjD_ti=js<+_NJ*SaE#ZA!B z9L!CS@QI9y32>*?a8>K#+W?x&M7O0i&o4&(mHy6Eh4Jw=BXK#m;reyBX2Z5 z7C`n0Wo&vHrSoj%1ttV=Ou7!z*wtsV16^-2I_RrWGd%}oJVETtrPok;;akOv+8^VS zl3ErD?o#s}-1B5=vj&-jCY`d^=g${;KKp7W63PgX>Td^mjgijXxXE~YcvDoxmC=tzg zXA8TcAIJSPa>vq|4c_`4nJo*N{$y4Q+&{=o+?-@5r;rV0WnSymDx7ajlovB#Kr%>4 zK|$5vS$?Uh*2`$p#0oU!uJ?WX!!I(H8~6HOLZf0hjWQ*_9O$}ZGfPe^)Z3S0g-m!l zo-XWvV28rhYO|)rH~p&19gjUU8nV5?5vWo!Vyw83@n_&nly-M$y52Rz?=E4Ahk1lB zeWu~N>pSICPO^ASs<+GLs!HxO!8d#YR3+vfr_@S(6<1_<55$y04HJ37XLak0HG4?rQlb{-1pH?l8Q zj_`hLJktZ;vb7^z+jCEiumiMXQm`8~&zWu2ubbWla6owZ1IW zr|g>6<%>2Q2~kjFl2g?l9$kP4%>$UC)vd`Lk{|)^`tfI$e$x+wE}H%f-I))}6*q*7 z_z7SZ2WLy36l<&J(RVoYUX{R&H`i)WNFq5GaG7snl$0LchQdAe=&bbQtRY>T#< z4b)=?qJQn?lzL+rk~OHI$v{6#Y@Tgi48$HON4$~in32>-K^}+!ur-%9fG98_w0e6oR9jwCLO7K8Gzs?t}J=>TIXTi5Y@kxL`uXHu$63$9;#C zlhs8B91Ayp0-%{Qkp0UgxFB0;RFRfTmN>glEQ3>U+}?d&@!V4JFfWfEV)-9$ z;QMuyzS5SH=wDzN|56_fd8WsS{~(i0-DmUpZ92g@L(6umOcgnS>%?t{i|&M@vpP80 zx279Jdgq3n9;)#S<1lAy^&#e}Ls zUSx1OEHM*ZD$kV#ktWoL8-*axzEs*yE6Ie>nfbz=H>|d+VgT`fwohQpzs;8UfpPjj z!CgmJH!pP~yt~U>0iA$bd~EfH=%olTz|9fTr)YYF)b8y=~>AyDPu{%ThUx5`wAof`CvL^8( zA@G!6wJ#7maVt*W`6Zykf#09b0hjnqc$#4_CN?00}{14%I{B$ z!EJpVX-O}JlgPoywy9h~T=#Y22 z2JNW9{R>xTfM}F!(y>*B>qtcIz6ZJG`koQ_15`dIuftK=L`6qlo8^LrefAuHF8D-M z6234gl_V^9udQ--tdGhcXTEP+*A2A_AstZ8l$$5(qxx*-#U@dhe$8z@MgHRq3Y_;u zVET_=(HbFdxYuxlPb}!xL6wd+j2%dzq{ZA05v5K^M$)b zuu?WQHDddUr6aVt`*P)Hr;fQYhSAuyE1vBQdOMMpFTnre{EUlK*jxcLkIo^!N$x}( z8swwj4crK`FWrtbIu7Pe&qcD$cs+po_SQ?cJE7xHd;lG7GJz@gN7AqWI1L}_mpPlZ zEalM*H*oAa?Z#to*+rEz@r9FRNZZ5GK7tNJKt@0bs6Q$DOC66=>1zMk`>!%jKCnV! zcLp|@x°Dsk2uGh<>Dr(7fxYv5J5!F8-<S%s*&B4s@9C@QwaM-}xqBhsa8?Zg5@OX>6y&PFZ#bzH&yMYHzzgMDt zJLq6Pc4`hal?|eQyPX823?8kQMV)$4LPqQN+h^EM`qC2I`&wi||431|q-}Z_^cYch zrd2yN`~uj3KZ-pdE9zl~w}$|C`ipgA+rN!k-v|Yu1`$!`xkvlAdspLAU`UIl?SI?@ zWX>47zMnS8yO_rMDz?`PY<9gF`uzub*{+Jw<2>vI1@V&!Kn44U+*j4OG9Jk7q)w_g z_^SUJq~uT5;P{uCMeZbNx?b{{W4Y`vq6hyC(@_JKm7tW9{Z^f(9)$J0J z6sgT#z8aw|TgbajPk&PS?%Y2%D|ZH{MFX}nMB8>JfL~6&)Gb#SS8(W|OBM`or?Lqf zN^Oz(I9;RoY+Ngo&tl5wwwOnXFzCa!6IXp^s8r(QYK<-62IL@lVhg~4EMo&2D7dn( zpfD~n*LV7-J=d2}=6NUQiQiAUUK4#HLvqd+^wKXw%tnFBk`Yi@v%hV~;yBZFMiI3)myXA9XwN5#f*1_Gq7G{=Y2niV_)f?Jw zK!2cN?#b=tSOZz0EcTjVRNRHtFVEq&LD$Syryw)4O#S7v{GxAAnXpF%rQ0=vodoyp z$-FH+3#3=Q&)P`a&Ye+Ktlzz~-y&9&Ej*X1{_yu)GuyU94407-EVX6khxg;SHV%~r zzPDM{EJR>u@G&6ey8vuP@tU)k%Z=YIo0@!^NdhA!wEz(_u7AZLK|vJgx) z{KjHXG5^EsJ1ZQM+i57_3adZBSzkj(xA3?SLd=H{Smo8NH&3@5l*&h(TJ)KT$!Cpe z&3uy40Bj6W%iaD1f!?T`^F?+`o9+coZ~6N{rZS-=W)QLuE4(dtRO5Ke60^b;DoBO& zEZ!JLSh@vE@$kxl)QBfWi!>y@7t!A7*;G6^atEDtI|zXS>-o;88141C)5eGnrAi!= zj{xbvaL;CR3%Em%c<=)!fGc}Awb-Q@V|!$84-syc6C^C)sBcKyqukRVd~7gLi;RiZ zp_ud9KUO~KNWtYGV1l)FS_0#+w&%?aIL$&6U)!j_3K9tINj7wUBJ zB>k^M^!#ycJ?nujt=tj-P@&VqfvnMkWG=8+L$Z|NOQ^Xwa5V2)oz2TFT3$4qh7V?& zN$(c_LB@of3iqo+`$l4GkHW>G9@KkZ+K`&a2YdzsOUWH6j|#t>15C=)*kqbz$C+yO z(6435jrC}vcX0;ww^$eS*f7?B`6cIrgx=Rzxpg!s~nFX-r2cyNs5YsE4tQ%fi&j1@uHE)Cw^q@ztc z@5fjZPHyHbdSB{D`z2Erg*KdRr~$x}8WjDD`sny3<<&3h1s_ZuI?nFU9j>2Pou z&xqL8`{t>CcXgJ+vRB<@swDjt_&8G7qQ-63}bY^#xHXwKL-#BcQH>wu) zWOH)ZNF*Y)P5v@k!gBZ*9pvkl0!M;CNsv$&6K(pemyx6+p&lG&09e+LUi}#&661`d zy9QOWIXuUCZ)xdFL;cx*5kTf`j(=O)VqMmD9G@>tUztiKxDb1yHCPbp6EkA(Hm$I; z7Y8`k2l9LBb1GR&!3$5D$ zcj6AQLMiz%KYw;RkC4aaIlV5mk|Um9oDGT{*u}@Cl3q|(0R&TW-(u4_@>!rhc1a!M z;7AyjaFiGS=F8;MuY|=}Elw;^O!?wT!b!?*Gaq^;rgJ{r z%+uUH;y+2S^UnAlnU&*3VdQ+Bz%1Mv@V+Fi#2g#KupASmW(k(`+|av_oNZtWvu^-e zi8ChKjF(n-J6f5gDhay=CsQ8q*#JH1jZO0ZVA03fG26C@Cr&7{U{;;`@m>Z@b`#Z#8pHt!WAF!SGD|9p^;?XogQG)Jf*h- z)^GITh5r#&8UInh4-wzgw?3Z1-uLzK;;uN$I`)%^L!T$gZC~?iZ)wN0)iX>?_JKJN z-)_amT{z9Fp3e@%atb!o!?xe!+nc3=afWh$sO+b!=5={-B@zP&-(2HQw-|pW%#P zZCNs$r6`}*oyJ3aK_~c7*=p4088Mw+n~IO;(Hb`hg=oJ~_NW3vVinm=pfjfvT?Wn? zXp-2MW3RVuG3VEBt!F5RVHnq8#Mmk+aZ1T(typ)_=Gt!SvKJIxk)PeSKJ@R^#-D71 zGtPSe?tI9<5zk39#&E5wm~JIK1k|0;Lw@-|6hO6B(}^fdDMa1+4dANTHL=~CmNrv4 z;uYfALi`0rvCRNxGb6(^y3MU?FgohfaLldKW_;m4Nmb(uKU`oeGVaL(i#Fr@{<~Lo zt{Wm&7qPP!8F)piV7LU$l|2pO9=fP|_j|DmDdasUwZN1yW*;! z8Jz3baTBKCNHFcge%#Rl6jY{>XP$!vZzZB%t5dgfZuTI)YwMjT0#oA3>jHqZMEpy~ zstgh|oqPIFxn7|}fb&GjX%&_ozmymr-1z+Q9KLT$q79}-{N;d6LxSBe=70yzBJ9!d zCoNyY(xTaHbeaLII}3oL^`+*wd_{H9_IZ2KZEzL{cT7}NZcS(zI#3b74jeAuNEF1| z^^9)wxgP{Mzqot>IVqAdNv8dP6lJ3Yv1`jdl@8T_NsUcbSW#Gx7JR2}@Wx&DqAk>d zse>%NIIi3$HAa&f$0&NBv*K%$4lx;-v-3e9t-%*%a-WE($}RFAl=b;E)-L-JYp1sB z3$GIf%zx*1@Wb*4P)1%`Q3NyMf}MB%e`h_>FM$RDrNMHV+Qd9^;q1N=cfc8~KSFuq z@qQ1w5kN$-fxJ^prNwH2ci%ALe|(OstGb&fd5uNKEc4sX!*+30>8s+jydJ-+?SO~= zlq~AnHJ0VKlCRb0x~Ul?FHQoCG&D7GwQ}AiZxmn4*FSr~C>gSQ~V|NNIaskV73_Iq(P;avJjj#l5ZgfgWJxQ1k5B0B`7Ti#b4pJI=|iR zmyApQDGz1%Vu&!Vh#v;1YH;Qc`HidhLDKNHhG-JF>o;rEL8QE98UB)c-Ey{nr&}xKzv1(2AXr)SfOmv&Kj^% zwL&y-jqbfO1}b(lg0p+)|8S&@usOXo*R-e^MGD4%Z87y+(s9LH2>lF`e|Ie+l<}~P zV>AD*vt50)8{&ng3wr%EUOpfyZ*`@nK4EX9?cEnnp@>lVv{InF1(SS0Ny?#PFEMNg zL`~Ee#((^H=S6GkK|a^LxnCVSlh(qnS{Z0MP3};aU5aaba(;|%SZ|2l+%k}~W|O*z zJygUi+Y~xn9Z2uWn+86Ix|B!UzPCbO`a;!BpD9ucC>%RM?a5%^PdM6V#-3yk_xyd} zz-_>a3SVzF{)EtG!W#4WHQ*M376zwVUph8D0gcivqAH@~IjesF5hHQS(em$kJuPA2 z{wl~s^!dLD*fA0sga3`d&M^#foX!IX*j*KiK+w)R{F&jsWk!<|9~rt|hV`fQd2eo6 z{l=cjzPUj_&;4~2KHItZFZ?yEKW0;VN%y7cnyhZ!Czg>Ml_a1wPWs9vdR7BkD4Qy> zTNiy>{QTGA4+fF1fSUczYd^RYIx|_bI>`L9ecL+`imo#LIXSDXfQ3yl6Mu^fN};lsT8qVv2lR4{zd_TB zcP})Ns@LoCX~3yl;?|p^9={vykM0eJa&+Q%rHe9>JoD-|5kaxUItnG^^hSm!N$KE_ zGjZ3tToTdP1hH#d3u82oUz0F95Z@v4!Q)aRk=B_;#RbbRg}xs;SNc7P`l_B#k$oaV|`d)(X11o%EuQw`h9n zgghX#y*mlhMij+|=dfuk;_}$j&coyKP>ei*kRU`b7QH1W<~p(K?Ji$eKn!WXQs8>{ z&%cLxE3|<{$_U>h5PN;#*ry#cju^#Xr|ZgCr;rGp1Px9#AIuQ=*zjylxdGf`8+VT! zhB(vAe)K2DpIHg9{Y7#9O+J6kh99dn%n@f8auFM-Nf~vvjP#l*;U&(IqU?+H+7>`8 z(GeNKRa_blM2tGMBoRj`DQ+steWw-h3r!`epo{a3&48u7fvVQD;;)h4zlIE5cF>LH z6pe?8Rh9DY^G;W%P9Zz3$ zvoh7E8S0}!Z8C}u9rueALS@>P!50Hz(}Y2I)(i)L{Qf1(qII7BV!B7TJ(gF|cCx*N zffF~kYv|a#VoYpb*zAT|2{_R5##RBSd2&*3L#c**^~c)mag=8n(#5dVE%$W|hx)T} z$z7vuRt6)tS+UaHaIpg!?+cDpE?sG!-aS@iI*N01oPoRUdb~=8;XIdGz?js6Zr5m+XEGlIP3=a2X~h*=rVz^H_rS)o;GqbI~By|m{lojFa-{7g>@FoiRRyxW>G z=nQIy?X^lP?vJT^R+_c$K|;s_-6^HxHkV)Tz88xnB6C-T3Q$k;ZUVn9@w#s=lOz_$d;ZU zy?7mRN5t@VeZ)a3;vAY=UY~*Z3PrA0b!XMaSCy0jqt59ce>C+cAY^e=enH{{ig(nh&*xt`4O)-G3yo#Y_S zH&&0@7L`MBaU!BFFhrCkIvTmI2i$CJl#QS^0Wkd4mH_lPtOLJFOI3VWD}^f>=s8_> z>o=pz*XD;l*YE(W#@$zd%l1D%K1Sdv6s#&U-nXyl`=w(w%kbT>W>inxCx3xN-v8Eb zP_+}!%NzQn8VK0Q=RPZx2VG8$W!>#N}NvRhcETjr-7Uy!?Nl<1?A+Hdffs&An-Oz)@b zW=aH8(-h=s1g2Ic3*r>@qQ(wcDYsQX0xpwdI!og#SxgqgT0ve`%_ykFUb`ZN`zS-N zE}t1G6j%qYh!^0h&;vm&p0_YFnuJ(Yji2kxGLPpnBKnWUlS)Lfg8V z*Ne^$HgP*ft4?jSv;AhI+LP`O6>~*sjeh!JWhGzj;Y;@O{>gW~NwIL}E<4=Lq0-Vt zV`$+)uJYv@rMDtD<@{e`Nm{J7l}=W<$w-dw!O(h*TWuYDs^vjE`NCz{bVzS6-4+mc z&Eb)b+XK=>aOG}l;^Ok;2ULKRUS$cNuWM4^x+b-}7(ABKfYsm$X4SnoxBecjhLg`_lNDyGFYevoW&EMQw2XtIF-50X)-{3fd@cjvJMjK9 zu#WeeX|BR_AdVw`D+ai@w0u1lQVh0;nu;~_l2S1B47>c+{H17~K3bdcaP_w|yy9CG z%%gt#x4T3eF2sXKj}hoL9<@DLxmNG&u7qg{rO=?XM%UNW2%qJq01d|wH}qEWrzvIz zJBJ|1jr!Mc#i08Q<}Lx&vk1kPb`w8zoRz8$@$EG}>17*FzPX`~z0vI@`kn=7t!g(H z*F5&<`i`?0s_}@vcC~hQ?}$+YwH;Rp^6C;*npf5SzX$!*_LUgQ@>(D*X4X zP``eiwB(fZhCVpGJGQulCw%_f{X}-vVkzR69}4e9FGRI>bZA@%F_3Pge|KkJ*o0;V7!bU#u}Od8wpd#A{dRv%I%u&?YTjAx$I~i7`nP58e1pu*f#P)l&!id|36eKN&i494gZ8l&BR!F#K zwL)Q_ZlLuO{4nRm_1a{+sk-&h!D4H3G$nI$N>fD&!tglYn(MCh$DH0{%Z_T7%^1?+ z39Jhfx>L?r%17^QO*z5;UT6OK$oWZuazWznFKsyH_Gh&-d9odmU5?rCtW9TMx5ZeGUAw4=u(pv zXpD;#=fKTD#9!FK1T)2PO#+w0QZcZL5}Box%Zq^3zS!QIdKsI$xIM<|obX`u_Vm+T z?DvkOPLZbbIW;%`TGQsFP_Iz#s*lAHxA?yIB4#lkE7QIDwM~mv^UBShQJN0Nz z3k%zbt}d4K5t-(c4X6wuo%l{#sV?7)H-;@G5tWm_xJY_X2*#v1&dqU$L{uw?r!Rg) zAl-z$=OduUXB4dr#Bkl}H?F%AoM^k5Iqgx4jLD{^ghBUn8zJb?m#I4Uo@&fM7*sad z-2)e_U*)-rGCGa9pDJR|uzgX_d>fk_en|HD8r}iPE1v`ke32*r*Zy+#z56_FTz>YS z4d=gS*{k=jffv<24sdC5?PdtQ+|g>_>NmeaxLCMkNc^88w@ zOSrTR3^-1P_LQ2*XI50`Xs)G?Gi&TwycyU@7BAVHk<3IQcHg?s@+$X>RIzE*CjOiN zF2MWsj%b7YB;4WI>dE#K?$?KI4QL69BvflR?Y2!R)IEKXKVx-v#LA#wQ%j2tDOzFV zbx;j4T@GC4b)4*9Zn)SXN^GnuEYz7fJX#bQ2!sqj^nZNKckJOSADV>JM&kdqo&M|H z8A}85VDD`_x4$er&xwH4*z&wAo0G&Z+_?{QzRGL%p6vEFHm!mm^8?HwHX+s^#gtkBG-Bobmw_3}1dP)O1Un@6%$I z$dMyCKFaFLxZpF=am2+2jU%8xRom~Yp4Z_+%f8h!b;GP@{SNm0L^5+NG~OQ|%ulLc z`wu!$-hmI10bfuc@O|i!5lR2$ErGawg-GWno}${1ynn$L>S86gC{O&dYD+1j&Y7TDM7qfi@mF8v zo|w^&m%0IBJofs?$;TW6Tu$sBZy%}kA7_TEZyb9+iWF-e?Du;-GCJHD!MJ~##=ggL z$bWb~xJzp`K1gX~%?8z61l?D$J&3U?r~D} zb*b2|LpaV@#r4E&M|DHt71E1P7DX%x2ZKuZmJWqHz!_3jA7<8xkfrq8>Xb=TgPh$uTkF%#Xil)QGAXP~-=X6vu zy^y1?)N5L-#GobaHN|Q{rz}q{x{i(2d?)flJ^BF=Q7r~_Kpt`)2g#KtFa*V#$%nv$c$P0%%7WHVRrSzJyz1Eo0=Tt)mwEt2_1ip@YrnbBei9KHd z*p{}6!qHsWs;ltWkS8|lh$w?D34+nADvVgs2=Ns{=I?6L)xy&G>jfjT9i}yYUlvY2 zbm`bK@YYi@-_b$L~h!m9l2b0|A12F@k5_0qT2 zK9g%()ue@_8eJqOO?z;Z*$L}O6ou{RPH2(x+8Ux#&y3MGX7>mCqG5{{nKK3S!q%!r zLHEZ4gVnmLyN{PGkv>y((Il_ON_KRH7Rq$tOIL=o!6T&O#C`P$FOb-JLIb~;ZA z`&2;UY^d1Od6jDCZKc+{=$_cF>HLH;l^A{j4C3dfm2LcK3%e~D$&=)F7w2*m@J8u< zL}L9|(s6n)2hHfG);n$ghqSj2i)#D+#{p45r3Iu!K|rLD?gmK-=@LYxV+d(bI;9%~ zq+yVp8DcAQ z7ZBp)ob|3UvM7I6t-+)9^difk$*S-NHp#0>nh~`N^rn@S0->V>i(x&Tz6^Sv2cHRW z7RY88KFP`io+2)iYGe^~HnvdkU4dq?2)-fY^eDEAE+=;_vVnGIl5+zm8gqg?2| z)H^>-&IlkAW&w@UE=x#QdS9b>PiqinAjVV?&~E`0hXs|{hcp|M;sLjpOI&-!^P_Ui zh-IO3Oe}gjLvV!@EmGncEmZD1ENs=t)RF#?H9IN|??Fj@Dnn<{MWx8+ckUqWkg{59 zmOnS3d$0`LXnkc`!=FbrC|P;aUOyY#o*B{oec>%k7GApy_Piw@zn2x40AlQTY#(KD zlYQUT2qIXcmf8|K?{PqdEhiCnYbhytjf@`GoTjME3Sa@SNOYM zYOO!u|CVBGLg_ocI1@W}QmbL=pmALx%}=y|44aYWV6Ac1^{6#;?ROScJxaXM$$kzV*{7bl~Aph zZ2EWlOCoyAHC6~_`cCg;)BdqSv-8D6tTZcNEQ$N-n z7mmqcj+=eNf}18brM(qC+bX!0ni=8@CEZKZ%@rFj4Qp8Lf+$`X@?t$5clpew&l{(U zTh5jmkYh~_ym%m2{sZnC0`grI*CHfzIhMGa4gUIJs{@Bye$QQz+`Yt=`C^ zL&YfmJVGx|!^@`4DyyaZ6Uq+mtf-2OHEN~0non>QA47`%H`z-IBU|W4Z717Cx zcGoU_BfmUf#mUS2K;(k&8yl;kI=c-k^S2YIjlrNC4687Y;eo3&H`e%A!vt3C&Q3^` zG4L^$&h(RO`^y%Fv=+J?K=x6620e&e9UTZpK?TxWdcmx9?Q=;nr*DVg>yU5YagpvV zLkFdr0?*Rd_c!&@Mb#agJx+i_DwJ$PvfBM0m6XD~+Fe`X^<#AvXa$OwPdgoGG5W@Tou?SNFc{=2Z>6};7*@eX$zT8%Uawd*OCBep zc&|jUI4NuP%qT;`3aH&pwCIJqR3T9eNTSY;&3Kr#xh!UcggG>uv*5P26-k5ycg+KI zFspGAO9e$tKce6e_L2aAv@ZCM+Lr73?=8avymHuI(1K!*9FE49+q;vg+m@}y?)CL= zJOXJvzCzm$X^TWqMsc23P*>EPN1-#2q*-iSB&ODN=E*d&#Z1$NDEJAC9eN$wpC~MO z!KJIUza6O~BPYm=FVrtW)TfpeH9hW3E0pRNmE|U|k7PO~L;-13-U40+)r))dMU$@Q zuqyT?`0=S|r9*)~nyaOyx{pqZo>2LrT+CCLQ)yW+8p0nMLW_aIIg%P#I8F**jfxB0 zmwTRYxG}M2bOQ8x_yw9Rr8aF~LSs+gpXn{v;#eGHLdi33?xPa=a)@k&MuaM{-XT9W z&eo5(Myx1yEgfRE-GT=qnRGsX{KChFi)=Z0hui=D!PRTKF#Y#yAGS0gPhtpKQ$T#`l~7-yfabBbqs7eunWk zr1-aor+Lk<3)?_*OtIz*+8M1D^7m1{Ie3ANLkN9K^E5=8!MB%W z<_7J=FyTCFQ?Fcr7lDp2=Ej~Xpk3>|kNrdK&l;#9R^G~T#lm^CC`ak$gL@zTJ@8UA z;8wf&_hN?WtA&? z9b$GW9kmhn;jo6mZDaO6k!?*p)gJ--mrLsxAc=;)B}xAD6#WmA{BirlNrCZn`8)q0 zu70|N;=V%6)|&5{-rXNSh&?K!_EfChlZM+^TYs=g-Hu(1=w4`w)`(Gx3_MNyFtW+I zdki;}ZpMv%aO)qBXQ8?xyieyF@o&!jGbkD+7l26g`hH>fLunE{Ku0B}91pf8CwiDC zauQ^SN3$LWrrNQQ)B?ZxV2I@VddRx|($rMFFRg(kC@M1{`XyH}B1AgEsj9jY9t08M zv`vWq7sBCpT^x9IjJwjc|KaqDvjIcGl*azvItuhas+Xo|T#)zy@yaI6higG9^4h9C zDz7Oh6TbG@P?{fIOU+CU|iS;VBRf~?e2~6XZ{AJMKJ>WuWzNH;<52B9N}3n z0OM)xt;`DjdD*{zaUBOJ!4iA}s6PLTz$8w9s3)>A64;s|z&u!GBU?ID6kVq}ArTc; zL9*}$pY-98kyi%@e@K46kz=%d3oVKw!oRLIN9LZ}2YIOOz~4*x*K#~p1w8!`{0G#3 z5Bi(6#P8DpgPjz7#{a{iaaXv2Mg1dOKTCR(%*@kMti=er`~^K%y8=oa-6^P&i?t!U zhrt5UddKG380~CE-P`9zLT@Dl0I{6t;b=-%9_rqT zyat)I_4PJdIo*`Bsw30r!qzyYRnZF-edBzT_XTt8e2txY%)A*FuONezR3Ure5g-=V zcCh{s(8CA3>z)Wkys+rHZ2TvEWgFyj;?~r<pTQ^ZEPOx+CVdZ$U{pj zwCQGDs`!G6***&+5EzutYJajxIbD;7%|;+*5GesVxJ>;9F*ecnj`91A%3cwr}wm!o5Tcb6}Om#oIu{cn!0-G2ib`%BZkT@(rLomW| zA4f$*)X783XhfM>TCUU1ZcP@_q7pvdEc^YOUt6{)29PF2RJ>_{|2KBhBnPBkMG?6C z*?}{RKz)+_U?PG7EsWU5@Xf8&#P@P4PgSQ6(rim~rXG3R8)HF2N)jg~Qm8!2sh@f^ zcOYN0f0ZCP)YC-uXvP*q^Az(CZAl4zYN%!!YUTaIw|{Y$Ul9N%LW%-!z5Wl$mc(?$ z+4M33e~5XO1W?{={aO5D3XYPBO3{jocqH6S54@rwQlTNK#bWn?S|8C3-c0=j2J<3? zTTlg|_WedsT05%E9!eZYX|?X5)kD;XbaVOxwNRit(Em(~108^B+S0xIV}tyWZ|K-@ z0l=^oCZGP`Vx$59Wnt%-AJ1;Z_=s04I5b~m@EQ(tz};Hv9u=q(^QIEZKA zURxER_Nt50&B{u0&0d;xvo(Y`eBqJ8|Coqp*RQtxm;1ASo4SARzT7K_S@4PFABy}q zfZ<=zE3d=(H&r)Yo`?WJgatg=n*cRZL8q=Qe(~WYmK`yHO zgSOZGZ!D+yyns7*FXHPJ%dKB8Qe*%oCt#!b*O52!)`|mmI@@#}%jgB%( z+k?Z8HyqZkh-pYUQ_q0+MxgOAC4vvW&djjt4h^zcP3V7u!;M&q;&O+rB=d-_Ag}#1 zTd#DWCST&yWGaYPYz!4mEN8?`9&YZrwaxMBk%ry>l`($fIQERWd3mES+h)Owd=SmW z4Fwv$?HVWbxCxbmz6~w5CjooEJ@;5$`fV3zdVN6XmQw~96Jbrzo=j0+-Ph&fe$j2} zPWvX{B4bcu~dj}ce9Ix^u*=;##k-f8d#b~v0pje&QSCM zC8D>ZK8c>8m|_8o;1ysIP*(_2zU?>dp5T>@){pPwpSs>~!J>G=#Aq(f{noKbIdVuzMoVTs5yl8)N{G44R`y z2=v~u@0y|ey@%YedsKXdasfMRUx~PB>8AZPLYp<;9nzU4zh*XUz?+!*A>np0qwhvH z&1<=U1WbdqOJ((~PRI*QGqZWe!)6k<&4G|Kd8qsA4|o@9^TcN^IDn#D=#=`Wi~taS zzQ~++s((oP`)g?i;5#l!iodt*JG8`DG>j4DCK>o9j4deAd5LhE;pO5@;%VEMP5sg5 zEW0*IA7z?F%%bh1(ywfjZtKBvp@~%UX(Y@G!pIK!LFyrvE!Hp~P_suh0-atolQ`oS6MrQt(V<#t!rd_G7T%0q#Jpq&xj z9dMzY?d!F-zw?iIFd@B?M;H{(|0Tn&L|3pFAjfuS=!E@$DYpARfFHN}gnuW%c!6=K zTLAHShIdbd9#QKqwdBuYXTX4OjpU#{aq(`2_-T;h9G$ln@2-6z<`U*2+E8h%f$(2vrbpQnmzV@|oqBBvn|;Z6Jd2DWZvog@9S!(+p;=|In&)OZQ{ zwv)Jolnn`)Q;L?Z!z8b?6l85dqfcgUej*Vuv4y3j0yQ7cV)%=R_KqD<0hg4c zuiihNY7kf0g>DezIfe_pdHGU_8j|H6(NRBGlxDk@FL%TveX1p6h+r z<_U=z0Zr7BgQruAErAXJ<^qqxYgZa-LH9sCWSx@0_#+XKfKjlK>^cJc@%Z?y##vjb zAQiC_ygc4W#3@u(F1;)aMc38eot3UXs`j99N%E>y?*IPt(|KUB2XyGG6Sw6PE|KW! z4IihZ9X+()8tlmpdyd$uA0h7Zy$H|!Dnq8&1Y23!Bev{RPJ#8plGYPWc;*$ZKDF@6;_mQ}$3=G{u>!qH8t4=zIPolc~0;sJ5JEGr@rSqQ$-MdctbY z=Hd8zmhyhyLRLc$O%P7B74R2x)`gaixB_Io#|dvG$Fq_Z6T@;1pBO#LvWyz(v56cp zfP|NkvuF3S@1d4znRE=D8Nl3$H>a9SibA@*K-C?Is9K+0d7ZlKbx%nmnHzOL0+T zOZfp3UN&gfYy67&xQXOT$=*~j(M;rcA*=xjL351>fO?j-U0rmfM&ba)AnY11&WN2p zgHzkv886hO{%)SRkNxRk+mJc)-fE_;zN?xvbm}^krB*rkh_z`E|884v@R>9kvzMLolxRKo6YOor!+64jHjshcg;f1v_&{|DL|$t8b=L?{ zoy85qGpe#~<(wP3JZ-k*GDG(?U^?&kHnG{r+zbb&#-+~iGxNY(Mng%`FZ+Hni?+`)4;BOjHzx-rNJBQnRb5XKMXD z`z)4jFf zYh5I91dG!TGJsY{K#qYX!rt$YMqqOihmSAS#kw?)mVb8bMK;zyn+S-v0!=?C9a@wA zS%X0Q=f@dSKq0tp4QGl>C}jQ^_vWAOqbC2|99n!BCzyB(FDEu|JI*c#gIV*yF`>yd&(!2-St|sK#vIb$-`}?# zK9(-yudhEXi4~b~u;!o2r~=g=Ex*gRZ5kAM^5@w!n<9H7so8>jm{7I0h_B)%eV7XeDu76Ba9Md6 zX79n;Vg4ys&3WV|=`>r;@iD*RndcbiR?(bfRcn{VbFzic4_%lZ;%tg zpPl}*Ll}_rd<6v=Xnw-{FYP6ciN1yE!<`*V=U$jp)2=2-} zZe3H*2DtCT&&+5ElAfSDz&A|>H)qW@JduMof_<`co^@bH^5>;&`6o-BRtkXukU4*( z5?0j6TZiUqH3=g;o4S&lD$rN<1^;SDBOL&=^-=p0{`B7~{?`mms{Y5JyYA?Z@T<_d1w)N;-R}TK>8raIGkG%fA0;ZIqLfrWY#-7b9pBjd+3J0XwN znZYMUtq|U>u9wTm&_&I{G`snOYkfKQ=KS?R@MJt{5k)hXI=Ka2eJT>tg@IA!=L+HL zgTXidO@j0X-+Z)0YSm-2A$a~!b*$&aSpUvFy7g1b3FmVEiF?o3?uED&N(+z~Zar8e zT{3VgUz^BD4r5DrhHObuOhSD1)LM5OS;`LSHxpGhHe`8WhiIKA^!P~9JLb2Py-qXg z%(YCR!$uqaeO)@MTLuB{9ieLUn2Zav1@n9l4H;;crvQ7Z+0J@%aLpJ$;HHAt4X#!WENK7UX{D z3)!URSqLOZrM~)79Bg#LsI08C3%96H5K|o<5}bUCZ;Joq`}hU#qv$# zh39X!@Z%ul-@VX3*`@8f>^|Y>rEdX*@x&vx2N`9db8&b1*+e5fcAu+Lb@22e6g<5M z$+quYe)STA9ee~2@Y`0mAtb*c9(~(#@cF>5jzTWpb;f0QZ|`uJUdZoya=yw5Mi@Qj zDr2?GH{f{c3lD`&8bGM>llz}`IS!*--n8?!1)f#dYARc!^j`7uSc~8d9E?<*h2$3J zXBwH2jUD#cMv>>nwD&>g-1U36AUkUU7OPy_u1eq6^Yt*+xnrz^VPhM&iyI;94Ep$$QVhd1I_@Rug8A$rQimQLFXI zbTE8$=E}_$(&B?$QK!_gaelEm+GcjIKj$8xktvF|jz2FEnb_VlfMx?$8o2k@y4C75 zPk}=^=nlo1Q_8RP${@r_)?fDVd^WIWU2kV!a0XE_5A%!yOI}AW+Uqu-kz%e7vMwl3 ziQ+?Ci|F_^?Io84a72+6q$Jj(B+E9{aiooC)unGl!|GH1+pI`Hzs1 zc2HdCXb)Z)K0m|fvC%}d#A)BqRKhWZG@>H+upR=S zJimyyg=?AO@ltJVk)x4bZ&j}*H!P)N&`ItIcI!j*6JKMG*HMl>n=5OaZEtdV!nyT~ ztKU7=N>pnOKb{=6_@cRaPEnEvPR6?@WJNgJzO$Y5m+ey?L+t<}Q|gn){O9Z5ce&Ep zbyn{?|5JEM-k%{FJ*B>eVF2_|%DDgLS21+IBsu^beb5(x#>*IS1rO@AX7`uEG+#{~3iAR2zqe;&1MWdn+K z99YqXFNjguACwGS`!z?VSBeGjY`b8={Ise~tDZW}Lvtak(xZ_d%>9P9TArl0MU&GG&&w?W+MnKar?M7?h z7vx#L4YF1W;DrDisv1PJBOT~#Q0!Wfts3nzeDUt^gYk-67)?x zuZhUW@(rxoCV2$}bZxpt9m+{wlzJqmrD=j;#KgqhqN3m$Ia%4bRPaf4GL^BRp|b0= z7vH1{(nj;yvl-FhGzfJhPLZ8;t~P#pcC?zRoDum$F~Cs#OlL!>HPJ6-VJUg29PQN% zG|{!EAa{UU)B_$dC(}=79>swrhK;-3kH9o}N#<@^6&@a!?~w()cCV;m5R_ zlXZ#4LI-tt#8{|wA=hsWM^lP*E}M><_%Ef>?E6P}hR}Ufps8axi89bfe=Nb@G$F)<64K#KcZ@S#odN5FbGr{h zzFMeR{fhj#Hfug6Y0C`_Bacm<(^f{&ENSSRY@O4pIz7}2iJX$vHgt|B8oTiXyp;r; z8FgRHO%Ni|B!BNc6W~`k!DrtQv3P)*d(9Y8e>w9$ zChF4d|M#8PFx2kMR1Ae7&y31{%(Y)A3m$N>1R96KIvz91vQ)~H%(}0ow9hgoB8Qms z`q4vB7sB?U)uuuygffgJAMA5wLc3_#g&QS}L3VUK`Fm*P?)qN_j(Qov=ZIT~ ziY#^*f^ccb%~z*^?Zt}F4usb!P*k=_VEtsG1&d*dItfiX%_icEvRMa}Fyp(P%BJ^6 z#x$$Wr~_bwbHZ7J&bZdm$}8Jp0VHaB;$&$Np%+LFXaF|pj4<3!?)MC=sH}`&BlNnX zjS8aiPTFd`^j=KT*VTPm=enIIv<0PGaqDQqfxrU}p9l&0XoPr_kIx-bDmq#qm#X73 z$&#sd>YCEu@mCdm+qI*Knt6Q{_@rm(fjm%8ZiM5?89NlU7cs zZ!DJ>3rq05vl>_#_RGL9_;J0-mD@9_z)Bk;R!=iMA|x;3)dDUL+pT=W$lUuJV!g5y zYH~L4{jTB43Me2hJ-N&HL2{e(HVh_siu#Z$?j4EyfUKkSVY=O#Q*T;Kn!I_g+YiKG zzaZ?!E{sr*jpty~lX|(Hi6MVtZP)a&d~HmcBQbB(mVz4Oy%;&8Qv>yli6Qcgoz=OR z>I^esqn^Ar%*QboT3W@C+UWggGleRw*^myIa{`cDlqy;i?3k zGyGD{@bLKLlXt=LOYBBwJ)yHV_MIm@O+?@4<_r{6_s%IywP`B|ElX&Ru`ye|8)|EUj)tn6ZOiig1i^Su0L7SX8V@P_5YVCy~}C#b2iLb$dM z@ww5H6J17xxG0~beqwDqUP_Xa_hPkDxx21||D~wK+(9y{41=we?GA*Y=sbVK+sY7^{zl zunQ(bQ|U5d<}lex_k;u*Z0u9*a_}8dfVV?gE8ux~U)zhM*g#4?Ii|6j_HOx3YT%Q( z$<;y&?;L&66&@Ll^ID_1D!|bFVs|$xoWD$jPqS<%m`j}`S^q~1I-j~fC)+O{!#`8p z8r$CHPRG&SF=H6o3FCBB9D<3L6muf)q}IVb^hjX)=&Kh9CR1$G_8D8nW~chYK2K;B zTn31%x+Ot@;UU-k_2huPu<6~XR^&~I5X7bMw(??Hpsy96AYD|+a&sL|N?2nzT zz+o{fA<6ixksEwdlDwrsD=lav$+ z_nkH}i~bCe;jyt5!J_PJNgVs_`aKl{+=N%!UmrOj377@+#wt*uF&qf=!?a@coy&e2 zpQAeSN2tVzp1oT~=2A0j%SRMj-If{K3DfvnLgzGLXBE)`uN{m>@wIzBuGcmiLlbcQ zO3%t}4DoW`@P?kAoPFXrwFqi&a>{noytwrGcEQ$EZH>KLg1SZSs?>E;x;}|LQf43} zeO1nvawphR)dUFg*r&-T_^zKNg^kP|%)M3n(RNc#s0=`m@}wmu-m|G=?X~Uf(qBJk zuzbTuP8%Nz9Oj9WqJ0(CW(wo)dx35X7DL}^>u!b)T1kJ%NKp!lM?;Je>qjMo%~xcP z-5g-0*o&Borz#E(G%LRv+&{g2S(1gcJHm(*64og~8g>*mpQdyBIZXWRO?%=u$-!KfzzXNk z0w^M3b%j*CDmq)3;-_QMnb4fAJDAW=BJV%iswd!z&2-#|?of84aF z_)yA(S>TL#hT_P4+TWE*-b^ z#cm6Wth-zO5dV32NxchU2NHpovAgQ2Z&(eibc+M~BukSsBdsaWsexNTRW-l9Ubv{J zDBF2`bg(O)`Kf=!HwII~O8u>Y0fKZfAEOW(83TP|V^yF;YVLeTl!mb}4K6-zB>GsAVPF-Qd;E0$&%0{BCIbTdG^ zRHF|PzU$W&l3XNwDH%TGy|~}RgN~y?f`Q`j+vn=ZeVc>075I7kW=F)-XRJjtaRaI| zG~&QXC_mmcX?Cd@*)p<6FUA5W8(#RXm|>$<4$v7|C!vFswBlkxa%-~em{9MJ{oFWo zC-_(fBFy{0kaqxczw!yD($(fIN!txqidQK#LBMLhzbOkE047`u6N)eD5R)N<`ucA0 zWv#P5Q-FRj<(ikS1Kfse8EN+VWUy{;v$ktdv$|IJ<+A?#9Zn#-N>|sZmj^L$xQSd% zex0FaIvyE0Zg=g;Y0$b_Yr|Yoo!j24S|I!yPjFe8c~L@ixHZ*~D(T$BGglQxymj(Q z(5a;TYI+-!Ia6y4Yes{J!JG;vQBZcuyJfJ$cCT?*%*_&-t?nD`%pazJyV#|$qc-4f z<;^Nau=zE5UdRt1#ulORu>qLkxG~h(yq?QeN&P{13YxZ&=OJD=)bvAHTVI#F^N5*+ z+1p{2O~Y&84;5VMrlVP)ca23A<<5u9^|7%;C+mY|LlVz?GnUKJ`KHj~Q;p^xQx-2u z%F#rOQ-i-RSd|l>Fjt$FJ00K+HVqUoSIwQXD5!=h2laiKMGR7~|c2FnTJu|H@cS1E0rb zN|aLDHy!lfE&XH8&OZD+a~=BR$UNeV99SqF=cb6^YHR*}a-+N2o4b$k`Ac+Xy
-wqw(=clzE|^+Mngj*K5PrHwdD9ForpJ4u-HZiuIRQ_oc-hZs3BGeipT{WjJa;Y zhys9+{hO85$k*Evg2aT3D5?pVv)5RfJz!X^XtZwoLD|>IR0kpeKH?VK1U?nZ+|k5B zCF0&hrr|YLZ=`WtN8wPs_l@pdMSF95$)Bk}1(5kSQ`hgSqJ!%}52yF$D?2wMo=r?* z;W@AvmSolJA?Qx}M?}abYhIN+GpnX5OJ@Is;x^MaGUbhgSAD(H+pIv~?eNV~cB&#-F?f;- zzFN;wiCYN%MLDE3FWD~7=OHF^=zKP9HF+5vF2?&Rf9cQ`IACjf^oi>6QrVMuzSu=6 zVfDO)_ne-6D#$Slt;ofJ{QNvv`Z_mY%Y4xz?+~56k5$JV5guMR&#PIc78U*D0jS%D ze?~TiyB+IiFwyTjVK6Q_IAZQts_Q&s~fY1eQ>~*c^kQ2+PE~K&NlN<+_(*83)YVu z>Uq6N(}~wRb_I6sY1XqF9sn2gTWqxYk^+snmRi2^z`&=K6)vx zIl&?xhtf*E%$y;_TLLc4B5xO1Qnz|2Y~)kVZ69^^XW68Vs;j*KZ+weG>zANe{$xdD z=%LdufGBxFnFm0|{uAKdwmVS*22r)(vOJMt1E&sv8RTU(LR{EVP9(dOpVUNN@giUB zaJ3v4+1^;Kj-(A=|La$T&qR9GUuNhhT5*F0d#@t4w&cbwqdkv5*1obfELm~^O%jE@ z5>>nuzXCQpUV&5dzg6pxe&s^j{=O&JgqqB;?Q1hQTIpd=fQo!TQ028$10(a`uaw=h z0s!Zo#L!4ZC_;uWgY8};Y=z<{BQMQ5Zw~eV0pWs8P-mNluT@}x;J;z>pVmi@1_mw5 zNMaL}eL8?b6jX?`t0?r^7{Y-VC|mTLK2UQX#e{92F2D1qON|L0rYR5!ZAM~}B2S5C zb}2O-o?z$`!oGTZUE34|z9DgaQBqZhxc(jn1{b9zYCQpBuJ_v+s2RO((hP!r-9VNQ+%}_M|%e8^%#ifhNcQs`6@PmLqSU@OX_+E!^A(nS`g?F^`|{#?0w| z?FU#B*5yeHCwXA)?95|>tch^h7?WVu25Y`E$T8-K0{Z?qZJ`9*H>(jV@!CdNL;0#2 z%E}Q$vlR0(QohWf@eXQD4FnMC%qZudZ7(MV^Uv5$YT_^&n7#P^FEIEcJz!*$5(0Hq z|3fzQ$X&6fHttW>jBFBtXbw`B>C3`4JehOLLBRnvhQp&ml1w2xRWUL!p~s<*MCc`| z5e9cZZi~3YWQdIBt?lh}bj2tw`qq{3$EtAee@nbv=McJx>`m1~U58G-cM;SSTJK6s zpi<3+S;TeVwd)p!ut`+!dzkt>@!E4`92IDi zl3=95djK|Y4O=-J7_1zgm@*G-lO^Bq)F-*VtZxR$VaksF@r8w#2WdoEC9qGqxr0E1 zoPvsqn5(+b#agAbC~DKf1;U`E~#wT;*`z#Hmko) z{;Q#{hi@Ci_$)IA%n{?(>-Z$*5gmQ>E?4ZT;l`nUT58e6X5>@%@A&yE%l&Df1N`N7 zFS}`ZyE;o4#qM+_ILl7Voi?qdu6?)KgNHi&?(Q-*zc-r=}9aAYnxi8Rw!^6VWU*d{;KTm_Y(8*gAkJl8Wfs;GBY>mUpJE zc}SSBVa5@-S}{#JwB6LxTVWDCa6RW1Y75)j^rOpf;GZTkfB9)Ju)4T&)sva_pp#6> zH#Ig^%FeA@e`V9o=cmjH5Rs^2A*e6ZmEfVzetR~KZ5K;*gej*o2-_y05dS;uZDUY4Xhl0f`BbEgWbs%a|<^E zBOf$+TpUe#a^Fz&jCKl1{~{1vs#oP zkLv-2Awm5!P&bNUiTf;oY&Q=FViJo6&G)|$VoL`LwfT6oo*aJXr0IjK7IvM~)H(_n zo3&z*JtL4K$3Ow_O6`@~=7)9fSq{H+lAcFohS#C4pyL8|y0BZ!jT<-K*xP?-ZPPMv zWMp6%o*#}|o}PUhX-s9)rl$QPKR>?`%Kv_MZ_nZ?a0mn(CSZGxdUZ8jBs&=*9xDm@ zwjn?fOpLp)0f!Ek?9JuukWsq*-Z+jcR+_z`RRHckZ6fq-OeG8hnC`}QY*Vevb}S}D zn@{@_@_m>fG>04Z9oJ)zu~B51lg1A0aTsZ>`~*TzrtEWY7~BZriWyHbdxB5~={r8D zmg6B)E}77g6q!o%c(@K^BCPF1_w)+aFlcoP6s(qs;P>nWRoaI364kk}Y50IZK=vSK z!Us_GLz*wtDF$TfY!jf)o@Rrn87`f`(Ow(N#!rZ^xBFY$QB(g@j2hLq%QIJwL%e%U_jf4@J)SE7~OqfYuNkDl=Zwp?4ofgz%dme54u zq`z_WTVbBJT}z=?X1xtH$x8vVw;2INs?_x}YiIF3^-7aQ)MkX+jX&0cts2i{o!!_b zKf6Uc#*k?166PvU(U}nsqeLVx4-C?cUs!x*L79E85drLKhYk0>`Jf{MiR40+{CQ&$ zV>#oKgAyz7pz1vYdv`9MwPSa(t}A}{Ajh(2iteS09i6h0d+1wHkB%Gng#36}x^v9i zR1z0JEZ;@O7o12*9oG4LTv1*W&bJO~al_tVWinU5VH=~VX?NwMa)^h!x4LO3ycZU4 zP~0uQ>El&8X@Ci>V9-b0DFDe+eIVBTG|6YJjWPdzgWr(5D!ko0pgcy z7XI^64?nac$jXfM#eF&u!t04-r&P*mTKyST&$b{-Dh>_~nl;cQwrMS8a+cPJS35u~ zxPwDL;Au-s%Ua{4tv0Q}IHRe-JWrHE_yS!svQ-)mf2xu_Jgj*j#>yH&L_`#BdoPMi z1E^yg;O>sK0_eU1Sak~>Tj3{rHj?75H$$hP$qJsGhwFc3hxDOn zsf%sT?U%AC6^Rv_mOs7{HspU$ZM9Uhki9C_aVGm9U}MkZ3Yb_GSG3JLEC6zio>M9o zbfki!UWyFsNQsEXz>+&gTP+2!cz`?}Ker$DqsryFrhNV8Yj(DgmTV8&i5$TR3v^Ja z*mcP+84tW<-K2FwgB#rgwJ_z)#C^f!+2pY#AajLi#(mY#@DJ|vj|&d`s|3sLW?k5H zvkZ>?=KL^fbWzTCePiRNoA(Y4@%4@v*$qF{dJEQu?Hl>Q^&y5Tt{2^z7YsF3_YHB# z7RMdI&P@kYvF}^2A6(-DXIb$jd{b~KRZeoq;JI<N7(^Px*(h1)1(Y{PH?a_rRJ3h6BC66RGS>f%vXujvzoaY(A#mtVz z{(hEjR*eUZ^?PxSD+OW+l#B+g%_MOU5X^3_7wxX}F((X}7pJLwuYD0DC%d|k>@H}i zp-OAy%sxlKOpDq~Eq=tzJlVjMjRcX*$Z})fJ2%C#U#vATu}_N3D9K5gVE7?>t=~Bs z|2Z2wb8au?VY-(Jg4R|fl?Z+&4A`-Y0u zzS#pgGYv}T!+nk4i9$s~i{I|bol;Did)&q_xQ2UAqDf|Ew@dPLP(-_^Hdw)Dr$^v) zv9fw&ca7@-6Cn83DraAw!bUD>;K9wFN z9u9y~7uRfsdP&U>Pdt&_VOg@-rp}2Hu1}nDT;w|aHf^UK~W z56h%^ws%)d()>mE{5t1d;E1d3PR-MnN8mas2QeLqo8Nd!8vo3Mfe81hyaSq?A0%;!HB zn-40h-eYVc(FUrS!qs5p-P3`#qKtht`^=EZu3Uktiq_<#le(Z2Dh-Z@i68k(=;?{V%_dS+YAy7jrcThXFpse0q?`pId_ zHvuIfHfMC(%O(P9VfO^fb^TYy_`ua+Ca8vSI z%prPXPYm0%m8XA4`D@>I5q0y|rF zjRkYu?VR^~eta!{)BX6hQB=LA>gBF+Pz1xliehVW${kf>w`I~=Z;e7CKVFyH<=9n$ z6Yg?vOj@(jj1ZMVTXH{Y6c)L@(4t&D=iLOy$MV~8f%5O-4Vv$O?(7^};bJE_Ui+_I zzQ@xFTppWge`{ZKD>6a~%8OlsB8Un@u?2&Y%b5GKj;3|KU`+8-%=3@{M-ifOgWvK5 zbiAdxWhJxncroOncb|r3C4sAztp&G7t!wU_`*g9vN9x2=MgD}jA&c#nDFT@m zE0?3V-ICnQ%q=?y#B?@Cso-y+3YkfDkV?tqjsJ)=P# zFB)5|`pHEW!jI7beG1jVKmn=V3Q7u}UXtdITRRN%@k{rT)oM0CA0^(rrL)p!EMb>Q z>b$}I6)~ttxKnqYkq{;O)xk21Igk=o8TEP+rdnuiu0e7z`1qh@MM#5F@c6A$W``Wv zhEWryCGvFT3!}=ny&$3YUEc_%;1SezeEowvqey8WGBJ$glh5xP)i9L0^>nf!7#m{! zl+$KX=jphbeKQXxbgrom@KtM1mQq(ItjcnMwz*fibM*8w?FS_So|b>s5h z-nqz~Ltl>j{{$PF>H&$kRc|c$@OOsVKa}Ro6;3!+@OFz>c9#ajK$Wc^Kt)`-=m@3W zW;%j_FqzXsjtM9MP@yi``p4Q)boU?9LSfJ3482f%KLRFA+mf}qL`iu?zo(jMf?kM^ zM9|DV_PF$@83;62iC)IfXId-ve09Pey)DCLWXLYH}o}O5O$2%-gepGUI)@5 zw1ZROl_f3EsRe0>2WxcyA?&q?PzgfVf96=)Ik;PbcGM_#!Kc|f_kwBqbkgB;JTo0* zoRWXpuHH43Xe>1oayyDw|V*b3zzuJbcr?( zC-I9jb}F8Zt=}bzNX0=a-i0YZSzg}oRxd&DP_OwyOQ0QA4Kq6o7rI#J$5roA>OvfF zWmGBg608y@*M`TJ_e+ZBp=we5fV;pGb}vDymKxYP>y!Cd+7PVuQs8IS;c*s%<=q)K z!zRb=+)7X`5rD85sXgp>sj6yy=kd%No|%y`D@BiTFVF_bVKxAR-A+y}9BXCHWkk{C za<_V9yiku`Sa`NkPYmkR&&9?jc6qu-`w?J{$a2QVHJ$i~xmtxHv6$gtEej=1O@(Zk9fxZ4X{DI&f{SkkYh--py9_3nw z3w|hYMK?_1F$+kx#)u$C#75sk6J5<%*rLmZQOE=u-dwosfusc4^;(wa77^*`hmG1x zd(AdE4~FK`de-kZiFPrN45#A@tc#lvNdA@z-c-}_b~(I~8ypOvyD$b#aq9_|K`I)O zqE{QZ`O|_gb8JLUpDHT!-;mb6m-=Mreknc1GEh(r^ZhCz#)#S^nJl{G$hy9tb!BIN z-)CPGJr8^sqsTM~(n!pLL|7izE`zNFiJ87Rf81_;sw!?S~4P%zayr}zEP!?rjJ0>{fg@vQShoR!qe>b z;sCU@L1s2F%bu6+C#DUM8z_h~CCRc0-Q@m{9NOs{a66m|cO6Q8jEi`sa0*!GB-YX7 zn^Ca5A|5cM#?nF1ZK?>Yvi7)_6*BW zcKCx{{1#lPOaa^-A3 z)&lEl>b02D?T4R6IKH%`MRAyw`U2qFx)^4=PDXi7D`df^@{e_PJQ?lk?Wc9J1Dl3V zu|=oX7iG8q+WB5x>`x4xa4RLO+lj;&nuN?B?n*E*?PX*fHx?aE3G)DGo9`|r;OzJY zGUUx7Yk`^M601}N%`=>)gYk`$zd?rW~C^V5`>wPAhxxr>Uo8y3Z8yrQ*1n* zK*}r)ZO-Oxqf2T~m5hcQfK7*}(wa5F5%;QVq1Enc0zH$e#Mo*sQ(a_g(1Uh>KV8is z%kh8WUtADiB|&W0xvANkhHm&t`Q}WcQXgPjmA%hV4%Lkmj!33DmQ9O;uEo%``IuDm*~f0dTv^z<3KHKU(fv z&peMV2C9<)*DAkc00l_$JIZ`?G?N&d1sESi3J3^HPEDM*(o>N;_Vo|;<$M9=4fpqJ zz^VW{)9ix-CqUS*7Sor&nlr4Las)dTWbSJK6qy$2r82 zU84wZ9V$tM3qdg7XBJ!xw4dfm0(a%S#2nAW?d z)*_uKRskt+2;sK3LG?MY*Qf2OH%?M4{zW&Po6T>=Hm=L#r)9` z&J->23W3}A?$ATVUO+h+)~ou63dtekHR1aYNI2`6->1un@fPF1ClzaF>&kS|Zf*^V zh*O;)Pq#+riyB*uiA5lh^Lihh7PZ6UE`+n4@uoEgFHL4CcGOMy-XNC=W^epc5YvtF z0y2cT<3fCpbB#T)%8+{eP_$NX+@EzB%z%YhR=0OP<5gjU2Yr?Fn#$u7?xffD=$c4V z8z|;Tcw25~;9RdmAczlF)UofM#ITXwho|-=qT&4vaeU5MCc(0EftzJ==X?*-S62b( z$MyY6$PGdb#~x}D{tyulbM~(H03l14v=XH2>6qK&Ax@^F>&+4Fr%PZQ3?xKATW+f8 zNA%HV$|0HYf_)8mEOs(OSmBD)+>?~;m$%>a7lg0#XoohgaKBDTu_vLSoe=u@1$;}D``i8 z`Ctj}`X6bA56gp&Yu=25Db_jCoJIg4Oq%jwNl&2}_sJp<=xqYUa(~S*kfuHGaZ-4w7!2OAOOXXXx9#);oF5Ur>Q_lNd84{l&NgQtX zatw+C-*PO=kog9s3eHL6%9m~OrqxS7VCUNUWPbzeNWOp3FMnLr1Z=rdFU~J7i!yMj zKlb(?rTLb{=&R~&R^NITI_<{!?_F=&9F4Z(O%TI~0GNT;Z)yVOR&4_sKk9d#MZU^Az3vBfay|<^5yDj%2$?T!p@mvAAuS*`76%VCeP6{N+O(>A~9-Sxr2}$UY)EHE@J@ei7c?5L~+B}$@YZ> zP${%9wKNj6>7C*<@-Ie5Pv>P9y&Xt7T?*_YgQ+Ri5HZjtE7hO?gR3S$K35byRJ7iL z^YP5|#_LcgIXNfiCbJ=DIXS+LYFI(^ADg~^(A^x~poY3`)IS#h04)C1PrHS0NYHZ| zbt;s-7fDLaCIe6QYD8BqGR8E)BArawG5Dd5*mm(%bY~%@LF|D9>~;FB-H-8pW5lf8UW#MA&*n?S>+NE+5wa$i#@^>3NBgrjHMwt_ zU{yoPfpu8(6g7wMyqjUV)*!@FaAv#7q4bA94Rk>4LCq4!W!h;|YJU7$uFAK8mO;^y zzEvczKA5PQ&*dAat@C_x#67oDQQK@NE2~yOsue7UOxPoMpb||L1;u06uBbf5x0Svq zK056s94xKo=nXVMrbj z4!+r~!WVHj}q>^8b9AetX19$brgQ zfuZKl`sbji17}vLA0Q%~zuI-Y7&~0|L8E-#+3dSZgJ(@sAY%Axh3|Tab$#@t+_3)R zLHWBl*{hM;rum%ho%9Cv=}K4n6!0c3ravLt7YBa7eqmzPy zK>MO7Iu%e7g*DjI&a9ec0U{adtemXCM)*m_qMFxsjmMhP zO+JD^(_WBJNHtt=aPY=LYrs?Zh32bOR&^~cnd|H83Sf}(UDMC#%v^NRwupz%2rrvt zNX*y^eF?^hj}~VGkKc4hw^5oK)SEw{rV%Jc&ZK9jNPYMIJ$-bsqRJl;BSww^MD)XF zC_aDSz<*LiU^0cnvHSzLqEt*z1f>@J#~w{SZ<-FaGb;8XbNE!GnO}b1_9`+g>_}Lu zqM;n9_FgUC0SSDfxo(5<4yR}_Ye6lvL0z@7Uet6dB-}Bgz*-?I;KLp zGO@yL5~cEB)U2Fgq&Giscj&fp-rcO^5njxZCD#T91YLsWs@5r66pbvFcMA?TqXc_5 zrctwEMX1buUI+CUUaV3;7*la;L477md)`JlSZOEdF(b{T_fC5PnB((A531vi#wVCF zZj2FA>c194nGwD)C*fHgK@lgx)2zE>aqAr*Gy=X*au+Q;s*N z>>A1HU6~sXr!^QztsZOmF`8_mJAtxl^F}+A>d8FZi+fvrmK6IAH}KOu8%KJkM8p&3 zFZmRKSsu|yP;sEx1cVj2G6^xBDMBnZON0aMV@#GVULG3C8N3^N*EZbs@v_d&USwWI zPT@>jVl>3Yv!#fm^TAiCCwudQ>Js3gLi zMn*=SFUcw@W(5Z7z!eZPnMOuOzl#*+5%~Ig36qe3;M2(oM8NloPxy4k`RJgJRn6YM znDGSY5(TCg6U}<;{1IUP zU-`tHP>Jksp%R~e^K4aM(?N`$cCxV=tWsv+bhy=dcC-zCYT!l%Qm>f)E}2VLC9$=r zB&*j-)7)d#h1O@|bAmp6XB_oMV03sx^Z{oIOO03UwU}Z8)<$&ccV{yzyxYM{-d&~~ zgjD%nH!@*yQI9%la9@nkgPI9@UCDXhTgU`o83p{j{_O!R7Ok3LXTm+Lz_weLO99Wz zZLM4h0OxO5;bnw>ayRM_kK386^K`_UZ7^ex;09Yq^S)YrA}}wKc@Yv2RQw_88c1G) z2Piyk?K6fX^O!37WuF5aXW65}<31;i>>}UpAkXu?Kq2R8Yp;utsQSJ&xg@ zRH;pUD06O8r-!&XWeT>wO<`KNZkq?ILMbnN!>3Z~*<^hrAiA2#c_3^1sZw=*&H|+? zDs{M`FH^;$UX@rHeS5=QC)`6lUkwEM4)NAA-+Y;pj@Iv3R0S$av-7?x;AKRlz&n=@ zBnJuM5C`ua3MmKpDf2+O6%_-27JG3O2D4h{ zww_^gb|M0rt41K$21{#{SZ3lO(JIR0-|UI~n7Cjq+J{zs+l!WG?l#41sG@Y*RGWB7 zlP~6}^I~eeZ@?N`4X`=Lc<_;4Zi6vukj!3<<%|A(h}L(2s*)1ASZSVHzzXj56E)Tv z+bgTjZ(fr3W9(uYP|g@^$Vx1lt&v4#w@%AMVcNpw8K!A_nR5mS_dUsRW;xX}ZF-?Y zuzdEH`lMT1vPk;5$!EDow=r&)x@*s2hap-?+V0b`#ieZ1dQ%M?F-=FONpS=k)14I6 zSzaF=>bQVfirSW5GcC(u;_Eo_i*&P8!=xmeV|@2LJ7rH$Sf9uQR_%SntO%FbAH3aU z(A8aVxlc^&3Wz4@P@yD3G7Pw-u!=c#*qQWZ<)SF3Ke=};C{EpS^#z=O3yZ(sAA(rzK%ph4Gl4=BL(7`_Zyz>ls5 z#@gT21pZp~UJOzYlj$Ke+(FxLY&*`eabCTS%te|LP!U4M5BTwntq( zy}ai6Lnvb8jlYmw!^e*w5Y^Aue7;;-I8en$bSU}Q0OPRSFlLnic$a@vh%1-3I>*MpO;>Puy|?P7kkdTSw2-+ zC7MsrI+`c06_cec-Cn)V)|TWG7M40ehBOkol?aZ0&^<#PvvHvn)1IbiK}C^%ycFbz z#At7_xWp{j8(Y5}i8e8;He-0}k{fhu_$fijReSoqPO=A83>8|=*lI0HX`xrw&7z}c zV$7?REKh-<$@MwOR~OYpI!GV$PxQ|>yW*fSwE zx$KVpci-C`J7U38ykt-#p06rJ9MDm;Wc{N^)4cjJI>P15@!bEE>49Y(TO3fEoan=tIw%KQ> zAVBXlu6mlQjO#C_ZXNL!ZaNkH0N(E9%$|=!4q-2lCJDxuM(ha|={)BxbuL|8Di9dB z`tTt+9iZ=y3fvK3eYX>ke)`$Bvald0h+?czSvZXvWw}u8-GJTj5 z3vGx@-fj|*2+wb8O)@BDP$n}mD&$b_I4}TSD&`DrdX8^!Wk8txJmmrTwL8;wfy3sK zX-lI5q<;6x!aK{hwT~F3I&zwQYFmXGvTnv16Y_j08?LSyHA^G8G=J1^RMpJIuVvBq z#Mfk3okV}f5Uds%WXW3^-6{-hYlFJOF2|jVu#$=?o7HH~+V3xkdBNJq$I9;)9`Ys^ zQ<%>aMF{SEvoQIPO1dv3TC2JZqYeMo1YuSu2l?O?8XQp*jWFt_9E!kt!SiVV6BAXQ_*{p6>qBFX;AE6rhigM|CF81lF=+cr zcW2;+-7`8Rel}vIB223JUBVYDU-L47W*c2ZtC!!zqf**k{DOMv$T5`QQ6&7f>1$Hv z;b$C*SiaW9-nkdQOA(FbWoP#yVcQObwvjC*&9Wu~eYJozsmd-tbB8Gh!R?X%e7xQ-mOXz5y5;{95dPJZ&ky9tc;PV<`8eQsoZK`#!eEWi*ebO}Kw~q9bG{fFnRcLkpoSwh;eD>>M z+y3~cfG!8%{3bB=26j#FVN3;GKJIXT`_#y>ZFR(Z)GlZGu3$HQv6vcohM=pd`Ao3t z3rYdD-Bahs6O;D?+FjlNv-GsR`^Y?w2sAr-T<0Uo zJhGNS`%&28ZkR3}O|`pg6RyQV?^qwxKy^<~4-P&pnc08aIQ{^*eO@7A_W#=I?oL50 z68L zD+1f!4O32QH%>2kCndt~7d{|>{Gs>_yd#|6V4B?fpSVmLut+QN)c~>s&S&WV{6;AE z-{gzU`qQPb$8h$PGebk{)Ix=Y_Eidr-AXl-ZH)@a4xD(Y*hLMH&26$wDnO;K^{N#( zh1ghGvmFFbZGQ4gy>Rzgnx`G**mhWg^I!9P0Q~VARdNr05%_F7J}VQZ|9NH~?)q|l z>HqIDBZk9VoSr%#XJ_9`luUNm-qHiw*xzR7CB#4drbOP&4`*eF{m5(ix_HZ4W zguTB6574bctzulB?sWp0l;f^7AdYaT3_H_Iwg>aPT}uDs()o#<-PsKJW)ook_IUo2 zdXYZ_YEA`)2!D}1Kl?^Z?oOFec`iuG3F#>_cQ-wI&L)r;)b_w^BA z$5LJ~SWR+}m{t5L6pc(&W}T>kf1W1Kn{o1-hkXcRewt1Nc-?jmX=3JEdhnm?y}yTa z%hQ%PWt59cgil4n$y3{F!xe`S>^FQFX?|Q?m;4-8iiz6r15%s@XV?xzDxB5)_|CK7 zr|a3~Lh`o`Ft$N(QPNs?9*C>-UAFKFh-*3NdywW>Kknwq_jL3fOGTD=*O8-%6h!|A z_(t|>w(*nw?H@0ak}?wILrVjb3#iYLVBc5j-Z%}VN|@uVc_JjVa#Yyasa;YxDw(^} z@T{$sjJrBpP2&&OJxGoSR@9#85&B?m=ga~$Yx3>x;q}28&lm%JZoG=PYPFUoV~&8y z=^;QL!x0nk`rG2r7z5&1bCD(ZaBmVZ0oj+21 z>hT^FemEpO0zkMmpLbhFqg;FI0*XU8f;v5XC&-BWUrD$)II^RmFB+wVr7uFhG2ime z9cpLhw4MD5M`KD1B6twdaVe46NDzzMTCpc9eQ#FVYvQtftp@05*xEB_VqI ziCjjZB<}|eAPmLBrm5n91c-8o+#uwMY_!`A+eN-`*@XQ*@r1n=Srmg48Mq+o?Myn7z|HY*wf?uep{#zc!FSzPncUUCaWSO%W;O%tsI~rYkQ##X%}mkehq^ z4WoY;mF?6!lWE7PX%FVMxCw?kydhcW)Wj`#Lj!~{<#Y)oF6WSWPx<-tN9AYZbu6j0 z{&_yBY0kdRhqfz;^rwDMX2ie}st#?uzivgeK2l%0u=?Nez|r(y(Xf@eO|hPyG~dCJ zng5qI8^_xZ(Z;FtOHy_-ObCgsuB9%?q`bq9w10GdhIkD0ERuQ!#M~p}5JEEnpqLY4 zj&imMs+z~~pIx1krdc;#Iodf(*?FC3pSBzi->?6JulVPs5h>OiUYp~f&QfVnJYO!J zN)-#`f10gDva)Er9#i;4!OEBoZ>RrOutv64-_w$;y{aq&jLICOf9(b>yuk3wg|DUe z+`41#xlL1hAF{M?OI8dB6~coCA)8r6`Q|Kp$?4OzplzM5eMLNGattVfWT4IZ1R2^5 zMjFEv4#5+m3}@GVkz~LE!efeZx-ReC@QA93AV2F+&vs!G9FPxdO1PpH;=OgmdiA5U z;Y)13W`f$Y*Nfir4J68Un*rJS)k0>%=TekE7mGG&UhYVWIHb&X7$amPJK*Dw zob=_>F>=mMk{rey5SkhNEsL7cbv!%%CXY}pFBg$pXALyRdW74nslKCEQosIhqat7i z$AUB*NA~~J`-O_!k(1wo0Mm9)rH!Afy31!0*KT zNm$Dy-I6!TexdmNnE$*)!0`|uhXBSnnv(v{%_0}bY_(#5hZtyX{O3FPYXfF)KzCs& zM2RwW1KT0op-U%Fa5K@{MP0I{e7?Com~K(bg&^h{Wd_uv?nGK)F&RQ6r_G zEd-eS4%yCT=pB%2cK1&* zkDs9Sxi8_e^O7XR6t0xtP6FuS_WYQ1SQrJgchP@Lv0q;BwxJAX_+5!7RsrmsM9jk< z5dVBs?v@4ee4rLLwj6v<3uq+$xz~>Wt?&4f@;-EZ39E!}Q3*S0YFE7veui_Mkg1ir zgZ6t_8P;^Enf^DvMYP9gBdr-0Q?=C}msb&H-doG|;`NoN5&m6jar0Vi+@5G7)suliQCM#(TKm3`Tu-%CmwIuC$UiHPkH2{1bo>#C_iQk$G9$+R1s~`>6Mc{CrFx;w=}z!ndPtKx74}7Mwo!tM zjcd!A?%QByWCf1aY}w}s>QRVj?PIhU6=1R(W9H5`_1?Z7hp|GUn~CSu(cWzje4?Xb zlwZhu6*Fe4-{81DH^!R?5MBpKoKJpV$?sY9R?D%OIjiAg(2HFcbraoQA*9V?vnUO>hBVLxqD*cM z;K`wC2N76(nN_H2^GI1_!dOO>N2vjvNKW6tf#tgOH+~N>hy5^RTDXu1Ih5fdJ9q-iZnfQ z@8{SR$qZ|sQJ@%pdU)liv?izp>bp3H<}AZ>|D_iS~fmGk#{@zdTmc09jhWiU=x$b;D zLU7m2ez+>4A0KLE;obEP`8Plmp4JAx;h=t%aBk370Zz>JNF(MH=I-AG<d4vu)OabXxsjPC){;wpiO_H1kp@wJ6v=wv*G?e5r-=%{Xn7S#5 z<`XIu52bKlxq8ohyB5Lh>d{l)3LnDj!f}r%4$3SBe8@3|o&csIb&iJdF%D>Li2Tr( zl0NKT_h;3l)^a{Vsl~{s0p}8t?2(<5G!$6hg@KIgXP8Bb#eh-qmFZ&B7qvh^m`ht6 zK1p&PUGuyL%o}?w)qXK&X6O3Z^JmEpeLACcu4)g=%nXEpwUBwZt2hg2H_&iQOtHtt z#>%UqOT$aRbN;q}k0|ePlAV6m6x~r{x&+I>t9aX;N}Y#c%uRxI^?zXK84W98jzb=Twp(t z5_+13{kT-@2Ydu;)Vp>^ydIP~0wy%yjDc(P^ia)SywxtF%z-!7ThK8gFV*)+1_cSY zUAA8oud=r`CcoTs<45@bbXuBl%%R~S)uGHtwLERx*Jg5}%AZwSNbQ1e{f+>8+c!J_ zzw;2U>=<`NxNjG-gfmC~EDLgVV8OFYF(6KfYgZ-w)v<)}DgMq!v#ADdzYVwQKl2;ff>y5)jh)8{OoYFer-E#39p?u^y2>7hS3y?$zW5v@OJ@WK% zZD!Xf60Sv>mbm813*JN)C7uI{5My5ddQkfr?t(!w+t`;os~T^>FfF(sG8}NQDf!zr zEf?^KisN-Yre=e)6Mprh|1O%_Ss8jySpUQ46=2{E>3;5!Knpts0DWip@D|X{@qQXS z)Us04N!K!z0ZueUHS@)9AQ^Tu3EW#>eRNzkRvRi3HwD#(lAnC#OSBW`mD$qe+3>p} z4!tb%T?qV+!+2`8DzXL)e2~<(z!99V8RQ+Y0vvcv!c_nTCd)jK!s4$BQv=CZ$3V5k zc4Fik{TNEDfxdq8Q)uVarD-A-pMgh=^is6cy53BJE3>{fuY)1a7e4&}AfQmBChuPD z$d35|UNwO07DJI4RXZ@^wA&%*D>(I>H$9lY}paELtVe5 zcKDf@7sT0$Y;D@yc1MH~guI?no?nEQmiRarUq>u=J9KtB0@ic6YZ1%b2gdjw_>2!x z5Nh7);QV=+mvqN_aDiIJIrabaT@BU-3X5Wc&ygJdvSBKvY>BfJPIj64|tdj<) z$*QNZbV@Z$ZL?+UbxJh{gqg*!-b5$oX4PGwyo59%{cLK}M{>CSS z0e~A+CN0-P|L=)jhJbI+0K@lGU~P>3VDSpcLD(agP!h%9Q=k>TB#JS-72(752iR}e zG$?eDuw_}>|MAkomFM+z-CS7GmZ3X?fQS(X2j<__3~k3K{Qv{LT0(-ez^ei(9FU;h z(Zen0rM5Q4mR(2YA+n5&))cpDu2v1kqc%^YdfUj+&nH z2q!6)QTN2#@&E=E@pG9-uOEef^7DHgPW~wL(ZyoULXIEK10qU&j7-_Mfs;9}ceA6j zihIKI{B8#{oc6u_J1=S8@7z8+iGvPY&z{cBxXs_D$lzF->bMmKer+Kk*;`_ZKaNgo zyr%^-n(>ew>C_V;Um2xb_D9qDv;-EVU7-wctJ<)2#UFIM#l%j;~oX~uq_PRcD1MzE-L9L1wXRj48#C6uPxmmwut@7U}+k6ti0j_D|!-hN!^_m}wAH*B`Z_l&to@aq01ifZE_doVbaG!G)l^a0wYn41l#{J62^!51B zOm(y@roZp6aRmt$CAWI}8Z+6*tF({vb4-{x}V#I-@;&;ekq0XrJDJTpF7ipD6;iPRc4Sjv3MO)yujng4y}ffn*dF3uEKo ziCOi8;o#wA3n@PrSx)sK4}EodcJr(b?AImEfw%N3FHID^pm%fkb1IC~+I~-c3>S9| zs<~b6x?E%6a7Z-Dc!+}Z3opYdl5;)%z$4`DpI879OyhZ7I9caY%)l%l@UE?`osN=A zVQjuTEt<7BKMQFtAvIB!z6V*T8CyY|Lv!i;*yu)~0ije4c0Q&r@q%q{k((6dxh~a* zb%d8pM47{KkNULZowXk=3ddK;hh31H5jmqPso8uTv%Y6R-(hu9>QZd^Du$dGHC`#{ zYs1IVq$-m6KiJGUT0y_cu?Q0+!|^=QdNl+1MeS{#7JVEnSz8%=+ds4AKaa;p(9Y3#D*14R6X&zyg%wPYCKm&fNhyCbc)`AW$9~#n6Wtrs+ zXUE1}RZ$1*k@s^K#Qh7^;8@T{Y_FwCWU@rDvt8t>7R>Sx{3C;KVyaBTb z&ExeaX4|qawM|mly?j|S%iSK@j`e4jB%K5#l^L`5bIJaE=Pq4pp}otWOe>MX5jXG$ z?XnZJNQN!M9{tRB{8gwOdWLQ5E)PtQ9O4iakQ`)=jU-o1U;BkR)YqNa5H&X9d7W2S z?d@b1C(~o}6$~F2tsSdlsLxiag`2A_m zv6oC5?CNHmxwxx`s!|Xwiw_!X4AVk=%gcxJ9M;qe*7eROoh=Exn#_!griiL09)A8W zj+{UoINfM+1>lDMS`_|0z~H;P(5DYXQE1PPY_ycgu5ZRtj=pteT`0)@OsUD)7!Zp1 z%pT3U3^9cxp%{znvfZ9{MHWI&^TX3KsOXu5A}OD>t6xVk7pfa*$YVCJ3Uj|zeTPj) z_hFY1qy6Dzgjq>1?Gk^f#?@H(taTKxt&}U4eLeG&e&{#J(-HPm z4~6IP6b7pdI5U5|C=z{?Y9G@71o>CS@^|_z9dj3NU8LN9j4=6|@i=<}yxSfCofj4J zx%N@_&5TR+zP;C2UK>6wa2cHNDTq=gR$CFZ*r7t+T z$!X8tt1X`$?zA$s;O=QFB){=mb9PS`kuj8kut6B+< z4eTP)D@kd|TxFJU#P|;%=)xnyH1|zO5eVU-ei&^&~U%^D9O^IzCo$b7MU|I?*lQ5L$#;DA$-PS5mh1n=9AQ;tXbHY@9arwkwB!N=ZxTHKFNP$Suus*R=os*lwq`O6m#b=gTMM=znHn)cvhp62L6{Sn}=J9~m@=JfPj&s~oN zC%5fF(x4n|;O(8QDkQLuI^%0Sk9$Dl$}`1&FjLvCF*?(*$Y6kwcep8q-Lq%J)L*+) zK(<^cE*W(336#@uAxoed^g&kiODT(p>V4Dm56&CDsCqHe`Sg8yFw*sj$>o-|_aupB z!j&2c22gZ7uVA-mL{xng_r#^&Fxbk%s+FHqzL2MeL#8+8o)&4*vW+}rR@T!Ox=xg$ zd}wMWn$JfEUu&Khk{}V1$0aBd8HpE!>Yf{J?d_@^yB(jrPK_wi}m`rI(hdhP#9W4)jS&!I*04Ep283%t2tRXVSxxXVcLlSszP>nF)x zEvV^V<9QeW6c+k}O-@-cGj;``Dh5n!bouZ?M;kx=TWnQmk98p4)3lH4e}gdDhS@9f z7*X40>KMWRR5W=es}Nr4QpSng?{;}iBFu=%u6LEXBMJr7zO5`ZuIGAoJH^A*gjHM3tWXt_a+isc{)SZ^vU+3 z_H%2y0uQg;jaF_FuaL()f-WB1`{vMZP#*3)4gCffAA7?35D;MkdVfWjVwGTp9yZwv zup`@CMf)IlsB}L!O+j&Jb!-eA&1)~H-nBDx4cXpdPq3)oHEwnXpw?|@RcCwEl;a|5 zN@1NlSdZ&uYAWM-LAhDSGWW^k6l^m%+g2HxE-#vX{nD<$0^F)S9-KCDZLSty?epdC z0YSXv>WTu75RY?vG**r!&o}Jm38QU--7Ke@u66=G`0wg9Vc-`vB;d8%z~oiX}g@5S)Fz=ET*5 zi3;C^3U>}KjsNPpZ3o%yl~pa)V6RU&_(iHi`LLz&{^LZ9^$lb#81+i$dZ8fNcR0NH zljGAVa|`7;OfIlod?F|NfV_KCr9|K#mQMccvH+jYK551FhI?r;{yPzP`~;5Yy9y}`_mTyY~it=mr>j?Gy6_E z%;tQ-sDsfdDRVbxZM8H9|2&ft9?8$|71Cp6u19c1V0(gZFX>G{5yV=|w(pI9O`-wz zV@b<`-s)3#8zg5RoyzhuiWXPt2bW?-R~Qa7ZMz#As?VnHXW^nzf+Q5`jqLmn0vS)y zq7<1cf`sSeV>S4Xy#-U&B@WJP#J{>ePPOkE+z*KVt^CuneyrN7C5%GY%%H^x_q*{4%Q$W#o$SyIA^E*QjPY zgS|Cn&R&R{GAqi+j%X)evcNKJ#|wyN@WI8qZc?YtB;332y@y0#qI$|L=C>Ug(>j2$ zC?Fr;^XnQmJq3zwa;U*Z{Rx$|j6ki-%>@GyFku32U(pyg>_!63nH)$M1sS7&m8$cQ z_WoAqMk8X!Vd1rw>`PzjBmgIV6rK+bE!ltJ!mNpA(W%m1{WA zP0=We6y?HmLQB~4a|N~*&H=pjI$JsAo8kRL+nQtZy*VJK!F%>rNXGe#Gl#ig3F_}) z>mGc@bKrgtWyaL~cDwH(1WSDaAlS){C?Jg4uZjz*7T7B5K~)! z&%h^OmrejnA^-tv0X*r)k@%|rA~!!yAmb9qcZ=8N1tBd?`}K4^BNOV~5=WS1o6 ziaY($u@t3#U);LhiDy#RoISX+8hC1ccozhOxc|PP__NEj82B;H<329)Kppzbf6y|i z-yrdj6|%84+(9-09xB;S*E-VSc1^nMY}kF_pDh$}L{-}ks`h}YYl&4#nHF3yl_fb( zZC7n<@s=K1tEnXvG1s{xY9?NIPvIfzDa7$tNLduH%&Fgm+9hs5N@mqRvKVxIRZn(H zqJfe;8tFh(*CUSP-TmRJ$F-XDW#10?4_(*k^n-$?+_kQ*NlU_ZNwuD89&47xRsCj3 z)rvve0C?=GY(sFVNlNq`ay+gv4BoNe~?0p>}nFl(u566G)Z_&{G9vuPUWi z#D?KK5ldB<429k$5GMJ#flvzcFQ5neXq+CZg#Aq2S(zQ~kI>K{aV`XxA$+=6z{g0r z&nRbKQPt&@x^~3ym+#kI^lvs!jgMw+3uMytr^swb>q_ z=6WXx>Lg0N>UMCPx8y*=y zxfA?@eIJE4k#P?%==nMh9$=jhhX{G9QZ$u?Z$i}M*|ajSMuT9shTnLTHu z-U{%k9T;ZpOO|>J8|k>TWZM2p&YG?Ob_8xu1Jc-D9BUJY(vq{L=+s=czTY+F~65=N${#;7DNE*@iA4VHm!?PkZI1_OR6! zPxW1-W&KyAZHJOM)8N$|^!GGQk5_0+u-3VUR9S8vn&}bSvTLk;$Gd}QYUfmSR{79Y zh?-fQI|-4R;~Y5A){Rc#7wiKChTlezT$WH@UKE} z`xy0agQ{0?L-LY@#lvH$oRN%KVRH? zq;>OHxdwA_kt?oQfs0dgLN36^P)*yNPO5BO58>x^`H7ba?p$X`iiIN}{(pOh{Qa|q zfa-g1+o&S+bolcD;nwD^Yl(q~r~n0vG_rlp+RNxoL_W$#LLHRLyY=#$-9rzzcAagD z@5w4Frkmg`W*^Y*qVB1n8I=Hn#ujRTj?+&U2UhBzAMp5&d2E*s3M6M^LFU6>gfPOv z=I$fXzkX0P;#6+=^@tdvFC0i7X~+^C`MCNJB8(Hk{a@!zc6Z)n*P)uf{_WjC%Lkel z^OFihJbT$&?Uhf_A>YJFr&p8*&6OGWaYQNNU$0(fnhJ%omDJZKK=uS>>rdiU&LaJmxjS_<#3d$3$4?^gVHwAYfNtvcsNyNW+m-Y^H9NRv==QYG;?)=( zRaH}C%-TO@h!WNe2@29Nq}kXzHh;16(+i;bDJjyDw|D>hhWmF$4$Y(UjF%UA1=S&* zbzZrRjcRfF>L2X2ibZ+r&fzXD-uYA%*Cj@C@s=jQL|$pe)cvEjxrgvUj1FZ=m9|68 zK>A?{8+S~b%)S84` zi|2)!OudGJQ1X@RFPCaI4usbpS7cN0gxZ zMDgSc?|`Uf8RCn=*x#kvy9(hUW6Jv05mxd42z%?WsM{`TR1gJ3>5vwXE|G4fySqaq zhwdSzTP3B2?(QxL0qGcE=>TGOw|_cSS+Af1R-4XRZB5+I7+MBYAqw`CRli zP)amiIh?J7dP`p{1yIWEm18fi>pO5;e{Tp@ifasxo?CZ4sYxozB*}hU|Ls?YZBMGY zo@&fw)sX9~U2!n@laqH44;q6$qHaWS_h@W$Ru->=9ANO~+NOoIM=SZozynEPZ15Ue zL(6h?(Ebhc{Zu&pSHj@n=G#;ZgnEImGdYi+9S3`#3d5DSTh3=R&ewMY@utqakDIXo z9$WDabR-=5_}E%Nz=jZbs`SUr3|w_SoCv6-`MK=mEg&;{8Y(KD&~;q7+^zcPaX-Q! zgr1SeQQ?Uy!xL)@GYdO2Cv0$xW|IMjY-)@c*{!+OW8~UEczkF8m{Lp#S0b}t#z4{b ztPZj}^HK0_V+;t;LrnGIpG{48gF>7Cy+^#L%QBbI=T44M`mpwynVY}JrE)AZP{xrWZdiVOz z>&L(!DEWAW-YCBO^DO&-;XxqcD#Lyz9u+r#_bcU%8bcu+hLozT;P;~-~x3;p+l3WylD}H-xX$Wh^A2`BVEoP`|pG_6a%z|ZKs=b02w;(hhxF&W? z5UqQ93jzHyjA{p>XAC+iB1Q@0>mt7=kCm!xkgu(l^Tl2t>s6@!toZUbBDjAR?M)fd z>FL>s{e3ekDr!#bEqHGT4-XJ<78%1${_ht5E5$*0B=bJaWi~+mV|~N5;dw7&MkD7a z$0z3vq20fNk+isMsALBQvJT4>8o8`qVxZgUOs89%ziA30NYn}>e-3?NDwnJItR9;f zXA3=u_>C>!U*ENvIXUijSDfxBQUBiA^~cv2|9sW90|eZM)1ZREiHlo6sK4D$d(KSV zu#N5=8ml|)bN9bH_^;A@B^uakE0y{qbbl;5(rftTYNvrfVwHvAPo~O9U=0SQWI5Io z2U?(u#Dq#Xh`c-P9b99zATP@ZN;cRubg+_PW7JcSh<>j$MWOcfEc!g;o0OgMwdQY<5ilXn_+ z@@escy!7z1x?nUVanoFOJM@Rh&so%CUzYJ>VqV+KMd6@x%_Com`@lqT*qwkrh?F@k za!g#ZgrT9~_`*WzVOX7N$6r;cfHOybKV0MnXgl{_ZyGAE+sr>cHYdEd7w6EJ_fCK9 z)Sq{Mqmw>H0E5e^FNR22Ao6A#oYW@KEC=+=sA zp9i?`8&HjH#;F&7RkiPMkr!*78O{l;Nazu4z1&8X0kMJ*iuoT$0Dy*MKXjS^S?tIl z|6kiGo|&FCRxW|l@4F^L=#cMB`iQlov-4QPK%>UEjtR9zTzCL$?pV3$FF7nw!3E}Bn)t00c9+Zyw;{CrKW#`MBVRD z3yMmzz0P&a{gKOAs$|M#-#Z&3!}qWQ8|Z9~IUFc-9EAR%A0Rzin%gtKoY&Io>=C~B zv47p8FJ$7v@dovugYe(kmVpP*+;s6cr`P(k0iP+AmRlRo!F4oBfJr2TvW~0pQIA7Z z%s;9i!nocZqkr$yL5H>rN!sM3b7PK7pG3Nw!wVX7@+K6RZ+o{L0M+Su)(St)BEbIp zT%kYClUqv#bbAV@;#2=N@BbSBYXjcVW%%EJ1H68>j3CuVXMS?tJU%=6S=|{oOc;+b zK~ys2$oZyxiQD)7-fQidi;d*7$K8#B1YAN_qR(PD8I#C6eiq%7!^8JbJg!nR>Z3&Q zpQ!sG4X796!SDc)keld#>(#%mDWAuS4=)Jrk4ws@Ef{licQ*&evR1+5OcC>29tOZL z*y@7F16Sjkt^fZAu>WgK0GXi<(ewYgrYNL7_}A`m9%KN#OeW~D zBO47(a45=&nR7dKXlUr`k?Y8f4iT? zdaQCMF8KcM-{G9dk9 z@xsaA$yc>%&8hd8^V9ZINeb71XIS-V$qMKvW*FeEJU2pz(G&LP6KKc!3w{R-O)IyKy6r26%>djK_G($RXd&S*wCs{zmYxp3HR*Y}V}Di;j6)Y} z22#FZ$}hW(I}MlHrHsK6uDdz5cS$hKsHnS@Ts88Nj2=s%Iqc$)4vk6TH{kt=pdGWl zZsOfLXR~ku0!%4t<`n7rX?*OC4TU#>CG&Fb;G3|joYkimdlor^HF}AuJn>ALr|gN} zc~ZP{XCt19w~CsqvF|#$*79ErDY0%k|=ow(A(}ldH*H=2UT`zICI75WZMnR zsT*sq+>gbo#@&6KyivJw6YSg=8@Z;EN=BF7GMD6|HaMu(-fstk8H}gl)O=)uBeJ$B z&i*G53SNS(H0_B$CMRB$PeS6K5;51`Olgt??tixTGY9bK#mfHjX$$=DfrG z8b9}hUj}pCq?s$%sRcu5Tu$*(I0+&x&LC>f?=mY zOjodBa0?{!CelO}UdJYBlgAq*jDq}xB8yTs%@r5&iLcXJ{R+Yc1^Sg+Yjp!k)&a6vut z@adu$E;0cb1-tKZ6XqN~WyEboNLQ`>5=Vy!?kr_x9XGl#Uf2^N5MJ7@V^Ga@E#|Gg6wO#VKvNRM`@Ri}f~!QLP`Knc?5C*7 zuyZ3bCPxW;$`b68pOG_fk*HI-I)fAZQH1pdjifx0in($1bG8QX(b=oR80S9RfNpp} z>wuK)DknBJh%hfAU`6aJOL({mJc|JXZ$4W)P>LiG3Qv;Z^uLyPt5KLTpGQ*u<|1HOQ1PCp)moXJ!Y|Hsra#I87uxJbnsES||2;csVEJ6lW$hL^UJPeGfz9xSF2u2^#x}H?? zu>|(u2|ln12~=Or?`teS=VS{CQjDaUW)Z)!U;zJqUf&z+rpamB6ih&WQqkzVmwrR) zn&7-YEBcJpbdT1G zv|o?LzD?Fw`B3@7epHFcaD|vwcID8XF0++xGNdIqR z6Fui$6x*KlCI$fXl20)dHPCa`NZ^x0pw=g$Aas6S8O?0=GB9EgB!t+5H2k`5ZA}s| z&rKaB@S0&^Yzyc%xFp`A%Fc`~E$0RV>z#^WFGM2X5bESm5djm^5BTZ20C5vtLYW1f zF~KK%m`VhN0%25=C1KME-UPupA~rvNJG42SXAYiOm9BjK*dAL1xxcjWO zGBfJho$LEqjbXZBOf*l*AXCHFb(vIo#UrVP~w7nQG+)mPyXGTd)UmtQD2Xg&gGhj@w^;KDrPo+gBZg&D2 zvPw^7Pj(d8NdLTK-Gr>IdQWxeaf5SLF0BH2Hdjm}<12)^o^IKA6nGutbmOR?Cl^!G z_5H|?9rYd(#EACt%CR*^_PB{P!idW@yv07ZFe z4x+AZqAT;vXb%JwHzY~G_-akQ9=vg-VqBQW^4`Khs8d#Zm8vwe66T)ynutgQV<}xH zIO#Z9g~h&cwzj%Cv)`g{9G?>M<9vi=1C+$m=)TKWi>z*n^<>h0_B5I@0?aXKA89Bm zaAb8;fAsF2&)qB-ZzCQGvYS(Dh3Gfb)P>+J$(qLR0qpjTc-ymytF=U!Z6q1&L|Tr% z-*k3vx}fmjHEOrv=dIP9xN&QQ@`*ivK-f?bv(#AQcydMAQ;g9ujpdB=z*L7ypzSe* zdzBKqpiQyqZ5a_$64zoGCX?FdG`ZKfBVGL(N0T617?U)t-~{y!BPZCyd2oySF=1KK=bIdSQ4v=KAPS)h12E zKn)~)ET27Q3K7@Da-e1K@2P^ru@=r$66+JL5r`_^Cy_91emB1cvH$_SxcAKc+zbJ>RMIo;AAcwY zhh;04gqh73GdK_zhx9ZtT!f)@m<{x+si=&KlX?q9M99WON6Y3yoaxR^9mo1&EjP#H z)s;MjpNfi$E9=dxXf-&p;0(~J7~d}a?w9&u2`$NW+Tl=el8tDPPl);P@ni#MtinW^ zhH22%Zt{$U)}c)`HuiKnRJF>jpTok!dcD3+BJq2YY#46J2NXP}*B&|MTk)x>Bs0xm zX3yiT7X`(|*{=vWly!B9DRbYBAyYFbIEfuY9gb0s>xy%^_9TDqs}@3)R8`qUkMSZu z|NfP$ET<>OYC5=hylvjqH=)w&EDI5c800x|+_{<^9R=EG*6ARa^I?<7i7`5tC72 z8%W^|0z65@#&TrS0pt2n*g=c@z$~fT*h$^2$t`7`tqH^uu4KoHr054;3wP@~=AA(L z3r?5h6TgppPIES1-p>oJJeBaM@j%~J2ne2X&h3hhYmB~5@U~26Dcf?Lt8SBRVu@q# zP6L9lI@B@TWKO4Y?ld~PR#$%v6d7o&#SQ^7zA1y#4E;2gvZc+Vf}0g$;B%mua|vNL z9X2Gk{QEAS{u`!x#3@-308!XzgKT4-FKO~?G9J3`%?r3=S*O^0PcbN>nB(53H?=HN z;Lf+mifhqdnLP6v2|cs5k19p5y?rN!Z0i=3f~X_;(~f`cZd=|8;Lo|g``z!KAVN2& zD`SeICt-f{<5r?`Zr}&A*1E=L%8Q>f5xn_vU4CN0i-_i7>q8mIyDtZ%wZu>vJ^~!H zuP6GXd{~Q8Kg7x_n3(r~w%?=j#7X1}uyDclSE2?0WS|@H4|ZXjjD^Gi2vksPwSkQ3 z3NDr`4d=*rRy@DQGw?|~=S#&ej)e_F-@UEAfSPvIGU@tB4=eHlnP4wBW~U=AZ!#2>R{LqZEn-}?mWTVGKJ7wAT8w2T&5Exr&Q~TX3SVtp zWMDa#*4F7!g7-10-b<8p#vk*!{R0C>$Mcmp`}G?VWmo|xAUAZ~7KijbXVQD^5!0tiH=7>6EjByMYIP?nLzXc5EDoQKnN?Y%9Fy|BL z@sc*mea^QFOR_pTG}p~k#iXUfFl7aAW(8C1<1NQyXzLv(I7`x$_0o2393BDFIFDI(GObpFa%`J#0XC!wZ52xo>2y+Zh)s^_~I`W+2<}e|m`q z43Fs6BTo1Sdg}Xx{0*86NBPDCKO$-YqDr9obo6MbsOSS5v!vX+K$Eg05_Gd@jvI)clq5S10(XV5N;*g&V5UE z+{pl|uS1`mYow3=G#(IM060oL_46}#T*Wuscng;JUTN0dv zy1Fwl(Pa_Z)TMqNOf-zl$rQKT(to(-Z0__XH*>TWqQ~ba zKkqtg$R)hFz?;E2Kh1u*|WuZyyWu=Hu zDv7%!9eZSS)=Ie+;w{oCmMl@$+W5GGuO}c}^|3*<+fl7?bkbKA7G@H!QS2%=m$6E+ z@bN{Ph_}sRAm_XEw5A_V1uTr18O0=|B{Kp}J}cQPeJMwgM(1Jz(#*nx&xQy96p8gO z6#3>aC=w2UBDt`8ieEXy12T|y=jVzq7L+0G+r3q{o!K#QaZ=SzPP;fx0ml~fsak%n zMh3mh0gg8y!NsaxHGveJZt>l#^Cj_ni3o;u?4cTmjluMjLEfO_lN|b}Mp(^WTJ3^Y zl=JSaDB!fiu>RX1sz5&-Wl#{h{Y`Zjv$XtT-bHZ2ZZ0GQnZc1iU{LVDAtoh7bZ?Ki z%6^T&eF^elBwuQRO-Lxc;kD1uuoSpM!@wZZRa;Xt+;T^GTHAW(cfLQ@Lt>Az30r80 ztEhOd%3sb>j*SC4YNEeD)ULJ8T$p=6C+1R+B1=za16eSks0`&UFOxexl$joQT_66G zHycQ-X5gs~{?rv+>U!w32B+SJM1Pb_-xSBBDRXp$6=S+Yt871U-_YRhe$*Aem7fcV zmc)~ikw}Y{(-JdHapTF(&9%GPF~19pIE8R7q;D5ksOqt>;+#iQn@Zx)?M_$5?|UyA z0z=7jmj%2(vUnaXhnY-;G%Oiv zGX?k)u6yzP*7N9UJd`=N_qe};C>z02Q>|y(O`0wi(9BQP8RMj`7B&;iT-&Ng+x{F& zNA$?X;TO2ZFaFaf5`qD=3$xe>ore|mv><`UK)Mh&lu0{%{3Zye!0QF0?yIV5cbwv4 zk01ixNIK@)?W-cpgmR~*T~n9Z<-0g_M5qaba_}(JQkHd-xE3N>$3J)b!__XyNroc20{ski@0d5D23Tf$+ga}CqwA8vrf612BP^+({-Z2-?ey4azvN$tm$e?H2%vQam|06wC9B0s*f08rp>Qg;kAzkQN zo>6$rdx1ENmLS@s=$}YB)8NF5Vnu2&)V#*gSG=wpMl zJEbed>m0ApIFO4?-Ptvq-@mS?wJoxsvYjr1=>+ZakoUb?wxOld-a8pv<`|M-YCV>5#o9Z6d z+(|VO-|E4l>(-@C+-DB5%g9*$srvKcpxqXN1Vb11l4JRv;V6fW(>>qwOrxpus08X(5ARchqn~zVhTy1tfUvCLQ&VO|f4)Vm8 z@T|RzI)20Q`0K(s9#bqtfIzYL(^dy+1K0)~9w$LP{Nx1hu;cgU%M7vRZjx^D3o1f! znRtA?I`m9{32%~3zXX7+^{*VOtFxPi>>z?u$8@82qGq_J#`!$sn&U2&e>^mP;$&KQ z_rj(@k#cJhFLlBFM)!K|fMhw|*U!BDi<=`X$~s+gHw7B~jtI^g3`T6en7`>$wsvu; zJ&w7F=C#QU4`<6&W#_CN-YI7BuDIjN*K z?>OOgG`>T(J6oT$f76O+_Rw;tqQVyBbv_0wCh>%p1LvuF~(5uHM+x>%n;(H_u z$T5!QTFr?6YnuT2=;3ZOk=Z&!RQ3yR(yvCZH=HJ0U*p-%g$0RP(9bst=MX zi?L)Vz`55OMVfgQB#>2?^(HhJu#C0tA}HKc1LfUiq!1en(JW6)%J~%5h$dSeg<78Z z^xrV`2S*Rm=Jx~mSjO1@R#ox!J7 zp6dB2>dPTOtI_q|s@0v+d2(?8F;cW+?S z$FU3RG@xQ?C^CDv$8^7y_s)!^SGQ}>JiR+ukf<~r$f~IDJB79iNRoP7vSjDvjH)x; zVCuSWQ8I1VUSC>r(5n??+-UrU0a8=oiou*a5foJ3GWp$NH-@`Lb}^i8Zz3&Z1kaeD zFXQk6#oT#GrVr48kR`h zBGjQeK9ZvUi=NOe2ndWz_=w|d@*7?>xU!!tQMKyUzn5NSDyGtVRM(PJca<2*aoo=0 z>cW~WU`Vxp=|vy_Lvk5(8(d@Jf79!svNKZv3hNeVyk;|ZstI>(>L%fZ@y`v%?3rsj zZi!bxeuK`67~e~p{$S&bXRUiA^y$IW@XiY6asXk!_{>oIg1AIe$pMo)oq&QIH?hK(t$J{K}rN1+(WNw0AF(4hw4Z2$H!Qgsi6e0!UD% zwVu^YRtdw;df_fgH6dBAUGyJ%Se|{c1lWPwyO}j{dJR_{yylYaA<3O{{9n~y@4k;G zD$01JeXc-p5rtuNbrK>roEHw5TM($$W4*eVpZ}^G0f9->gsuaBobWFaLEq;(; zkf>EjynIWKhC|V`tF{ec1U#tj* zls+lYpl!{p45LGX9tj_-wUAH)g653t@j}3&9MHJX{j%A61UR{wlRmjltQR7mod|}hsZ^{trK8{a~c3)&yZ+G>dj*Cc1$|=lq`#pCp>g3dEC&O(|o#pJ^3nXCa zi-;-82h(ZRB81c?k**$vxLy;z;EVgtGPQU(_}$sonC9CUd!v0yjzS!Fgd(rW6YA#; zFCH1D!UD3MxJsz?fwjP|?&ZKoX;?FsIxz5K@_Gx)D6~XazNrt761)oEzglY^pO}z6 znZDUB7OV^D#M)oP*!4+kYWi}2zsh>b0nSU|0MY5X%uP6s9%om9F9goluenf6ImgD$ zl{c?aVv^_{SHT4uG=tmkNV`kPb>yz-u9X74SdL~e)Y z`aK=oqa90TAjamyj@C`?bA#l>I4S+cTfnFuuhk%el&-7db8xP=$Hv?_yiR|BY=|%E zy0PKFb~T%^7~CU%wY%h!*hS?6#Vs8qt&CmYOBYaQ;kYx9+lqIMnz5*uYd4T>Durz; z{zoY0pzUbY^nbo597QZQ(yIS|hY&n7)+F@OyGWANoIfvroN++BJ4VD=BkQ06T|Jvr zbMQK;$vx-Fs+~(W4|~c9YihEt8E67Y?SGvoDlHr$Yo_Lv0Riu`IdRb5dsdfP_3VF1 zYhn=}EVU7d3;2GM$Ti0NVrLN;3_*uptgEV!rUQ)qX=MJ#T)kI1jF#Ui;|9@<;?sPo z{tYt75YF0>A?zEg(WOIVdch|EFPuwap!_8?S-h+@UsKdCAe~IsSDk~8y?A~RVmtU< zZuygT>RrWT9O(;f5-LJzjMcuMnr?is(J5hI{`lE4L<6DDnzV?9ReTka=_FfaKgYpi zUp23#_elhSQR`ipeZ?s4r^AnR?4v>SNoYhlcxrJYrj6Tq#nnMOs2Td+D+mA&8I4|i zq=z4F<<G57^SC5^mOFErte7YioMY&70^3goaAFACnG^CfT&el8@i5v+Ju1 zX<#%8bY%1oB-NHp+4IaD?pf{y3+O>**-K9IZXEqPaPx z#%gYm#9|@C$r2jvs#pEWzNp9HnpI9PpyfK2Sy@c10mN1h%p;_Lp;C>}LA>M+#$i+nboCI#Q? zuCH`d6i?4!&|(f3re3TiE!eOp2Zq~UWLL1VrE9B>^TGLpY5T;t{BgW~`7F5XUvW8* zAS~8V8ql|~zX?YAxgazPs5i}EB~QmE1y(&N`PoC_QWYe6C65Bl1$61)tfzU-o^Y`9 z2QIHrOpPg(VRnb4O&))pBu|JAB3H9x6rV!2)qHCj!g=nXhXJ$ass1!lY-SwuM15}+ zvGbNslVtGlL5-|r38OZ%If@779;1uh*aVk;$JNaS3aRRA5oKcy2A zSrr@;!3A(EI$$XbO`x4}HK4H!FyU`Md>AzM1g0o+wLdMnm-rakM)^(&es(+1U8~uf zc`uJkBxP<+ijNQiKKxTQ;xzYSL3J&a&jB~(edVw@F=deD<_{c5UfszCW7?JSltUuzZhk?Q z6D4@-4cOXpXLr?3Mo=_BRDmbVPL3f#G$6WCmish`xkT?{W4#W>;{EA&Y4caCGiqL6 z>9!-4)X`AFSC&;^a`X%t8o2#ZNrH2g(dSSVMH5ecWW=Solw_d|9LR_KqrskFd&U`U z-R$GZvdi4&#;|~1Pizc=9FgCn^Ic;nDKFdxI7kfCNOz}%MoEiPh#7oPRmneX{iJkb zRe@}4M`FK0cLnOqH3590c}s_L)V7~79LP>uvhEZ z%8Pd2+^yNjj|P!?{N6g=;@u5U^>4g6Cr#@ixj`xZT$;_Jm7XS@RCL-HK+?WQFmMu&t}cQJj8I8$Mnuh*XC*k>kdez31(0lb@Y)>k zLBa5_L0nK+P(s^p)HeIo$t=i-RUDf8(+7Ob`4p9q#hX z^P_7XcJ_!+hn!KUyg-B!6&K#uP@jwTT0K(?^K4=KWlwfiJMxrv@(F2NW@RDO%t%iL zmFDGdHxujCxe!_C5v1}>2Q=yao*KugM^ry643DXrN*VHdzCJ}yuQn8QTt%4}>{I z@KecZ)yeH|KA>az)Zj%QP+k_-Uy?Ysc$H zCHm5y7w&D#{dLmmIqyNpcJey*U=Hc*F@N6>#9H>Ts}ys#-*_-~KzjYu=|q~XtIHu4 zarXD`mzLZ$^yEgKcM-LlBjTjMB-zFk&HL;51;y!hzsDpm4AR=amtdlu0^PAcpx7(O z%gbysiQs+=Z*CjGy^uFLJwMOyeR&j^aqp@Or3Oyl2N-fN2AMX!wnEi(ztL z)EL;A?0pqcA|QF}>Jp1`g>3rQiUpuA61*)teRSDAiwXF43!E6!0Bm3BHf`V_O5Y9a zFpsTQU`|M2nB#snQU2u0#a>fAvh4|u`KsKsl*(;dg85a&X}^u^E(7+BBCH>=1tRryC3IZVeo z2+5{@`X{WXkpX@N3+40ZP^)9TIEewMtGJ6>+04|W{dEdn=mS*GIQzcXq}(pA|EX zecflGujH*%9u75`&(6>Pv6>wlv-&pm1j(+&x&eJLP*lN)!5>JSRg)N*;^xW`$VAxF~V@ylp);eP+Z!gKvMz9VAg zBUoOKG{Fh0Jy_zEdsD%{%DnaJW%-cXFQqojOj7jIPc0k46nQH zl&aWgb={Zb41E5htSdBhJTl{z7On1L^gmJM-ganGmaKvL8@eisgRK~ky1nFvZZ5qE zM~W#2e{r^DEEt@-Te^1OOn%R8j?m}BJgD_snhf)nl71mq1%Cah^U9+BaRO6)ZVb<* zaluFVf7tP^+OAZZ_*AV)F6|Lbz&~D;LXLoQg&0B)>K{W4rHG)%_AnfB?AW&WadIf3k zbwOlkd7TR!I8oL_zL}h$1O&>#Q!h<}au!h@5rH@GT0}O6wDU$$H%Ni2A{bmMa3-V0 z$FE;4%=g=?&X}J6Xym4V2BTK2GWU*fh$m|O(}n_q4XL$-O2%Bz!%dAv>(to+>Ak;x z_xeX{L=0x{i;$j}4{9~cx)sT|8*8i(5!`p;%7kGCoi_(h8EoUqJh~aK=Ww8TPAjC^ zgeH)w3lk<&%rO6-Q|lB~!doL0r>`$Erx=_c6VolC^O>+G@WvsJhgBPx3mZ0U&1KC0 z!>FdIh&%3@pe7O(uJVa`swRVmf{fs0JHR{x9emUqwT9KCka(@y%>YRtB^4C_Ft}pq zdQQalx#Am_>NUslH{8c#jeHoC&14lnk; zPmUAim_lxHF$uyJRf!6dofCt<9#o~ed|%%(P0dx;bBo9+_c`O`)RPax<0TCW{&g8G zuRdDpbw-Fg=scD@UAg(WraY~!ytu<;t|8)d@qjdaYDz=PYgwt`_E>s4Uz&@U&s751 z&86%eN1*zNUwcak= zERssdEM|JN`UE zUhcX0;ZJ&u)2!^bN`S~V`z@ssg5YdBUqSBMZzO*q$Oa5phax_fRSsDJb#u1{pUwc* zc3zX1TMg$nhVRBMzVf&Jwmkyj_Rh@z5x4Cas5@O&ZBPVw+M zkq)Omg&2z!-D+;_COxdnS860X&Q9lwF6xj8T)B_6ddFB=-w*WR_JR2%RZcx#7Hj1{ zFaXmMvyVqFrKBA9?Rq3Qlh<;d25mv;`!_37oW>_PR^c?`@c{NOS!dMSM`T2w>d}}8 zUgts_+30DKPw^8M4sb~dKR2wn9VK^tq?gsSkd2qVZ%fuNy?4oVIElv&d$k}nWo+vGAeu%eenE|kx>}jfsU77mc4=YjOr=l;nyintg7#`}fq zaeec#wD={?gSwebw=i>>xf^hw9e*!7R2ig-ktg?qM>NDXo>8}mucnWyDWJKkM58?PS?SPd zy6~D*o7?1%TnA66qE7PK+B7k*^T>f_GX0lPWGt%TX;a8Y{nlekhL^GmE3eA6{Y#iz z0U+GrE_a5rwl3JZc@4}KyTjJe;(4PweITwkhxJCgj#P(AQ^lP`gm}BC88_ zNVpquDery7+iEZ;jE}!{I#KHJWAGE46W@jJZ$@?wj!~eV=yc{Qo(y=3P#5ac8V7z>JZ2Y zWWoJC)}&l!5x^wHz~VrtpO;W8hKa4=h+kp_dx{-Z+0M%(ev23WcKanOJ zVgX{gADZzRoTh~qgP=bK;pG;JVEVTpw(TfVnGkhtVJl15dQ}ozO$B;1#pEzYlh$I+ z*^lxKI>N!hHk$sh1eSmF46m}Mp4ghiL zlq+?T?swqy%cm1g2^S(@7~k*xycoZ(9lRy-Tv;6}PSufg zO%Hc{v5tMeg?N1nL{!+v#~#tph;Wsyz?-Pzy0df}ot}Af6rzgxvt`!P!8loq2MTrX zFx-k?P$Cldn^*4Zl~LpSxh)PTz$ljrDhxX-Sz|xUpK?Y+?Smarsa{_MrkjODoBK!{ z$FKssS!*~#pIpYBFxm46sw~V1EqEUf^}$MrsF`O^Df*6kT)(j!HSKIJ*xPzfqzX)28$NB5_?btdzik;N@Wz1t6a zr;5y1VD(Qpbp4v3+l;P@kKK)w{FE$!)mVQ7^J~ddqY9 zY*mDkCawh!2ZvU1zucHQMts^9p>9-!xiqJ4X#zUsaQIW|GO-N=aN-orC0SHeRA@f# zg<$38m9#`Q{0N(3Gj+!CTpxpEiH5yIYwqxb)exVadEenypYUT~%!T5?9&;0wb*2@U z%U>7;h6gpv)oR^Wp{n$oCy<+$ICyv=_;kOff(!uYOFJ(DrL~&L%I5Ov({hK~+UR7kH(C<`0ek3W~^WF|$H;OD@uwXbCKq z_u7F2Yl3GJ<1g4fk>m7S%0uK*^0NcGKU-MuEfz5_g+#wWle4$Kq)1J3r{pbC@BW$g z3_yu5BCRG-ZDZ-<_oMEh|Us1ez+&>~RRD7>A@>Z;dUA5(L zv7BIKO1oBC%Y|euhgECwb7dvF>0qD4-AbR<412OeXR0!W9;%Hz)yAB$yBYo_gI$%| zD=q9`T=;8T3q&;A$q;{z)5~fA9CN?YGk+muIxMFL`dDHlHfXK_cBvMd7^aJH_9kDR z7Lqm_qV8K`#{~a&?r{P;CjFqNdv@K;b)x3Ht!g~}I{}%q`ZK?Rjv5xM;p&c6569zW zq{NS-mOFnqZv3iI$tsl3$hAhyeN`_w?yKF_GilCK0p{CSQ_B^b6`!5Tfen&uhH%R$nI_u#E}U=J@Uul1y5HPMk-=z-Jj7|j!SrX(ij zuNZAFj8q0$gt59WdmMcv)eM&-otMDY8cenD0s6zEsRFlGfjYxz15+=eH5TeDXK`<4 zq=e+owodz5YlgFfO~`Hq9+xWO=N}#fEk2dr%fS*o7Pz@DH9_3JB6-A#;=h|W{Q`~rq&tpp? zQf*fq$WI}KSN`#${V}JQc>{0sJig_ehvu2u#cbDXgZuDy&u#4+v^Y{``M&wF`|tj< zp>vXai`J3q>#*QK=QKkFtS+uCuhAI`$TCw2L*cG$&$g?)mtYzZNXzNx@y*(q*XZnT zS*%?SlOwHQ;OB5p-_H()nCgl`lNRyib-lXSCQd0XxR!2!U2CWfcnTu3!__H*vG;CH zF;p2BT+pM)l2Tp|=$1#PmDgxB-og2g8~w_~LS5X^?CwSop@%0FLOK!??x^c{u{)zF ze>odzsoVD8ZFY-0u=K@j%ucI5!lG(?mJ~qnhgVkqlF#^2PchM^KQAyT<%RUFeUl1} zJ&9X$FbT6F)+5)ve_M*jkLXeR)-#Gd5(7fQkv75OC4@T^Wg z2sg^V7e&09dW)VUg%4-KFWiZjTYWEIp{uFUSYql z{S*3QSwAhsp85Wy1Up?LQT!=tqij`m%T5iT_)Ra9cUi)kSGW15FHDIxEr_4+nJh^cCY%eqyL%u#v4%90_+%)|4pDh_jr#NByfyjU-7(3Snq7K z{d`vUUWLZze2z$(e@o`=evf{n^YG(%%hg4CA^Wqdm#FZ7UVYg4fzabm=QP0r&7bix zd3dou&bcC+Rze`NIm)@Cmas-5^RiGa-P`Tw43k(?g>aWAx6RP$LTD*?Sy;$(Rb#SI z2>$TT*|zC$LbPMiAwsna&}moXcDlGwA_(&$oSVDaM2Vc);bv}4c_Zw5%Ndp)=3tNL zeAauQwIgCov+AdHl412@C zzZ*U(3O)1=@1l5=bBW1>Dx(?;ovt>R9xm|Qo!YF#|JY0wad1Fuy4l-5=ffYJN-kw9 z{50PiO*i^n=vc7+;l|>+S?>4EkgL&3u(n_@x${x;y$p7P$uPK-nQ{eh^)SVyIY>>n zF0`|?%PCNuR&^MA5>PmMsVG?7xc9DdS`C$w^Pvw>_Z;US^kD1|+4!T5m#|y7)3J*O zZ95_#xp0+*j9m^{iv zKJE@r^pd(2XJlswSo;hY_l?_tQy-VTa7I#joxU|aJotg#%@CJc%9pqm3?u7}en&tW zHzoUqU|xTu=b|5U_2Elh$sYzw$+BQDXUH4iAHdPCKF1<^Y%efW0Gy=hwxMA{p z91`CjJw7CZy$&!Eg=|>8c4aTezweGOTzvVz>}S7NK1p<0Mv@gh_shrKF)3Bto~cY_ z)@3HOxqW|FKUiR;PI|tvX{7u~gmrV;(pB|AMNKn(4g-u( z0C2$!Vuc3-B>@q=RR{4a{f_cJIA?$1S|m}tHRn?$9~;XhF((3vm0h=ExAE%2e0!yk z<>!*Cb33JXkTe%m+fJkhI;@-xwnOYNTM0m)B}Qb3(;GW?>?_s)ET_l^b_aA$J()nuYLZt?tbTyRM(jcm@VQR4s16zy~12 zB5q~HysukYnRr_?rQtK$RPPAjYw6e3Q$_E$_e+A%1Ltjx?* zFGcNZL1qQ*kUy4UH-POxgZHMz^2cGfDP5mp+*8Rt4?1v2!z`7z!8%PRb4VJS(b)p| zE929<0)OO2B`Lb$+l{(U&sx$|R6b*W%(sLMFUSaWavXJr5fr5CN7)Vc4{mxW1nwF6 z7tcG7++X_imcmUJAp&{rKVZh+kjBZAsQn2~$qpV$fQ0bU3qf^-F(ftfWazz@B3kB}f2;a@H*CWpO zHosgJa=bCX+4eoz?J-P8)!smc;XNWWUvyC{n&2-IrvUmEjmrc00)$Bg+5lcU-D@cs!=L(R`StCO&mW+dM2R>*Y zkA}uzzjbAjCc#4bifY>}_9(jRU-sS|`re~SK-$KuA0wvstEx{%nC_7GVI9Hls?RMJ zewy*f{Ic^)FBr#V2QD~&pY?884kZIKylaF^E+Y@oL?=)$k?2MM`0w> zFytFSZ!0%jr+*?dNQWyc%HDzf`oI*Yro*_v44zgN+v)OL=_RPt^KQb8w?9)42kSZ7 znw!hq#0&g2g}kEg=cq0(>0c9N`#p)|y|Cq&(Gs`&M4D3;WQBzNdKhVgyR11QL7?+8 zXi@$egF65++YSr~WAuf+B?9JK5ft~)_@;|AWXAL2q8qbch8>TDu>!KDT32bNUnGRN zM`ESpJ#ZOfo0j7MYRZITkPOjUkaSTR7gBxWI>2OXmiO(y7T30TVSNus+2{Z~*V)8y z+3wia@hq#4M=e}1Qd=WrfBE^sT}qq5AAOYjg{9h}ct#Ri6bJaC+ANfY!4?R2G*izW zq7rAnmlidM7a`T!=&Fj?=&Fg%GJKo1WP>BMU2OLy!5+Z{;_o&=_aUH$m@jkgYOzT- z-K;U$F8#Q0ntKFG*Hw+?alF`Nq(MzP16J&Gw_2&2+1IxEI3$Bi2bvnceLQRU&3e+s z2-dg{Ol!PDxOZ$vV`TUNH_c4vP&swTTHirBC%$rXlVN_-pPIsWeRCbQ^XKw0JVCV~ z90Yaau!Ts0H^QB4k(d@6Heex#5D{;4SSP$1&P#TxQJ_0%4+a|0B7PRl% z&!N-YX|8f1ZZz#ao*V0qn*+1(XO!?rYvE6OF=dGx5mN05Y?qh}2JnWy8)#_}HJ$cZ zobTB943io(>{!_}g$N$|@wrX5^OyP^u1}(I+bl^6U9CPUSy{2*y?Ql50%=JSy!vw~ zUuyyaR2jWEvH!+z|K9RYC4emtm1|*#83l=UWSDeFA+14}?~*u^6vn>a9Bsx#i7*dL zzQFoaBpr<9GoVFRIOXr&Rge8#H`(#DLaaWMrzphknZoEB8c0{|C-{gOb{<7BR=F-h zjMPO9UkK+i7sD>InKKO#VEA9|>_E5T7556lB+95T0AYFkNXWHY2CB^<%-#KFXYfDJ zOPGql(x>SnZRtv5xrhX8FjDR9u$4(AdMSj`lY~$@+fM<11xD0X|Fwd%k4cU~Dry5K zgL&9lTVG2|yWft1&g^hKs(XN`TgNPSC2svU<~U*r?n>yJ61t~Ky+1P|0#03xbEf$g zn~MvQD3-e=T&T{nh6j(}0oXm(9GutkuRXBJMb@H1L$1EjY;rbH_fH{Yl4H9e{3$`@ zFFtW=E8h5+=;ji&d}{w->or)s`Q1Q_6|4SRw^cz;k%9COhUeIfXPI9_vJD&KPXkZZ zIxj1l#Wu=j1zD@25LO6&-@O902n1#k@Y$)V?^^>Kn1aY^?tBop20 z);xSp3^t3^*tL+;r+5YJ2i@y$yCB!qTKtO-Mi7dxIy?sW#RZ93rymw=ypH$HeIBx9 zZhDt}`ea=hQSTcaPnRFBo;#LpCHI-&t-wzDd)7KH7jh&MHC5!sLmMSJ>`8HP4uc+U zmp`0_mR*!SUOCA)4l1hziadyG`Q9FLD2^RLELHIDwxu3YOMYo=8iW^lp8JvU%jJD8 zV*b;oyQW4Y(Q*5@bSu)b{(0UrNzeE6Gnvb5~wyDgVJZ$(j2%E1I>39`ql<*`OLexKDk2{AFM`&fZx z!IKT;i9xU}%|HTQlHl#Ghv{ltE2!-?%lDQRV6wc0O(ODt&Zh`}sRh`IB&-Y@h<WbfR4T!T@5)p5>rZ{$K~6lgD!}*keoZx|2i$Q!79? zC^9AETP{9GfJl*I zYM#z*gp!3vP=(0DtBuVOygS?|*B4}FDAQCW?LURFyj=rvS0g5##UT2v;=b)H{d4Bg zQIVO-)m$x!>a#gn*LH#DlIK9t05{DK>bn*Nie%6kBPo{9CwWC19*b9iDimCJ3pqBe zAAnuc?SV$5ywAyGerf)SmDhE@etvD`fT{4vIn2M9{i!Y zO@s2Jft7ARo{Q%rMbu{{G_~IZt%7SB1d&#QJ%jRnp{1 z_t9;|=@*M(!wd4eN}t+ze7V%j3h9=B(g2^^k>%03S%=ByYpJW?_=TV}FQr*fw?C>a zhqCgn1*9o*YB1$!QVNI6=O}?rMMo(J#jE9UH4;lJnAr%}(W(H!|9+~K#2^u0zPYrn zlUYGPvCB?CS6Q~@ZnJb3&eZk8OedDfLZK%Qf5+@$Zl) zs$m6b25>b;KxeN<`Abgsp9VZU(0(U^L&x-Q6(=7V#v&E}Wp~`eu!pk3rq-CTVQ4Zo zCZWn{q{IM{B}vN3ruyUKd+P!<#2|U^8KpVLyO5d(b=o#GDt9SJ;B>NQ;L)#Asabs1 z0Z`-G00xlt75b<48Opb~PvkZ<9a0xzQyX-aRlrF@yN0yJ)!Qf=kY4qGmm9E~Pb!IVGpMOXU@vC=ZVo-5{W zQV!P0Tuc1Mlie;D_H(n$)=~~;BDDi?!szu@ZTG%DNp}69Q$kumm`%q64oAsqJ_li; zV^cQXAbJ++ufqIK*`F!Z=<$A5XncMCT|r66^SODo;@mns=-~3tj?6jMIZr74z1@D2 zV?maVn>;{6B1^Z>S<_&kcDe(`8_xZ=(^Q?94fS>bt)#J{G5bDS-d)Fai8-%5YJqaE zFx(ORvXRT_%LS?H1X7!0-P`u8^SdRT-**FJ?DgIc`iU`ViUQ2F0T|5;V9|v<}t+jx7r5T4- zyigs6o_>f)`l&ETLK6Ci3}T&GvIOReSiWyv9*eCsZrJa@MEQ;klY z6_Ex4CB4^rIQQ-!8zH%-JCAbDYxbLk`%5Ja4KqU`LaJ&mNYx0SUxFY2n^~V|yFDG~ zB*cA55|f(RwPa^9{sgvYmg}3z9eI4VdUJ4pFz+%((0q>9CoP*rWTUB=)_iG=`-dHH zYx`Ts_pb*432lX?HI{BlB%U;yk7$c(!*&(0smk8BoXjEeE@(UGc-wDrlUYf#(Y!N9 zlsik+muoh^MBuTICl6q)*Hmt;Q#F7_YrS=H^=`)bpmBrZCn}xBB~l@`p#y=AR2ILM zBU$_*eJp3?SYO(m-9O;>3TtEI09|nN{$M8LY(f2qNIW-zvQY;RH6Kjl7=$_3q~r)# zPhp1?=UOkC45V5|-u}ur8>aK2f9~isKL*I5j#1s*k6w%$HwZL5y>bl*5a)p*h3`MT z>zhp3X&6`jiD1YdGiw#q2Jy1G#mBei@OSRG$$legThD?XYRf`YuYS~2hIN_IzmE<}r_b<&hy!kK9+0^^f2<{~{g+FvCm}?hm zLx{lOpe+EDiU$h6N6=>5;RjXTr40+nmy)m}{fd}v{UJge_o%Xarrpv)JrCE) zd*!#qF4eU5(YjtuaYLB*X&>78?I4jVS^wE-!S_d=Sy^i_Eus_)^X$|ILB_tJj7YGD zKkl`r9 zMp3ROEXE27_%G2e31Lf2YugNg5{|j$BAckRtxa~TxbAk3q>TN8S*QHq&Jc-_lqLbk zb5RT@TP+5DT9@LcZ-VZN7{9|;?S%!ggP$Xu(6q{@$H5eM)#s&$VhkBshO#o-w3{(y zHe7JrN;({J#p5dxar#dmyPzsM^d}u5pj7J8H`I&gcUHvfj_a9yv4N#68@wWebpwqh z!5SZYi(Q%?*gptpyQHTlCC!Z=*rmC19b9iJ?x<?YaTFf*%e$jgiKDQ3h-ptmaxj#KfPNk zU9r9Iv<^kLnP!RxR>y|&i@b+0M_`MwllKt37UM}ToR2H1RE-xb5pr-oeCG_?__0=B z&$(M~H<}ZW#u+8--Ulb(?PmdB< z=50n%dFREH7&yHRR67`viXg%LXvnt z{-81F=FL;4ZaMo+(Hd(}_W(nJdGDuZh&*DwuQ*l8Pw)8ffdNVppND8|#}dyaFh?i~ z9GePHk0r7h24WckbbR^p`Pc19A#m!9>#S#$8v)|86!~N%I3BhYSldIc#o>IRD({N$fK=7|aRvUb!Kx!VM5!)Jzxcw-QK9=o z^}dzcr3av8nOG?H4&0G2e7N)>DS|Y!lJ#d^brcQIw3u|*9-oh6Hemy1fdPlX zq|(u(Agr-#S@|hy8AZD>=;@1kr_R`_h<%(-`CL6-p#-o4J))ZNC62rqplhpN+U;#|4qaH$1 z95Vcr`i0V0kAiMw_aSEj4HgXqQViTd0&8GyADkwCfmZ}?6#-NR7*dw?P3l2dh-gL7 zZl-5%61u@#In9YueZ9}rdZ7?suB5KsMH5$8#FY6)+JY~!Ncvy0YX3zx{eCQ!JbY;KvqAQUufp02j~rd_F~b@ZYECc7(@@&b1JZic_cirlG6b#|1|j6 zr1HS)I>*5|BWN{fkdEXzaNt^t2aa_oeDBJbd7scPj8!Y3JzzA;-yk)GkMsL*&Ltos z<-KeZlw=4!Hd@APa;z>Uo`~pEy9@Z9Qgs@d-tUDv;ldE|%%d~11;?<);IRK^_J%lP ziF8htoY?y{Al%B-0Et2GZ1I`}Zk%PtRTlL%oJGP+oyz2m6WkRUp8i)%fBxXSBcB3@ zTYBwXDUPRd#nZ_)tBo3*kpi#sa@@ka(KUZw7rtB*^(A^UlyBsUbffl5BLmI_r0PCA)yKhKSw&W3Y`Y_s|Wl4*>qE@|a%#0&O>NB3*Jr1Z*3N$fh2b*EKC4pY32DAif z%=QtLps00*S?23?_pU=}YCqw7ybwIvbkFRs9)gmc+UBB#NlnIU)0!iaUA@OtkU5S3e-l8FbUp|4beB6xMt~qI>a*@ zE)KqgQ&}a3*@T@FUnYI6!^l(Deo9TTFGS67>Kzcuws2tB8C>svF}UcMs?Pt`-@j9^ zA76EJU^mu05UbIKJJ)ekAZNAM#zvl(z*1 zAAuQCZh{WlcYZ*%v9}c;ChnUQv-2@?UO01BID3G1gO7H}S~*%7!RUgA)hOF*Ha9o> z3a|0zRR!^m35AWi4d~)Dth=I35kJiJKE#+sV$EFrW@%}>_^>FlAXhJaj#QFO=+b% zJ3oPR_rPWO3gLjSDa@THYR7)~n3g@z$Sfwd9|3*H+WjxKCl%wG76dMy>@ac3I(%Kt zruN&H>3&4kZ35OUF}+<2Q6(sHEdf!Y*;#~n{mcxsE2YmNX)|nlWTKB<#+Xf^=&Md} zf3xK7AFR@JqPUpuKBOuRKh*rAteQtax+odYX!QR01F%OTk3hY8xzbf$_Z9<5^2xeG z5}3jZ780WW_mLaOwoe}b*oVC$naW^}7 z9%lt?X`b=DN~Lc&EWBIGV_2eWa$-S7t43XUJqO>V!Zo-dRTrATUqDTpy3vVvIMn1} zTE;PY|8~ks&Nrp%J2fM{0jQQC#2dL*CZ@3QDecBT$M{n+#|Y2L%}A-uar|n{0pb-{ zlH3$`(OjOONG#-(>U_YrNAo?7pcv>_uH*hD5UONawe*;!I$TeR7%$c36T56N0HnlM zTg7MffR3M}T;ukP9yw+i%x|y%{%=%6S|tJB`fijRZ}?4I{z> z5%JpTQZ11;yJj%zCxl`x7>G1G&ev~gXpsPK2?mB<5zOad3Q`QgUka1935g)k477`I zFzKc`bAqfxVeZG@4p;pwkyS)K3nxD33sWY5H7gau)FcgP>Qx0CHNg_4)wkTjuk~q0^*jsd-kC(4?CUXUIp?ycU4M}GjC@^0!~pye3CY@~c5l^~93;Mr!9VI7 zRr;F#_;s2)+ta)brlf`=k zynRayz`TG~^Eb9)$&+8w%RF<_;|hrSG_@4&;!RB<+R1n1Dy4Gr^xBe&lMX31IOJP);Nkgs?2crfj9suAZCNc5_l7O1(wO@-s0 zXx=-W*XUxmh76KI<}+m>+mXiFCbG4=qg4VE_1%iP8=bLK-NU~LG@jBJ`PjJ9Zhc|g zCpWW<+s{=l5#aZ7pu=mX1OEEJxzEA->!DMT@I1&2F|kRaA(-umxxv-~q}Bom+U>W+ zvdR0fZx+FhoqQ#XR9bH|AGnJxX&0-Y#+qCfTt<1DS7to!K{wZ(nbX`yIpfTs_-rL_ zwg!?#&$b8B2L>Ed5fh~b53a7|2o*QHcuk#SAob0f6%jWjz_ITp-=$UGcSy~nUckD5 zF<^1$2{GR7y!!s;qO$ldhducKv+nRWb#04J*X57#msiAWt_h^xnTe@O_Hja?N)eAI zA?vW}SjYa~FZ%3hmDJ-`>)dg4eL5(C+XAi6^ywCvLxQCU$X5@>t8j3$YPT)H49?b+ zt8N2tL|PS|Y%f4(eMFd($T+QiT)~N}1q3hMBDY0RnELexJ zE~W}4+NH3p=1PsjKJH8E@^?5g^Ycjg3|kih3ZeMVYJ^QJYIps#BD`MQ;CgJeo3TyU zjc$@DB#rhNJY88x;XhZlYCLO}+hcLP00e8EUC)52#xH|?nAiV`5te^qBp|5-vPj!H zNg#{~bp5aB$gw`U910W#yrt}@4st4t9~m%-qR6x~gGr`lYp!5^k|J zZ=|tY@kd$jTZRZRAnvoI$@$?A=?NopMZSE0iCqc_4==7VIHEAGpXh7)8TOh=yV4j{ zJ`Hz%d9c4IUBK0wOyG1(amR7-!^Owxs_x}?Je?xQMhY??oak*Jg23QT#45%#O$DA` ziM%i04(&IV>dG#mM=$;P6;>HpFQ%(d@uccwaAI8D!)CqjFsRo)i}Lj z0(FzORtvYW{<9py1HkF6KVJtV`ew;a2WJpvMqt;xg6hrxmPVdD_JDM)mnABR{hA0# zQ*(YdXWHeXR1gYlqm3{tV160LlGvF#tJEcFB01V82(EWq$JeN@8l{U6d5PSz69E7;kOiD{nmf^GRJ!Z-3MOpJ^qVxSiOg)rZ&(xWle9pBfc#E zeB^lHJZ1yFMYiHUW^{r%o}Tx3cvHiA+GoDv(&ZRY7tBTnTO1&0M^0;rC0o3(HKYG& z9HTm#Vj(D}YINpWw?69CTM*s7RxRHEumpE z+xniW%&wo5*KG?SO!C>HKy*%I-kE*7dNEjzq4&e#`V6W9a8`~4&(=oo?Ir!9YiM%_ zLc(WPAJvBK(8<21dP=rWgZ%3T#9ul)sL5Lr#E~I|b$on~EE^3KQwYG{>G>Jc+HxzxzjFGj|JAYr zW3uG*fCpOfujWMi@w1p8+}{>Y=O+p(2~4+1NuPT&^rI`7ykJSym59ZoiHSQTo-BWB z)rOCx4|Maj1I>E|q`7li=$OHMw)`PqrDyh5{q9Omby zHVYocb~k8wTfZyTg?zQI;8+uV%^vrI8)*Lb+dx-xs+$B}(3Nl3T9j%kY~}<~gEz5( zYDO{*Sl%q5XJud3aCbKAq;!|z4gf%4XmVn_wbhrX>%7liv)mAKbHlJcGJI<&B3f%l zF^M!Qy1ILI$Q#0d8iE?5n=DhXi%BC+qy)Cb2&&6nQLCXGl9wGycXF`F+~00Vc~KGi zdB8%aY)NM`A8I-86pTs6C&o@|OwYjhk<>N}&4Gc2=8XfvOZ1wTUx9aXqX!5;4Wsb< zQ)_{rZYU~vcr%cb?dl=iPAla@q*~{_zEQkVu8p61|gc zvpwjZbGx*R{Yd?!tm)ncyZ!sM^_pxESaNrLo8!bV18wo`N z-QO_1DWs_FCgOYf6!bTC|NrX{oB*dDmlNw_+#~G}HJ)H8xo$o`EhJ2mLaERBHM&XM z=vb-v~agD9#Qf8>qSXxiyGi@aXow%$o zQ)bN8lmf&I6Xu>0P14d*&0>`z^WKy&xqBOdN4L|!^az^!;63cd#mB*7?NjL}!`xgPw^;k{ITd4Yu6PcB)OWNv@_p_D%kd&kY&#$G??oG+Y4kKR3mF3q&~&GF4& zHHgM2|Hy1y302m@Sq?pZ$3~GLW6!i>6=t0m7#$bQ!O(m|!EcD}d?+Al&kEg*jsN!j zM`~P`Lu>(OamDwsgqGy?HI^Rjn!M@t@b}RNav$E@*To7cGY_19K zCU;;-a7ds?D1BaW#ZOd9q3NJ;ZM`G*bvwCp*=xTvx8?Lyi|_49V!!=;#h7%a*xrx0 zZ`zwL7p9HZ1hjIf%LuGUu2T~V?dmuZsy=8Ty{p^{Xm`Dd<_1uLJD z$Jf|)uh}n-lBw@TkNP8$wU49hQ@-9-{CN}3iFauvCBy2&%OfRXo@1s_pO7w3AGuMa=aa`zfy;vpiEJ`_ z%F>27Q#0wfA5&q;Gatl4ykcUz!M4#Fa@{xenNaq6=b^!>B6|#@oUM+7%Ys;BKj4s_ zGj}7&t$%$;fQNr9gA&N;AsOgCNOGXJxPjN8~_V5DEQFGjd#$`y*1};*pCfEyKINq!Djdq;vvMl3{+=>4qyI zn(g}NeonA;nwwtq>3cdXk3sS!n`P&Ab4DhH*G_u*X5*iiN%`#)YmRt2mOcu!S?-SC z@r;|DeAQqcA=N2e`b8|Y{n9v%ILwv?EU7tI!J9jCCO zm$kJxDqbh^F5N8qttVYKGIJ}*qJvp_^A(CMTl|FxjSWB+JwKIoIk?jw`2@H%ZSr?5 zP_vDSsF$ffXmHR*7qQ|*>e-t9ct<)X3_5U&V7-{4kBkdrR3ELbTvnjb!29I$g@`pe zi*Bg=a@AmB>hL5uEha`Tnz4@_#GRz;$&|&3|D|hv_lw-}&Y%&z_0kOXN*|i|DdnfX zt|Ue4WMu8zC?BBhYZCYbGCh5~okODi4L6o}n#C3%#=^{q`w_Gk;z?$I&C5!x zHy1U9OLuxnpw)ti7;2vWi(0x623#_!qS#E)DL;%W6CC!te-^hNW^Lu#uJ~z573Czc z-)u>3#kt?6Jw=T(dmujjT0AZ{@7;ir05fG1L8OBQitYV(cG_<5bnzW*+HM>KGobv` zp|YB(4Qm<*p`WO|rI*cRUCBv}2c;JCS7}xlaHAtsaGrj9ax+TkkIZ>f!NIZ9Wug8_ zZEEKQ2^-HlDe4L>03+)kFJd9&25e-wc0_$Gy!$8{07Gh5{)PsR*q}22!vS<8s_(`^ zyV0yQ%^7u^IzDb(&HprWR#}4C#z2yXUE;JYRe(rWyliz)3agg*>6E zmcP>CrE+p4m>cDDG?Zl+xVSnsnXO@VS=_v0end^r)c0K|-L!R#r5)}3Wa@#7D$tif`w-Q|7Ou6JK!Yf3AK zN)?*3v4C$|QcIyW^`-({CNZp=5(l9t9$QvwEkySWtWg%lfM(@FgzCdu@R#W5BVC6(jtE6VExswv{ zDFh!(I8A6@*@<@A)77h~$O$v*z4q((x8AQ{ALG>j*}DD;<92`-XhKFRBnuwVpx`MM zK^CgMot{-(SK_33%HMX+)ikf-Hl5F5?&T>cm){h`d=Fbr}u2%vD^e({$B-uRS?iA+pW zNJJwD5z&8QX?DGai-#eEeJq8_(EJseqAyV`h*H|jY~Ox9v8Sba*6vP=sXt4rQ_`L_ zczPMZZTExqc|zLkz`2Ty%!}|jD;tD+9eL9m~e@XGn7Y8N-_29bSy0@N)&)QKk12-)F1W@4~}`ZAf!E~ zGB8`w+{pP32J5x*69nhE)jcC}3kK`D-#(k*AE{C;G25JbN9ymIW4(W@%|y#X9Fy>q zFfx}hDU&O{`hoV@p{FUrf?6s8`f+t_V*e?>$dFkGW`UUIYx_YvpcpWX2N7-m$q1mR zA6P##4Oo@$zzR)a(bt&?$nhWavzY9}D{|DrARphbicF7j6P!p!gXYh6+5lC(p|y7oI`goU4? zVmtum(~88(1sUxxwaHVs@KsZQiidb2o+VbxngJ|nT#r9)j{q1M|DViqc$ZB; z(WA1+fJMGghQ-k=~aFWy}vpuu4or~c#70oT&c zopfMueeB$9^LUIbL$PDm!Ko@5XcK78)kzu%_C(ecWH$anu2p8B=z>1%JKtaP7lR4a2%56p8U{gz|`b(zq|w}oKR7)j(7I|+C}wkwFSBbeA-Gq&k^h-g*%u*O*JWVeDyQz z!{J@AvfE={dB!Oa!q;3wTv{-QTt;WlF2HNsfT&sh;ofE=dO1gEah5p{9m2pak0Ji7 zTZFs@Ne)!&e^)W`hbnJpB0+QSVBdj=qCcE9Rmgv9I6-pPtl$ac2={ILUTv}bDat`t z(WX>=wII4b-&~T$$T+vq?E@}|#)j2pGZqI28|d=tGqi3>M9-of8a*&k_-%MFuAUmL zyIaxg1+$)2ceE?2jE`##5wbd5zqY$MuwdGaQ^kwfl%vL(mi=6nE@PE-FZH^&<=$j? z#Ov{rqwh=U?B%jOlMc6yUR9Fh{eOd_ow{tb)%ylwl9sKIdi!`A^bmosrtn4?L3=$= zIMu<{XEX8R;_z0m>T9NH=Be8B^6tqZnR~WzZJb_W>Y07iD7+84>!g_l}y@9E*zvnk*0F>pnd7BV4 z7NJbHlaMmM`&oyj$>w76JcMXTW@y8(`7x>IQQu&^c`xgC#yOCMw(#C1e~`RoIUsQ? zsrgjgrKXuIB@tK`(>hItDyBd4!-EDBXjgJ5m?Hmg5F)WUcTbUF@F zs?7Gie-~IB<1SZV(QCeS;qCS8*p+j3YYA+1L&xHhi-ZHNaM1HljpvwP((FW8`Ez=Z z)xFXMcoWsd{R0D@p^-9s3pC`v8xXb@!u{R+!o-v$F#E$W4B=+}Eay_JBZYU3d>55M zl{@_jxX8}XQNn-ryMH(jPpPbR1~7R(oO#3a`2~VC0??ucpjL=-ni0>oAxzp4;AgV* z^nbh5;x5=ZB>uakUmrQLmgc`HZZW3W+}0;v`1k~A0`?`=--WZ@V84C_kJIQ>2{(N{ z0ZP491O!tAVI@1Ls4Ab-#MN2Tx|cL71%k>6Vti4OAP0idbc)kTEk-m*44g*xZw6C& z0)b(DdZ15Qa3}g>)r`?JRvO9A?gAf0sFnR6%Dw_9u5Rfz3`5Wa3liMjg1fuBTW|?55FogO1ef3ef(CbI zaEAcF-QC?SkaxKEv-|(|RlQf0nmIF7OwQT6clT;r{R+GQu07_J4vI=&4f>uIl!28a z0hlqTE7#}4MfS=nOX$Y{1N3hy7nf_O9>y`|bg@DI$1D@4lR?N+H{=XD08(9xM==mk zf`om4Kf62|5M9%#C}|FJJr)uL4p==+nTtK*INgACcg$=YkjmrbBj|IdB?Bu5e=QOmRYT0JdYX)RumgHmGAAujO%L&pn$pdKjpUyY>d z|F8NyTnoerj7mX4t^HNRBoOn}*-nB_AjW%iG6!J20Xd8ON8_L4^}hJ3*$KV3w@htdzp)jp*B)^Kw69rFFXY0+>|iL{in zo%LAfk!|)pW^qf!Wa0`)U%{w)8Q#;~lOMNNI&XKb76_gX>;G6cvve>uRf@FIpVq7% zC!c$*VD5iUwxoMMyI-=AUq2!YAN4KkDpIlR4&!zcE2)zqStz!Wb-ZZ|?Gz2|^e}C2 zonpJ;h-i2~$RhIgy~UT{Bw)UiG`~5ITI^(HwM7G|*UPg;Vy*4awshL>Ldh59_gMwY zupA)IhT5!DB7Y{7MkECzuO5Y1qx%$NTx>$1rKW}RO^Z^YPlbTW8sZ+_ptOv#iDreU zcnKY&KV0d-+pAUT!rfg)%Uj#N%^O^LquqbRx3m&Z35@{D723-X{Om)p9l9s{%ustf zjNzfFFyi~5-ZvJxS)_j)g|BE}abtQ>y`*(M0@h*6)e^UsP4^&zDDx9$pn4bERT%>4 z+C_NAe;4o8M%k&q&lz}E=2$kTofNQ*_s&`LBRAuUK$<7+y`)mM+)|dwv2!2gW`vN1 zp^JFr^A}5(&j;~HRCI_)B2bImQ(ffQZ(m^e?}yoh4ssIDA4bfd&BvO~C9>EdHkJvd zMyJXR|N7H}Q&Q}yi*CyW z_FI?q0JIWh#>Ri$NzLs4*PXET+JW?icpwNsGPo3>y4rOFKzPa@J}}Qy8aa_Stutz= z$f%?NgYT1gdFL(D+yezqLzI+(QMHLMM)z~mPg9XH!^2U^)~5irUVhQ#n;x#X6U|S2 zvQ3@TH`x>|vp;_$At9+R0;5ftLufu!iz*nv+PRtHAip)^4_`5Jcy;VGKN%PO50XTO6HlsZ!dW?uOAC#D&B>JV4R;rTbc<7$Un5=Map_Egto+n`4 z(JOJ|8fSDftL7cvj5rVXGlbnvmS-@TGihvG?H1+(D2G)HeU%I_7{S;b?+0If4MMOq zxD~&7+qWZV&u3xrA+JbO^Qi?Vf_Lyx`5RE>#XQD5Yq*stut^}u!m_g$6m8M&XYi-O z^{2sLxu{{N-UKE_$8?@}4RmOr$J`-le76cNviS{K5XW9|1*5OLq-`%(Up4Zx4Yi7p z{B=3N^i89R{{37oNj(`8AFSQMCAdFm{Xf9b-!_r%2_;bm{vu)N2N$BIW(eFzRY+yQ z)KLO}@!}|@Ec2rJ2BVn&b|dy;G|DF~IVEMWwm%ZV_PFs_uobir0FOGhE%e*n<90J~ zc3w4Ii^o&kexX#aE|SP&hg7%rT@uFD+_^a4k`Rlq(&Od}jJMSqXaMW0+zhgTj=noZ zBq#C&D(L%@;Tk1^sYV4oB3@ixo;!H7o@LA|3kd_^$?W$WmlUm;Q(t1f$xoLW$i`B~ zcP*sEPDZ*d2)SH=4j0~kP1c+D{#isrpT$#^tKzB|=z+#epf-ct%AYR<04D?^KYEl! zGCdq+wfwz!&X-`Qg>M`}qR~~HPbk9lL2JFs+qUO_f*+DluzY*|JHmro&DuSowD(`F zRo*S-*_1q+PLj_#An2HfWdcJ5NgV%l0shD`{rjWw0$|KOEWDuQWnV&Uy4d3cs8iL6 zLVmU=T9#QpG0y<0#;r`~Odws`Au#qC-yZ7kdbH4&me3@@)6QEBSrzqI3!%2UyV!lx z3d6WmoaSpzKRI>&H9yDvg&a_eCOd#LtO@#RTuTm=6_GeSK{Eom2{0&{YGiS|cj;iW z&Rg2)QVY=&-l)Syb85r)voQW@AAV{u@u z2+=uTf&9Osp=H{khC$$O&9R~#U0g0lUS93YITv*2J#1uC=r)wghCtMGVaOOOilRT;i2GtpK&{-8lj@j2Hro)$(aVZj)f1N~oP~eSb)_2M#4h2Nu^!^Aj zmyG^G!i;i8^xNSOhwt_>RBnFCIi%=y$en3!Jy{Iy|D(gh(g2>D-YziF+&)S!cXoGo_dteI;B^=iUEsmutc{YGXr#* z1AKJ|kndpZ$&bRH5H2d<7h0ACuhty+Nt(Ne46e@|c5)Ip%a&cL>Tj#^Mze0&XxYdI z`PtvrdV4=mY*)idDXLf|Ho0vQj;W^hpWD4|Js}?$m6eu}(KHM=HJ(kuG9fVzl@5pn z5F;)z0wiEmk||U3+ti{7Ig#|8YVG2JNunX^odBs(EB~tWjXf@%I-n@(Or?2 zvdGfTjM{Z)?WW-<*$ zI-ontLe0l;D*snc)bnj0Y`WtO9M8x!pxplF08vbAtabasE>Q6DwM(!3Q#M5q#&W+t zB2fR@meM8-hN=c!j`bS`b-hq298Hkbf)oGYIcuP)$r5dBA2c(0xY<5%@ke~mi*CbN z5W9>B60x+({I~mqCgK;S1oQXjzhZj8#S^c5sV@^Z637vt3hO#75tM`tfVIExI-k9B z8Ia-6?AAk&0Js^3y#jsi#?#N7iVO@F-7ZF@c5CPD$@9j?TXTWF@DX7AWPgp$y8ZekEGdT+5&ohlJT}gk0Es#bap#mhc}LF=l_@5$n7JKuXzj2ZNA>T^ApWY%X^Nx$ow7Uj z){*IL1b%PRagnS$Ep_{k{ZQN>&|}RsJ_|XuiywVcEO^(CQlUxdmg0(Xbo@*z$a=GKkjA_|0 zeJQ=I9O|^Df%_ozN9PJqs6QSu&T$|jBTg^*^-ayk(gvqDITZLrBR|(q%OijxE}eld zoF_H3Xe&x;lsGsz)U~yDD1X-E_BsJP@=;2yvWz8!3&mdc;rML;If!H|y{sr&*Nou% zLaG7cMav&R6Qy1utLq=VWx4i^c3045T7!nId(&{a^7kRlBDM=pJ)Hnes7q~NO6g(I zU|Png+kRLNk%G}nLIJtdMS-~J1ljT2I9ie9Mrr86;pU;^2eB-jy?q`M>#;l33co-qI2=*~ zaN0fb>6F9$X&!NrpIRX>Z_V4brd)me%cB9tG4q}-6MaOW5S(9%b$s(qqV#>!=Srua zG!85=JXpi+ZYG<3)Kv`LCmX17T5NR_g9=Y2l1f#{S6*j9Pq*__1GyB(WbnL;m8%v< z3l^JwvF_7$aI?MVLaf^1E>J0JFt3#&AoBfm3MWF~bOL9QThjU40pT>Ha^529UcL9S zz?1(9%vNeW{F5`Qq~r)9R4s4;dcX89@$VCpx4c_l6UK9%~ z64jYU9X$vs7#)1;sL{|`T1rcmkakp9cCP)DLNoyM`-Zw1vA+|;qxQ5=Sj@bVNHppl zvNx1IMZ3=ey75X6!+O#(ysHvxdhI^{53xxD$~^4}$axj7B5k>6fkII4!u30rL>IMF z?3D&oQ-J*pps7QtWZ9hL`k5&8T^_KoN5k6x=m z81zey%IWz4DaG-m^UI0(`CiHm&W>zTR)RUb#&5hzwiqynlr1({1o}kGOGr# z!5C+uKWU}wWwi0aCMJUt+wYb0`(L07o~!|R`T$qawuU)I;Lh2KxyMb2%^CIz)rjYm ze3qW3hH?U1v=-d1iUzZ;vN^=3h4VuV4E21u)$L=nTpXWF=ui0*mLL z_3!fmjK_U)8};wrVli4cSjm){2TQeA`zZvj!CV8=hH^ZQ>VtH3b({9+X=pOad>{7z z9x!LV8djHB-mz`rex{OFX^y5{Kg?u&p05wAxwkaLkC zOf`Thmd)5z>o2gepv2IhbW2c;83=+YV2EaiV3tbQ(i~;{})esR43LuU(K8e)NgS|YQ*6=N_es1tK#OI779kx?Fy{2~7S zoc_PsP!kcrqtsTG#3w<60W}|x9({hHx1%bTk|=yRS2GZ2$sR=h22>(m8w#u!z+&e- zZwKV*m|K4iDBfSYB?4(zb93{HiYV{!qn3O7{^8*${MEje0BWo2mhTh2qSkEcaag01 zT1+_;6R-Z4NCKcPPli%vVpa|uav#5c(9)4H>LN5xo5S) z4_iG&G#a0}Unnp#Gzlnd+cJ9$zFr_)BXrkJO-zvp+ZxRN)$~q~?BVKWP2MH9?YsmF z_ew-qj06Zqig~@DUbbk4*GGVGz=oRr6*EvFWqAiS@f&#*wp1txd1{~U8jJMU zEwVA{`Q}<5F+2X>DXjlkJrc90zLanjIALRFgp2YI&~3vd`H~XCz4j98ZoRVBkK#MK z$Io+;EURk)udKVrv^R2;@WX-#z@*7g{TjvQ>R`5N7c>0^yy(82s;;ZcyZ0b8Bxmk0 zXQkzYs)W61Dha*lgbLHtYQQ5GM_Bu8T0h9%X!zj^nCO@sZ#}vl=5ba9LSL& zu=L2xt)>#4cSw&m=AS zH%1XnUb8o#uot<{w60pO^Sm!665hv=z+(p9{04grC(ArFHGF(Feax~(@}~lAqrrqA zL&nExXemR!$@InTNM~(Lar(5Ehs2};q?cVp5DCA5_xSY*(YCy5H+0i%7#pF?(MG)L z)2^&oG4gaMx6Q5lGIjbd=KAaD5E?3`FxkofZ`&gNv@HlIvm(aT2+kj_$EuiHWC(3| zRM$mHXUJw7pznf<|G-e_}asngpxyGK{k?rC1>$8h}J-+2)^S27_?mQ1` zIIS7BrS*Z$?UeTe*s-R-BJadUH0C$vO)nZsO5!bgb?VA0DY+1LzC`d7zIe*83e@Jm z2Ahbiu!cE!dfZvHU13D>N7|V>K&2GFWi~WWQTEsHdtAOz=z^-z4_Mhxz5){1*{{-w zDS99|&(NnYt03C%1lyT+fO>wpR0Dx`d6thBT)JEApZU{M1Wb{zHZ1S?-4fzoihsk8 zq9>ZU{|FHB;`;-fg*j19LneK}d!;sFhg8Z|ApL^1N;yBiBsl11+@bRc&v(7aMk|r{ zxwU`L+=p|*5X0CzAsN+iqre;i_N|75TBSB*W889rk-Q7ko`R8qKt$8{aDCy|DPWT*RY7tYL84cXv*i-!L$q@uR zoJaA+#h%V>uviKhp%Z6UqQ_J~>1;vd`a|tU9mON!3A8Z|tvtDA4 z0D#2Sh~|m6jW%|`O4a>MP7bevKzgJ1sT+No18Iv3dHYL*PvXYxaL_FJ=&J}{vQAnT1Vsh6{J6H=lH#N zo2Wk0|ASt`f;6Dn|ATh(-yZ?$$P?_9{_#v>rSC4g{YA0$W?zO7>Uo}K5ilw=0IhW% zY7%NoC(7nE%wL<^$Dk<ne6U(!+ z-Jk`of*=Xn9$dWYCExi71_qgP5gb%_NxC+y`On)4jCwn<>Axrrms`^lbBR#qC~sSY z&VGN4xwXr!67;-(i;lEr+ISSe|DR!$$=}tQUQtZ6WKzc10ljg@jZfGUhm4`KY ztL;z)>2J;bJ!ES|GbywshmvOI(MNA2!7_vjX5P|KMO5nrfCGG(<^3(m`B8cAU>Xi58R!tv*BS>d+OP@-k=NYDUun z10C&99+3F&H}(f`Md?eyv@S!7MLj{P)^)Kaucn_OUG&E*E9TdlkpL$t&{V2vE{Eyh zsq>CcpRY^KK~s}gp_E2tyU01IQJYx+N@Z9cA9pj=N8~k&y^OX7wFckTj%@vn>|N0?^of6?aVS8w%%MCg>=aJjeUfQe zsoaa!dvAqTLfY2Hu^Yd%;dh%U<#q{JE2T2J(#bFu4;B#;l4#xHJ!t09i-i>z4}vK@ zcKf@5qs(vlGE9>bHPQN<8)LLj5i_!B&2 z+j?}W$hD=h^=rWG$~1l3eaq6-P?D`s(lZ7f8{G)%mMj|&iybYyIR=VmQU7z*i2SjRxVjIY9))a?hsT}X=bO5$nG1Zf07{C?h!{fiCf z3VM4%`6R6~CoJ_r3pfUzg5Fh~FR=fRRY67|NyA?IX%R=^fi#ug*~NNHs*d?eNyII^ z9@6RyIP(Xhc+}~oPDWz4j5YDsuenl78ZI)nkp`h)#(}{3xvPrBDK1YR&q_`M%P6JK zQ@|t4y{p?&zkkY&;i($EtG&k?kdpNA#&R|C(%wC|-1Xb^%Pm&YOUSCkw`pMVm0mZi zlF-teu4NQBTYnYWOd1(B=;|p)8Wr0NGI;p8q~~W__RJB;%0fv=h#=|SD&VvwIoxH} z^BSOfVbeQ+S+V$~l%K6@W^;2Y=erqU-fki*D;;1` zXfO}zsoQl&;Nd~$%sPx#(@cpzXZklUH4ifQ`rCJpL=q;p`hN0eSv#IAph|I1d)GjW zQMiGiC&JttDw5VqGPlFS``-r!@O}i{6(s{a+u4n3Lok%D&=8^n;DS+}zbkKtVR?>k z8Q#e?`U%wwmU9M}=R!g%jQi!2v@A{Lw@wLzA)d#=qdxqtBiCztN{s+}i-w}2qUD33 ztBWT0Mbg@#tV2;Udjl~{0!A9FerT$J!O+izEx0w}!b7x}p7#=c^;PWLxuI^K;Wp*B$E_vqF`?N`K+Z`;N3>0*Cx2&y=iAVKBZ zupp*A^a&0b#Iz(YB2cQh7ULHNOV^Md{o8Ci*p>ds5fX0J zGVLhZmXks$hC$B2^HX(?4*og5R^wK!zK)|Hc^d)?FkAD#ygf+yAwnN|!);kWVjrId z-+TFi7kYBB-x;OrH{E=z2bvHlevpY_d`*#T7HQ*XV5X-J;5%-@6ujFZx3aN`LH!Z& z9Qu1o&!L?%QU7B$mVSpj+IU6B`bl>nVZQQ0X$>AeCM*s^a>RfUY71EzHu(6j8=+oU27Ldu(tj*Ct_@fnWbdp_0bYMV zqFv!7UjgEjt9s$=J<)}AJ&c$Bh)^+as(SCgx9E>Q{By%NLGo>voLL7^=qKnPJLu0- zsr2HYh6c%R`CZi2vbxpA&o?%+k#jgXhK*{Ms8&>48wldMtajrV0YP0L2Gdn-x%_6P+PjPdv0yNlg1T+i^5-+vj?J#WHx^dP&*#{h!R%pC zO8`S9G9iFE%N}TSe3cM~tf5bK{89r+^m1;ai~Gl59~!V|%BLN#x@F0E@P^S>H5EiJ zvF(EW2KMCX=$g#I{8DYN-KXlcn9(6Jg9`OV-)lA2N@}}%i1iu>mll;Nn4W8b?B8jl zv2(D&OyBaX>HobHxOCtJOh^$a1v>((>Y51U%2-(NM|)e6HPwS5M5t4#-qfh4RWmb& z=2#pS#O147)SqJhpKE9g4#b6_0@_j$SGHdJw~z^gW1^|mi_1Ebk$;gf2|Y4`E%0I^~Wi}J0)$~Q>23%DbtI!D?s)ww-))O zrJT38Z%n{mK)UivTAF?T^<{f**>(F-vs4@Omy4?f-cKQKq{5}ocMa}W!+);sw+nqp@cl*Viys20jIVFU2MK+mDmCy0;^fGd46qZw!B)m-{QIExoT@5PPKGatP%t<3-^+bM5B>>WKvQpffsF)x z@j^k_tqDm~6hunSfes99wWi5lfG1s?5^l?JM2iRkS77%F@wRIw+=TiS)varNabo$e zN&)y15<}7kUWnZgcj8j?0rT=T8gJ$qiI}^T?5-Y%7nr^sgQ9nP3=3QnEI5xVprNB@ZjLJge8&9eKiQO3RY9oy zC(pWidsF%&;13TEh0XLTYjQg}M1S=4Rao3#+?>12ubxzx?6A_D0aOg_yW`ZtxR?;{ zPys&6f9pl=8Z;6NeJQC#w_OR06|>(Zp_O#6wJ2MoMeX0q(bH{kifXu|-b{ZqMWrt& zEwc*D)U^{8WymI(<>Yxol=YpA1Yyz^b{D3qJ;W>S-4A8gUD9%jrNEobF!f0E_bUU#9b2;>AOoQ-4NFkPsVw2JFXAl1;TtkJwI%JY5sPOWY1Tiqh0B? z7v`W+7>gzIf8XJgNDGOy0be5``zw3Fpo0Q3h!CL?NHAQOh)`NUNyM`Cy!}fd{*S$A zGbRPLpj|Y1{wSBLY|(v`$M zH>6GHLwt~)*OmyAx~2%%%f7876SdVpDAfzX6HI+pKjW<2?UzZ#Lm_XM=H`%qxrKfJ z4R3Gx`)$RFrVG<3f#-G0K78U*Quqco_fnAr{_f{nB04%r2~vFS?(XIGi@ZO6{9xI< zzgy{?#LvtwR?XKfu#3P?MIEP#2pmzCa;miH)cadJadAP5H)P5mw74)F8yydXP087K z6ffxt9QUGID47hTEa4ybMa}gu#${Tpi2ItqN(sWk!k$omH-0mO)MLjIX$rQ+_MPuM z*(9f{qk0YZki+UyqzAV;AYI7p@dokM;~Sv2+ky}-g8by(N|TkK{J6QSzH^jn%fSJ4 zWevDxX4*y+7tyZ>wm8ExXdy!VrkU9>kf7M0qin?QDE$yYaEJlhKMdo_a~QmVg9UG8 zZE-1ykBUHHEy$h?148fk$cD=b!9pX4(Q2N~WNh}6{$O{}kfoe0k>0>sQW$4T;N8b- zqkSfb92G~Xqcxy0_|5*(^&9qks{dkg|JY_CV0ZPSR@VE&+g3=0QQd^}8efFU4k%Cz zt8~6MUMiOPNWh9a%09u>w(jdgVCZveo+&8j2zZtqwq?!Ffl9C`X=qMP4rD9I5`=Dk z88lAPuT`uKgN(!Us<0jo4i0kMeBDu~QIwIHDdNuk0u2X;THVR_JY`uJ2!Xs6#r{MX z{XXPIuCTtxc~kBeRwStFsB=ClnU2_ZK+6zYAU&jlodG)yYl=` zGwH8}3q$r3n5U84Ltw#u(#{}wk`uq=9dp9-Ci-Aw-1uC~v>yvKDdcAuQvHR=OQB~} z>fCRDo>;$l?)?Uh+eNIa{^^+;yV|=<(9fpzufS5{U#; zb&_n;kf{ZFW`HGGiZn)bVR(9dj7ihb{x)2}_sWIB5Vvq!a(LPrPC@c)|?!u9tj zF{WA>Q!{np>?+_&-cqKP_=a~uK0cJFP;XG|y1C|<(AY9ly&RR+;DJ_FUmjMoytx!^ z5T-g?ac-w(e;9T-Gq;eDMs2&E&@$7#XI-ygw3~UTrFY%tFZLOz*(iZaiA{QrysZ>a zUarhIoXD4G8ip75r#E z?ZGd1J2mMd|Eaw(?oIa4bh(6QWn(`%m#MuqoCd1rdHtZRId_&c-bBmy@DM&bJMXns zJP2sQbnl9=$dX3kUS;kTO7%Nf;KCQYRQyL+3E-own+%Wf(nr8|=#J>TK5)Mf)u z`+E~DtAJPz&i#tXW`kSft8ON2rGe%-oRo9p>4f2X6P)zRfR&?}p2R$F$9#wJv@qqq z7t!+#jX5zT>fJSXMJMK~NYsgTp10 z*B*RD*sK4A`t*+UBKuw>wftcpFePI?X%QEATVn=Ynhv_A7EK z4T{qe__|E3TaAJqr*Kl-7Onv?ChxZMmwsz_r>YJs9ilDA5*w`9tz`W(Z+(X#)Ks z_ifQUFYN}y-}d}}g7hZ8XPA)YXJn1W;ODR~9&UQNnuzJ8i-DMFsk*V^7r%Po&Pkc5 z`dJ+dlH6SK3JZ~*Ft~P&O?&`SsexE5wNhX_y_TqrO<}-pC#n!il;9l=Fiyw{wU97; z!3?|(J{eaMc)_*oRHbYJG2Oe&dVqrGdj>rryS4^c+<1wm&pc##AcG zW}b3eC;ShCKT6=-+;f?>7h)i$p@0Uml~8n4 z006u6&oKY<$Nq^LQAh#LlTh@e-dZw42w?Ub#VK7i96J8y$Gd&V?}uwKclY`;zd4)DU)*G5 zpftBNMCfWDKD)WWc0xagS+Yz{??Wi55gWU{irElETZd>D#n@4pasb2FDnvWcTxrPZ>$ zH?2Rw1;s;y!Rh-Q#W;_6j09pbFb^)p2dJ6{{RfnYpTBtv<7PDa0`MM2W&)uaJAZNk z%rHnZzg>Nc7RIbExx(4jclI;z%YP_om?-p&L>#^OxlEW|GDb!_?$*~~%wS3}TntC+ zoG4|AmFE~RiLW3L;DrrwX)F_PBog#2p4{C*;#wcTdkmS0cqKA*?epw(ak(#DN-o2D zC5d~ymj3Wd{^uEaf~a~3EHKl006>>CMnki*JM@cBx9iGj#*+t6_F+nPSjYAXBPe>k z)GRD6{U#q#|COa(v%-45*6ySOnYpc( z*cSx=drS|irWF+xke**`D@VkOFOabr&|=#Z15Vyj2?YP%2xC-MR*$sNFc`4JHAGy>$4dj)Z3>JF zI6#ZshSoOwfgZnbaL`e7Xir%fs148@#G?J=kf1P7khHQf+QcN6=;CYIz`qs?7YBtMe2A9EzP+p9t-oKUde?HP4oNB0+K`b(n@PGGpeWFIdnonEHzKK7j3$@rI9csn zZP+ixv}vHFrF}TFd)JG9e?js943`i!cS+s#|Mlrj=UWVn@130llRnL(O!xmwWc*u5 zjVXs3N-0B#lLgSFPutVY z3i2ruOkEMa4D>Kny5aDnrh4b0sH#09hCaXy6@7s5Y*Yo^$sFBA>__`afLRO(^7t z6#O=JSb{2B%qUj*mAv%jjpT!V21L{OC_|h0=T3bPAPB^%o3Y+?a!?bkFzAXbwkU^H4QQa8S1=a$!{- z-md-{Cn0BiO`Q&}6t8WUUiZ%*{+Gv+K~5r5c~`M7@HsBDi#M8GHI%>l4qaU9E&YBp z79j?yCPco=|03sT>}s?w+7Cbh)Xm0QF@Wc7cEpm&DwVCL+L(ib)_Bq_K9`5{yB~-_ z<(8t0o)VGMl46JWqm!{rj9}@VF=9$)5aqk?X>zFSaIU4r^j|PpVNVgtTxd8E{?aMA z{ff@*h@RiB5wz2YjZXAD1n~`;zg(%__-f_z8#h~80>Pzc0(;jAZ<4v`Ubnm<#~(B4 zESbFXA|ND$(|K+E<=d<2ZQcNDZ4Cod%HDy@f`WRZ!33`A_Ith1x4keFx35)64B4g3 zx;otR%sYZFw8apQSwVRupniu+#X^?=|112`$1nRrBOfp5fRRyapVQ_7sq$^D0ud;H zXlPA@;Z`QhvzBS{Kv>)BxXxBVA*5_|`n|OpMtTmUq4ci^rd6>dT-0Je-#;h!Pu${z z4fxn4CsO0q%)o0HLSF^<9c2Gev@IU2hlkq7olnc(c9L&YT|_-O6-T>Qz^PjnM<`P` z>7>Dyr)Rxi9n1z`$iI}+f1bk=Bv624+uh$Om$}nV+$P*(}gkAB&)~3nrRyA)(G*!I>@=!5`-4c>O0}Cd8o_En-R1 zShcyeFjMvmFqaVucVZeSd*9&LAY|->rYHpcXiD|9*9Uw^DYeI)LF;!MV|e%WDu_3Mp`E18Pe zmveJxCmrG66#ja?wgKqlnaZa}8J*v)X;uYxME!*LIu2g%jqTZ{_S8+|PRs8zAEl~Zv30_XWCwx)j5nOD zWb*g}F%h_%suBx{_+(vUq;{}?vlUAH?7WNubkw9D9ERd=Pq8xA`m#a-$auhy9dDk7 z+K|K`qwA|;g!qMR2ofabZwQT+S_L%qS8zV~Tso^YvX(0U`q}R(nPd4X(X3OM@>-_h z73Wxr=lNrT>-yJ}yF#jlm*C9gG$E=xAM{!qGWlJPl|;m0{KfJ7kfX+5E|Fm-ucozs zH5FRZ9HCn+eMW#@EGh;|ftWBHBX+eVFukgCz*m`fB^>6KJsmmHEreluWbqy`WYK2n zNzq7sA&zq#J(#{r`Et`Sg~=W?0){Y*j3p1QGSfv5`IWasF_17>Jc7L_39NcG$wu+TNM-j zUWDl9aB^^+t9Q?EM)~x?#eUvbOSLm=6g@p9@B$SAYCX1v%N&|OoIDM<(f%e(hPAnI|jLC3{#y`9_7P}mckjn`Q&*gi`7(qqe$~+ z%*>;1?t~ouw8Y7ZQ?saTa{-ZI1%oEslcr*PFMgV=?G=9JeHcHcLfv#vmfkivW!N8_ zk5j5Htv*MqK?JZ`U(TC~>CN~Dw%v7xPu^>#^j02?ymosXWey*iI-ks+;DQ`Q{rQnQ zp#}|NJtmskc9LBb=~85a?|7!GB_XX4+8vT6E!8QwJ=4v5a+bTrNmDXHJ-Ti}M#4Co z7>WrS6;Gs2%vd;~{2jiqlXa6-Np~yb2zorwZo0YFPW)Ls*6910s`aqKr=y4Zf*nVd z(Nmjm8{@>Po95K>{Q7lIQ4c{gkCD-l36Ngx;b#-C84*;^Np_Demaly8v&M7KHSm`_ zaQt1rW!xA~^5*vhy?3^!8Qu2S>l*zc#DHmHLdJ;MpH_SP$mYCal{EECK{g6EK@{EE z{jvIeF|=R&6=7sW1N9vAxRC<)Cbz7Yem|q4Kp}vcUH~TRg!J?NhIO&)r9qv(-ZDx& zM?|uSlPEg{8M@a>A5(&VBBo3=v{(|Ek&2FhRdv0_^!ONsU$bF~h%SFbG%HB$B4wp) zxs3cXmbBrhFR|oi&a8geLHTII(Pe7PnXWq8w9(M(glL3Sdn1ZU;6c4s3|1s z9}I>}bv{5nG`F4(zd&KWy)dg^3xSKIEJ2sJoVn7ri@tAec5~k5kY3KhT@SW8=_I09 zh@*;h_}M1LD(o?Gga)!~QO(duz~zB6nK+7u(=rYqE0Yxs-ou-2s!u8bL2ZyL(%dte zATB+&Fv2|N1%?8M;x+++(F_(U%@#pR0rLT#ZiOgzRT`yTX1)NXkvhZQ(XAbMAfu5wO;-h20wH)=mOR9r4A zoTDm{@d)`*q3l zxBX(QTY?6`RI!_rZp)bwylr>|4D&^@3&deXXbiuw(&m4UEB|_{`92x)D=lwTuH_GjkH>y>5Z2E#;+J>X4CzMbbdQ|{b>$Sc<7D2Ap zf#x|flX~CYQj)ONovF7xW=!H8fdVBJlNpX$E>YNhiuI*(F7> z45>evlLh3P>J-xVR9c4wHpJPcU(_DhE$aOsf>xda7DXck_DN>?;D-nBqMd!yA`+&& z(-LdQO!#X%CtY}eZyhg=1c5hSk&>B)M|oMf>CK;S%1vg|O{bwTI9s^T`=3|vmQ{?y z0IL@Zas6-k$Ts~IQ0!?`;ZS3m7!?0nm1;LA%==REmw_WED5b7d-T^r)jo!B-1O zv5+KbFOtYm^`(@JnxIL?tVD#P$0XptLhn?4(A1ccZ5sqK+q9&&rcSs7~uUk9Sm#8ErI7{4v>!CqV}^j4L$qxWIZR?OO`MsYCWuL)1F;1$1_DE**MPaC;~VZI4*SuMj~Edu-JuZv5{n|q zkium<H{D{RrfcFC_}Gv zgM(}m9o^DaGevN%b9#%}k&aQM)Y#TCRMY)o@b~$T=x#-)sO#4f7Rlr0u`FA8T-4_H0ij~}TWZfg91tPi$ z&+afY1;#rLf5RWa&etZp&suv#1vC$H+k@WX$VF)Oqq3&i;>nGK!PRgxk+>K}_=Pby zj~+966A3QrJpZljEq#Ob9zok%+vAl!D+gQ;svHJ*;Tgs9m^;ZCqd`5o<6n72)1?ZbNb@AW{f%E|D>H~R zhW%^p72CqKYn|hq`m(NrbAuy(NcuhSd3j3d&(?c3Zg)RbZ+l;Jp&GrLfeDIy6#~Cu z^A0E#VR=8t9o(I>u+x5JtZ=4!&p%p}26t=^{ICJPhJ$>YM)b*J0wQ#&H;$hbW||B7 zua_7ts+GIvdQUG}XL|z`#j>1xdKWQ_WPABt=wcH6Trt=?Zf=U9l5Lb~{p7O2Bxz{# z;)9(Ax*v}!avHw?S>gIn6M@?ImreQv#t(7SmCnqr;d*KCU$wCy~6|;tKB;~b@Gy;vR>~835b#&z-;S}T9?=nS{9m- zBVptp`YUoM*#9%88VMUI0T3_zf_9uv_R?S`XgyG4LR6()i%#A%G}2)YhnNc!QpNV` zt6v!X%W8b}T(*;jO+#P{zFv0I3*^7EnKBy6TZX+eV4=RHr$7JpTd?qx#(M!Rsj;8{ zY8%P-*>y70lX&W_lvoSG6vKgm86YMkg)Z{j1aVcXN2klH^^>uF*bQN8_GeDfe)kd9 zv@9?H@)d6sg`Z3`>xplk7v76x(7Hirj0A4L`>Wc=?|BYIQ2VN5J zH72)wORTYNY~2K0C}tDys_lw*%aFY?tSIyQFzw~T2S)}zE3iIU4d?3w+{o^_B0}n{ zyO+7ljPnp$k##X*4^shb>hHhajBX^UxO^tczS$Qe?ubgT%?a|0v!Y{uF^T+(V>Dne zQqjABO}B8II1am^p)sQ-2iEn72PG&9Ydt_)peO$a!VM6C|BMmSy5>>YB@rrh>CFM_oqiBeK+LDX4@8{=ZZ0M$;>NRxN)Aav4Ercp z!{@*oPhctk&A#@OPSXp85+o7jgt24)*21@SYhe({&x&`cms&N39$!=q=Cef<|8O=h zwKbbjYmQqfQmp{i|1sr!rcJ%x%05JukKtK&2`;GxE6;xQzmr5=Mn=}{m+Bl2}|7$!EYuwJoZwBB97{|+Iiv>-DaJJw1eVNqfB zI5m8ukLIS3nuRflNHjxXU4$1Bx(8z)VfDK5zI=Xa3UN@hL<=vLSK5uc;PTFBucQ8> zN0VzoNQ=>@5+f@9x05b+P(Ivv)OCovv#$cXAbX^_wO4*@-*f6cI(3f{@yo&dV2J)= zAOduC}gTSLe zWZB!>uEFCZzQ+-G3X%_5Vszedk9{87&iy&%?xrrlECGK+DD$xYZn!hV?0GaT z9^O(}F37W`CgzN#>E$728?)+y$<3F14l9F7zfmf63Y!zXyr=fDDgH5KW70ew5@LO) zO}0l)>Gf{PpM=-_k}m8Qf?|sAxQkY-uLth#Wv9=0G}eE&cu>lb9bKZ^zeJA>moZjf zp)?vsK`B_Nl!;~s8B-#6+mI!OjJZ!Wsd=6jK5}66D%*d2XTZ(%x^Mf9gi?w@TjZp} zr{#osjGmRR)-*dw@b)@7^f-TT9ovmH%QSyASxFxmU^@!fU3v<0yOY2|Moxm#NMtjol>%=gc)&eINn7d@oG_95{P=NcaR(E)gR~eQ(xvrh$Hv zI@M_Rb+f_Wsu@V~M{9iP_s-zU5mv2MXOC^jvBgCSs0^m1G2PWy)%q31$XdU+ek&WX z+lBMdT}?0MTyn+!$&2D(-Wx<0bcy7E4Z)j#U839@#-hp_z>?~4ZZC2uY&Pw@U+YnL zTFvwKQ`$&kESLY{r`MI2omF--gso?tG1I;_?zQvDt=GbkZ__$e{nJ(lgH>1Uf=yAq z6M#r}*?5Ic-T2_nenz|X?n&bx^n+Z}#y(TR3d0{$xgrz`m%Y`CxpyCd*S8UigvVEk zw4`&?-~qM_A@V^|UG*Uz-o&DJ*@9p@ApOf0e`E9%K;nl>y^|>;tQMxmeBPuEU?Uw+ z6$iw=> zw07__P&JG~?Y|WN40v#ogX7VjUbBw0+xo(3Oz!pAfGcB25=#P0ha)*4N=Hs6Hz+5UKaBSECQmm^udWQ*&{k(hF2pO90-1;ftxx?#f+ zuf^@unTRgPj{W)&+g|AfO}FdBaY=|Q{)6za(js{}Sai(rI+Q|7OivTNu`0hNvMPuy z14JpSRcw?;C|z!|e`-wq=fOhGnH1+v_Ew9c!zUWF*x~bCIoi8N8@tBovkbJ&lo-eH zJn;h&0}OSIWm;@TOh;)(EZ<*05EYUy35}6}w+CCSi&z_j!0q#EL}dHHI(yPJyR>g; zO@d-L4k*&Muf!?Ry2(rX>l`!|v+MEr!C z_M;4ci2Nh6&v1XR(YdTV?Ecg-tL88TQe;2}nW7QhrFJFG8fq5Mz zUw-mbgMq&#PRYVD@cj&BK0bR*v5Jjj=Y>!?duDh;mncO0YSHd{v8^~ePHZFU7Bx$z z2T=enPCz6h7&g6X4PKQ|iwawJBRe@}i|y0`hZC!rsufZG&J~~{GY%yG=^*By{319w z1cmk&vO(hzVFccatYSxf8=0(6F=6>J)%-+)GNex@9xT0p%R_>NYF@`b@QQY9g z3VuU_|K~959Xj~Y4qdP6EbW7Z#$J9T*Hm-}s&0Uk`grLN)!SUQ)6#p;l+*py7t)!`myh&{H>$H`3frPric@eZxV4h{-?| zMFCs{S*<5DbduTu%ki?EUs~y%^=;uyE#3*$|L3;<&qFYh1Ox&`pd>?pz84~jSsv8T z&>+q;NLRH4k)W^tMJsIq(%ofn-1=E|gZ0MryEwna{3kn`u&G?T(6d3keDQDYf=tx- z#frq}tB`1tvW*i^O(dGbzkx0R`O1BNJcF{54dnGD|GmaJEh2_`)Hw< z+^JpKNaYGEwLi0XA-k2>Z(rf-eUiP(ml40=r$jb21INp3XW!-`8tj(jV{6}c?*BG% zuRvmBH72VL)fN^&>qp(^;{9ZAv9)6kIT~Jl3l@?Z+9s2N^+@I&cVs8R_S#c7Ms^>l z31r}bN$sg}(D!w=G^2*a#XS-R%#l1q8I40Ex1&Rm!4<&(0s)+p-fHs_ znq~UG82D539$_&s(HR*Xg#curHZ!#*PVvrNWnt_rSquIpneLMm$=J(pBwp=_AHtWW zs*U=S5w`!8;`)EDFBsonsRF6Q6%-i_1>Q~ubhvX6*tO<7+kQ{UN;@6m^b18M!(7O0 z6ptu94wWj1R-1!{9?ib+BG316%kcZNN`kCg+NAyOG)~1*jIebM`}`ZxEILo5>qSSK z|K7KAs8v*SKqS)+J+zYhCi9a6Z$F<&hDT2h80IuX$(1ZXd;9yV=f7vfon#rzEiAgS zCM?C|lIkBA9K^&Fm)HgB;o#ehXhP4(6~^hKY{?v?la`$U$QInsSMdxwkiK zGSroGT8J?$*?RZvwI3XX5*-MYf0J{ZRS_$sstjU?);ZG9^nB*Fuc&eeDBdDyDTkE{ z#}@H6DjM7E>NWewqx@{&di##M;nPTuWGHmg#pT24!3UX>^{LQzCZ3kz*hI56*$c)k z?ceQ_jhI9(W6$H{bexUU;u4S{_*`zhvGJhAcYsm=!A`FH5Ghj*Hn0gufzk_@ML1Eb zb8=8|&l2PR(kKR_-s@C9X$OH8yT&;*05EhB;8Cb*H&oA#!TJQX8RJGiTQe859Cc69 z4Nl*G)8{|Z^%c-_#Q4wqz_J*y4=i^kw7rE7iWSw?CTwVO7nQdm@%iB-@Q%CD1nmxF z?qiFV)$B;Xm@ldKh8Ia_GO4&TaXtCuw&n0o@Lso6rRJr+7Z!QMUbBLi@FyickKn(& z$pCfKfJ>70K+9ZT@>p^qMEMj0L>>b_bXKPvFS!rU>`O9uTH5~A1nFG=k<4c3aQeh* ztblz`t(nw)wb<1#vJRFbO`#r|LRg|}!BnS2dLhXt3poO^A;BdzQYH{VelU~m3vw~| zqq<9kx?<;7(x{M`wT_J&M@kO11id2Vcj`WXtcsOP5!EHV)SsjR%hJ3xQlR0RB*|-( zUfQ7z<3aqdCXXsC#qN{7^BGLU@{32AK9I%@aVe+>HYLKMvj)^|2iZT)eWq&$=@Q>D z{12D6Gyh^FXmJrw)`(=!$kpxg#S`Wj1Xa!SXI+txNMM1DjG|$E+CH+>vfbOq*996X zb7*XZs7H5)7M>`H+DW24KAk=9#Joo3&Z5l)C70GdzJ^1G^ZlA?fbX9{67gITC@Y(1m3=bY8^G&-;YvMKDDW#A)ir8QkO?<4IItLA)*%xKv>OKz^%j z_Fshuks45C2o#;>2Jc;Hk zf+kP!j2p*s2H&c^H2hbyI2>Uz7Z-8mckKvBk-t8iri?Q-XffK{z&YoaUpZG(S^N~K zsruO^VzMW_L~yWQ7R^+>*2ba&(-yF8n~UXT;W;J*x0XQ=gqJj5Xhkz~6? z%a$oXTZ9kZ&F!M#heCQpf+JaZa4sj8`p6m!wWBjNY~u_(P&wLKl`?SLzKKLqgJcMC z&Y*;?@q#(BkRd>PlCVf&*Ok5Se69d{u4Nmde$r~<6ciw?&PYH_Qi0>4du2STA=4PB z$5hQJ1FNy~55%E?g%-fuI|~*8KWm)Pahz7&`g{}&tIaa?+eCOa}eUIfY?zbD~J8yrYnqDhy{;EA+Z`8j`I{A9v|3`rD~`Xo|cd7i?jl=G(WD;WTA?&=&4`zm~q_7bRPEc_nal6 z=&#TNfI1Rb2Y+Bdg`8f(HXQUpHR2MO`m6ssOWyL(5yxB2$r&>s;S!9@Cj zjy&_)tK+9tRfkyQ1fb3@;`FQ)HX$9=d>|X{WGkX1)T6F}*Nzhf*zq|qzge4rGYslK zY#@UNSOI28$KGP*T~Y<{m~u0&He3Kl(y)L)Yd#J>AVnd?4uOX+141E;?F^KMTt!O# z;%68tM45TPju>f!8tyvd^}t(pp4ZNfUv#k?k^|ryWoc&iG7#yR8G^7#bBju7M6I0z zDPeMIZ<|=xI1%YlerN?&UZ$;Sg~}>G-JWDmOj+~o1f`8!N2-C%nH=uvOZFKB9O8cm z1GFFc#Gxtbz5!YAH* zuVvl(lMiyG?3vg10iuA`w(`!E6JYoahONpi0n!Ctm(h2CWUd=YKfn})XW!gOB;$kn zKSR+(26*^K@m+r7Jfnah?Flazi|p&h>{D=g{KqoX1O;Zz>|2+Lz$i4Wj5@E2Dl!=; z3)Zp*MUlVvQs8QQFvuX`J3AvTS1C?0SR+*(1(GfUjftT`Fjy)2U6yCee`9!b2opQ#X$w-;lyRTI$;jKK?A!{G@fe+K2AD%@pn*^$b3} zi_dujC?|cW55xWMw=D!3n@X8Qm{0)$*;{rtgivfiS1lO4j>@cV25fBO&iQ|GLqUsp z8c;Xs_HT$;DDO+3CSOQie?lv)jmmyeKrAq~cbSFfOz@vm{lAp_5&{0@feTYh2n!w* z!9ZO|v$4kr!JF8@?lzfja1uwbpf?pvSg;kNO=IJ+4Kp=3YFr51@2RCW@ia>D%%h!h z2vXjtc0Ty;Qt*ra3x=wsz_xm%#7Fcv^1AUf|H--gwcoM+`&G02{QQy>Ww|dEB~gK~ zOQK=?~dtrNS9`ad;kpjKo+Ec-lfUBTU7Y~m(XaU>yyr#f1fB#09WBz$zAEyd@ zwcyM}ItoFqg?6orF!dj8&<^L+H4O?w0S2}rGk*4Mfna)#e#Pa$%c|;AWE{uT8n(ZI zBH8|Jb1K50382dTdefC_G6Tpi-5NEZBf~NTgKitYGw7w`oy$b=)D=E56%jN~6|CzCwx}Ze*5}1rf z^_mr=mT2l|L+;{+Ogk*)6VUpy037aP!+IU2bjVm8M5sj(NaoGd;MnE#`Ci@<^Q9VE zTnyUS8PE&heU1G`8rye2yHB;ZHuUsbZwrYMu34T6mI!Z86mKGtbq2<46lI(^{-Ozr zV@n1Z4Ai4zffj8N`~@PAA-bQec1w-)gXHEzzLok%nLTT$K^v)HIPBAMv5n+5zEH9@ zg`q=SdapL&^m^?792GC6fCBJkXe<*4{8PY-vX!QWCRBWb$ent(g}mY>G2sSHakQSx zo{u@)7=3Z0W^3XiN+j5+?TZlHSiG;u&at)DdU80!Y5W*~#uF3~jtmj31&olc|NA6( z7byB^*GZ@23$@P=cOg=KSE8wDlAiA04GkJ;92PiPKTL!bGPw~73W^5v$LO%7jeSln zZmcH=eDdZ|Rvt&2KV0mnez(3PzBwt>RMAnP{~EitX8NHg+=q8P`o~+pWdj5IcT)_X zrsSY)d*w_pSf|9v%JUbrh34bnt*ws_ORs{4D;3g&Y!I{BP85jvoFTtB`z)3KwR;#k z2~X#CZcVaprNkK#^>_LE!A`^!|h{Lw0U1k z04D73-f^Q;s;Q}&^hJLHc-cRIV-L**uAQ^^M&q}klP64>#@QqKo<}B~ zwk>sD_ev~&l}8qKcI>lrmk(oemYqHq$?>oZ19eqZ6q}i<{_`fdtE0KFFC>n))1oqR za=}h!{ZR3q(6``&w&bVtX%3yofs#K#l6fQ!5Gj~+Zl@(fi>uGmG;ZVwM~v-Yaz)^}~d(&T)L<*mz>D`Y)(!Q>!qOiMcuBC`?& z+&Jp?{T|EjaOgaYKLG>VEXObpVn4qs;?3_>2J z6${xHt&aArJ|1H-GT~>>_@Uv!3$x>JQ~+lIkjM}vYBMx?06LI?X1l}E0uU})O_{*hKBU(L5H67#cy}cqlC9S+UOLNBvr{wkUVO$K}Hu2O`Sjn!X zrG`l(d+zU>Ur_t4#&m4Cj;IN+cmR@WmB%K6=c&TI#sZ*qVNj+K)ns*bBt-*bU7$t& zd2vsM_2*T0eZlH{df8hBAfMN%^k8UAL}r0=D*0({*CNf1E{C^gsS*ApBuh5w4K(iPshx69 zk3vol1tQsG*ye@)l{$S~7wo*3z8QjubSp>6Do zz^a{5`O!un>>(V&tI9mW!qS&(J`(CK(|MI)QypB9z-xOUA-QRp>kX$>d4rXakpYWj zBItg4iS%Km{pFt+IhAQikOo+I#cO{gJ~!2d1rdxVayP5~{nNz9FhW-iv$I;z!jGf* z3jbe|%QA67Pk0a4-O1v*d*coUAY+FG4Daj1ewV`=%8W@5 z#7}1r#=SqBwt^V3i&Kr=84TpVFz1R)eR`FX^n5>Lyt*EzErFZZuv>4XczgTVab!x~ zWV4*>yTy=JGicGU^$KcibVG6=I?j_VU>PCopl#^JXYgZ#LvV&+RDm}R+cE0JlEkG@ zeqxq&+yw%2ck`sHA1S{SV)TkyfDfnrha*jvw_Zw0 zzd$r}Ai{rL=Y5->3o|=)-u!EqU2kJmLnM4nH#ImO7S&;!$j)%no1;*$r)|0hR1*oS zyB?qqqe5h$WGUHiw!}0$CNW|x%58{YL^zHTffAJHD3A+f8nj8$s6sE+xpcdR@^{EM zvMCFfdh_Le*|!=)o(b&+-xc!TD3qfo0NRUy-`4&8|HMB0 znLskCSAMyVuMVVf=&{vhSKSY0#{w&5hk}k){IFyYzREOR;EW{FMy=}6xD*rr3I#Y) z*z`$>ICHK^+t2h}wyUwq!R+>%V-`CMd zR}{1O#;xJ7Q0qcys`+L<&-07(N}S5B2ga2ltD-F}tgp9U%*G~DC*||TFYLfsg-04S zdwd+tU&1)Q`!U;}4SBD#>Q5IXBi(l~6B3>;{+N}nwV>axP~+*)DUo9G@y!Jy%L~hJ zLGZQd@?5-T3|DX?Td=XQGvWe{fL3BxaLQME>BWND7;NfL>W>WKOCFfzr_k+RXJ>M}J{$C3SV^cnbTH;8C47C`)ZtlUI-0;`X&Tuc z$IDTZGSK(<`KG7?0?N5U-GZR6J@Qc*oNZb26&agsMz_7S4gy|Abt?GMX5v~~Y z{U-mNlBETWgn=ub*IO*L?}~Dvq$8>Hj;H;^9ptrhsqDrLg$>&~)7HCIoqW;$9pFEU z%Lp|-&REMv`gv^|IC!MUQQOacozZx76n7E@!6niW3#5 ze5OXjC3#{OhGgLgQ6LGBI!P~Uu+ggvO;#BcK(t5U>m63cUgn<(pA_MrNo{t_)085~sSJLAUS{ z5Xb;3BI7TOFEtm#OU-j&BZD#_1HegCR1HOOOX@wYQqz}Q_ zz0hy=!6oop#|f7%V4wwSwcRhHdR|WPz-~@C60S!ajKYEknc^EV>0@`}68xDsPCe|W zhhLv`Q!K^?5BiMQuROgJHUHD*ePw3EHk=W{E%NiF6xxhkIPyd5$}RuY3vHo}hv7pdWmBCXFx0WTS9)WG7qfO!RRM8PaUALsUk?#a^e zGHRj9fTC}y9L*wKj*k@m297<@`6XBkwT4RG6q(b))X2+FR&KkGI~RY{_Xe2`Qaf+2 z$BCc|cpSd@W5S<3F7j}See)32*cJM#YQu6gOLu-d&gkIo9=HL=H8(X^xAz0eUqFOL zjyYGig;&$n3zT=>$hC#%P6M=rUFb8$Q8fF^{Dy1w*S&=MFbBVTfj)OUn_o^-|I)xt zB1y1LIC;EyexmTXn z)7&rHFt%ye8`YPBNlKb*kLlgqmrH!VbWA4rB5q3KbHAA2ICnvMdS8rxv#NwSicV&H zj)M2Jt!Tx@)a&_@%6{~9yzhE5C7y9HDki#k@}THWA7TAq#{+z1YC8g%TVwo}<&gNG z^5)fuyIIH5R_U4PP5sDK2PVw5A!FwU33f%21hf@?OB#hiZ4K@)eii#%>=P`wyAfLW zN_M_`GOeMJ6pgvWpyc-{ohWTOB@8ft$_6CxhPu?0?_Fo;At$qHA^sJ3(ZAI29M9Dh zP$7M9m?}u}zBd?DV!T0yc*d12SCl;sEN4htjGjr(${o}#{=uHgADK=!&SW$g{*Q?s z3UtEYkNor3fy(!p>d*K%hT)Pk!zSQ$JlkN0nJBYM74o@&gMl4mRK$iLQCdjb>|6v- zFe>~jrLbN-wqC-pnW8Mp>02{^LLV89g*%r|)fwp6oz$XLbd&a9B{LKsUXn(q#g*^j zypborpg=s{;kfnMUW@}xOjF$qY`R=5`O9aOfaBQ;m5qn<_`*ORlYIyhbR3-DA-eE$rv;bZ_T*KGNK~&Bo)AM!AD?t4}Lbar%yn3q@go zBEjAAcMgKb;*;GWr^F*Q_&C+m{$z|V%WoMBx!odB@zur2)f8#?=5nJ=vq~=PDrx>Z z3ow0pJUC}t1?S- z#w0bpXZ)*5pHPJ()MTEr$8wTx)Rg#6UUA!?IZ$8cW){)nfGj?swxGrWl&M*^$gb;A zs!ZJY-8MED5}&h`ZiWY9gBE_1pug%bxphlzU0BF--RxIsxDffHstX4v)`=xzhqz(n z!U8hij5t-db>*Ernh)87JO_kk8%s!PVVE1&f)Xu90%76w9s4UK-h->RahReXoZ1NV z^?X1Ee$xQSUMsenNRx97z)omHp)$@~9?}%rY3JVtE1gL5Qzi!S@iiN7;_w{1DTQK? zA?)*>{_}e6oq7K9_)he1!C}Y{dZ|1t#}MEiBU=@Tu4Ae}S?C!6b-B43lnd99zc{^PVINE_0&81d~o64_~V-*vykHQ9!ZAD zV{!JMaXE9fNM+^P(iGP*z7h#n*P^s{Q}RknZ3I0>L7F6a)$OX8{#s*sn{!(u8O*0$ z>1N1=Ix;r~R5i|EI>*G*Uo0t(V+n9j~fN!N7D-_c^ahKDxywZ}>XRY1Qaq4O6 zKq&7wba)^XF*VWh*9JxF*?m*X+n9WzckR;;HnZc*V=V*38(A96>L*DYr5driT{jti zO_Y)r!nv8H*6XgqI3Wh)`~ex#M~3qF#5G&wcF_3T974y#RFL?O6pfE`lx0`#_g~D_ zY^NUK-tiQkvCcaz|3v6g8F*BFJ{L%f=#jsK`v$Bi>ra3$RJLR1?Y5}7dC^$RES=gu zV3LkHwEP)!Z*LElndudPpQ2T}2>34+A z&g#&Rte{U?-VMLwYNVV#JD-UK9RnU)sE=5y=?`gUv>gKO2Z7JNTWqD0KMC*C;jR~5 z=!W}#Q^W-A)XSpwwR#)}r0ozvkVM#u{*XovW=&82nMKAFd4N!^UBT*R0eQ@-c>CYB zf=u>)|Lo{znH|lkoT?|FtroihBMcTltJLL0VE2p`Q=HK?9u_9Ow`RRA0rY2wgUTE2 zH%$&lzsh1u2iSgS(Y-)nEpDX;&+|_gkd{v@$jg@uX>$HL%73;^MTP7&zC5oMae;_K zHLH^e{5DFkv;n<>rcxJB1}A`O*`?}8`6u>>))Ugbd|VaKEBfTHGz`tlHm%m)eb!^m zw$|ad>()>I8-pwQPFKBghRlyF&GpCf3hi~ZeIJFInryV~8$Em%7pD=P?;hxXwp|f5 zGi?Kr_6<#|Nv43R_z-;RBUp@1g;O zz}O%h!-LeL)ZKSw-ZxZ`<=C4hNB@dv`f1*qd=)C>NnBz07$99dt#Mp2X*Q$Zs&i+= zdL;47fMzitZFAN$Zaieh|IAtz8q>w61cvpYAQ)8DDM2;s|8#~QSV1sQAW3J5A@J2s zH`IONvj%`qXdFH@9HDj*fbciqt-p#CB2vq97x^Y7ryoJc^`;+eUGMe4VZ0w-TbKFR zo{Pkzltr*x%g;g(P{E!QlHKOQ7L@c~i@fXq_ad)xPzD^d{(C=&D%s5GnO*y-@OAN}RI zN=iW;zFcyqh3%CES0wv;12dB-cW)UD+_|PY?U)$Po{l+xcMm34gzPc(ei`L^m7qb) zXdA)%I0Jk!)Y{)vRQcjl9;a*aCX2J|yxj479T-aJuerF~PU5tUf*wmL4_ImQBH79w zV@Y_VI04i$TPBAJ{uJ=53I;6@RT(T%)$Ip$+~eBnbYN=>ga@`BKM6DQ-!tda=&Pxr zDhu8+`&>@F2^ezta_+)wIVO&DsXwJnh*PzD-eNsPjNJ8mMcL0Q?&Q7o2$QxiSZ3Ds ziB2i&g~!sZkQlu7zFxDus_*UP%nC>ixe0L0^*$Bx^TOlKOLSuWl5*6(?=6FodvwOB zVq_E`xm)r<=!*UIRO0dTfRN+eZhfWV89TK}lqfLv4>3eHME^sPj*40JgKE2+|F=U4 zheLmh{n&vUJUU5e8yr5FEL`f*#*Uv2(8Az15EsVd;4Fe?og-TK=8dnaX{X|3+E9C^ z8JGR8jNr4MKxxcp5uYnhXRyk`Bt}i%-Qn3K0;DDWiOP_diKN}{$m*Azs}I9~aXfFk z7e1-?A-+`weK)%q7R_kJtJ|5C7wo*ng_BY1qvKOd`6nYhd1O;g>&lsMpJxm)oeKLS z*^4_ax{0Mf*}ZyL84UXFWtO0YheP@zb#yc&^EWvh%Gjv!$#^t?#{o`Tl`n(DtQHKD zq`-`AKXn5@e`!F#*!H&ZaU4pe&k53v`t9vl zp=>C!zyxU=M_ew7U#o6>+m%ff#5UT77Sbs;Kg!b=s-{Zx%~;LwA;IGg*2 zr_BJR1w+{zI{6SVHJnFh;B6_R7t_WThRg20ju;$ckMJ8jmHPVn_^eyAG;TMJcih~a zHD4YnZQmnk$!$<0CSMzVOG(k9f3NnDB+-~b$bYY~s7Q`RnF~9jsl6R8Qf2A#1>@$C z)cfhj`>SrJo+QV&Zv^0vfQkejuu){_=@%%UZCsDy{VjYA?{hOIXJv04n*01f=Xk_t zxqjSE1JhdN^V~?FGwGJ1`3_D9!C~OHu(a&5rSTul;d^;@eoo2G0M~^#&N^3G_Ok%z z>84-WWGJP|I%UGnR1N&FM|l0J(ag(AQI-~l6LpLv0wEg}IR=K(^Wy}BOFlpyo{?>4 zs#8G*G=#Ub9LyNHpaoep39Y>#ct_XDDaKYd>${| z#oR}K$w+G&J`B_QYWtSztI@HFt#M~ltGPUl)c9doW`7RV8`hV~`;B}N^0izbi9)6- z_UyLdi$bGwTLFLvto4j{gaM{Au1oAo@Yy?nIxR`IW}NVF$ouO*aDZyuYq0Ax0o&L8 zQjHXn1+5530XNs)o7em4!{$WR=f&WO0P7O-`FED(gGhke-FGKH1XuUVt_xLJENo&y z^E^E5MyNa!CbYapzL97Lp|pY!JxqWgCh!F7*$1WB{@953Zcil7ULb}Ip3-ZBUZd&p zP0?ru3oG3_rOLZKCf=()k^J31aN&a#aG!Y=L1iVsRoQs-{2uK}&@}~&b$pSR4SZ)C z0-*&A>5fc^1@-Er{o+s4NU>qq-@$pY$BjPMA`^GllQG$?d~%HYl<@ZW46y07p)55x zZ8GW7;CT;HWQYkEwzXBnL}f-9s-&SU4*(xV9TQ2ol=vtR4sru_s7c8sp-1Jd-pp6B zHUlPhEsvI(87IBr^nW($|8K3r-&Z$iK+o_FP0xK88I25HNT{uJei~88v`pRK-eyThF*^6;yA@=2;Ww8yi^CEjn zVXI7D3<`x+kjq=vLaB%|uoq|`3iH0K7Q}Z1U z_^9l$=f6de>>sa2;zJl4zXH;rvvU?(CQi<73tN1dH;;!w&o2Qe-M``D-OaAA2#zn< z`Itg=#Pzybh;_e(>E`zLvARr++E_H6v$5a$ia1vqa%Itreb&#({`Z{Gn+9Om-k$ZO z2tP&9i^au7Thx$W5ZQrO;m;2}6Q!c9y^>&dzRsYc9!bdc zax1K1qSzX<1aPNcYPF;gyuGOZ{_6J#P*SgYue72|#Swq9TXua|zL#n6)x@!LXpQ+b zwBqkc^Z9wZ%HjkuhfuBX@v7M&kcrh8t!Qzdk?b$^z$3!EwL8GS)o#IE%%}LcS9JU( z<^zrh=PRyC#I>OPEI>|9lhYC`!J*jbYIS7j;45CmF)e!`|wOxM3IM}5)uwGd9*N%uUYvC@=ig6Z|-M~cKLON#REDF2y) zV)U1TY!r}?{TBWy>;(g?si`58yz59r1Nk14oU?4bJOOEKW4B?T@Wa_nf(*CNtt_PI z;rmfVwqrxyBm;TyP;}Y)X{S3X>k#umQ-Dl)M6~%?)m{23%YS{O=rcCG6v7M=us&w% zz1aZ13I5TK?Xb6|p6&Y5$L-DVPp5G+`IVJu_N|)Q4&TB`fnpOg!QZ!EeG`YX_F@$md+GovY61A{lbavTSWvx0v-oA!e8!^yiM*d zK8fD?i6+k&wz|JM`^2B<(%qe)G98A8Mda`MKrk%n>?|YmR-<5V59s+}8vE2@%+JTW z2COHCpCD`0#Jn$Xil!vNBuNR9F9j?CD88We$Kw0fpg<;LuC6dN*q7m$w7Nq$AWfv^xKuz`9wg!?2d1q5SOoyZ=dy%)ZhlM(`X#IC0`XfpC%~_ zy%JD)oGbTlB@>bOEqG2i8#LG_>Hg*be2P%pUX+(dso~f6dw6&^H0;v1Y=Ar3Uoy{c zLtQp~Y>ys|*rHIZJlTfNOTQOpPPqV?uCLKfvOR7!nK% z3k3jaO+y2V%3tMs#xA5O^ombY#J&p|k5^R~`t0yWzyez5eej(U<5iocuii{L$6eJE z>mf6EzZloND$h+M?PQTea0D3}I0-uMhoVIfP^im)Vj#WUW>UGGqg!i9@VpZwdK$^3 zdLv@|s`+ETyT&hH1Y$rE51aM;)p{iLOV=k|>*!cOKXw{gPjMV3bYIb+QlD73n)04{ zHE>r~j~tkFLH81#JV{1zLnj+LFN+E(El{Rer2okyuPiSPUwsCSJL4Y{AVF0GAW4_t zWPh8pIK){=H^m@ISm@fLzMfp*jkKHLWp75!`!Wp62JQwN=WT9X-xjVd@qZqq{;l-| zw7Y&r1GL#TH2PLEV1#IZk^%9LszwRw)vG)l)-u?UkR#fBJa0icb}2h<=Q}?geuZ>i zR2*DWL#40fS9EJlNEGk1wWd0ovXLBr>@$``LRV!T()d5&F>=$0tK`v8PdM9Rm-=`! z#wRKFoDZ`9Lt5fkK&fJ+3I~jW=@v(LN6Urq=lIkxL518ya{*L>C zOlaUp4!G~~(ZiOVhtM5+@uN<81UtWVe3M^!&q2$Wmv3FBs+h`1gaYBTR0tC|ejtw~ z%1`2{RPvyXxH%OOLBCI!OixOB3HaJ$Dx?ddXx`|r5_b5!0IaYP=jL=zlJ1W}PuKf( zD+Gj!kxKIOKdfyMf;|&V_xwZ*P*@_z4|)l+F$vc?4l0?$BO~$56~QLtY)sMy6gUtJ zL^y5qoXLyKOntyI9ZoYO>cdD$Zs&X>NzV^32^i`5qU0Jn$&e&OuKhX4Umj%9<+?vz zL&e2{|CHNy{vx`trTwYa>v&4D&Y-rF+r*2DyO<_Fcv+r)mx}6^4lXfX$xB8CIp7bj z^;rnW6zWQtQHxHr;GATq+pBeKLF;=xV*Sy>a%jTZ<6E*1;zs(+QR_8NeQQ0Z<+0E9 zbNdH#7Vh=a#xF1jObId`z|U9(yw5qR^U=}oDTMI!7j>LO#GoekrcHHwSNKdSy5@Cp zc?6(z?FN&GmnjGiL{_kI5l8oabO+IPQHQl(v`)%mfP-Fc} zn`AI=?2{eSUFS=hI?`nke}uz^ec?@mo3SPJPko`yHE^GIZ;I?lJ7iEm1sw^y-LaxR zuX5$$gk?N=#$GYsUd(gn-Y*_4xXT~eExrj@#Zr0gNa6Dy1evOucKp_%r;-sBrOeoy zkhtke!?7m(G>;)j^TpM@HHXx78in>|e78P6^Jp;Cf$uc}iCwFQSxLCfzE;PFEE~M+ zQwD69QHW&od1rYtTj5%5*qEk1i>?DF`(Ygu`{m+!0rWoqhsw%)j5iJE>AAyU9U=`~ z&)Og@r(<%s-j`O>}Rg)0W3*^*|!85rDNm26W`CL5syXCHbVCRprw zX>61H!lSU29UE4R@ew-Gukl$ttsksjR_o?$Ungw=O+HT&PlnT$gcK{rJ*k~&I(Q21 zG*v7Sge}GE&vErtC1%oy!v8<6w}BvfD4E!7RwPI&$RB6^>f*vnVQF?U(nENb2LAQs zjqvfSj6KzXD8iA>;qd{fE55i+GsvHrnYftDruFp^fib(cr?EmzoG<%Xgf%!WX+0$~ z60;;vtB|k>Wc)$E6)KTeR*T~CxW*GYt7-B5ahYtTlc6Nb3Ypkm^M+E{x-Vx8H+gKTaDpDsW;*)i+1kLmX96d7*v71e zEj{1AZMhQy#qrkK)xtBTw49W_ahH_E{*UdPe(Jc#mt0d^X#yVH?Nsd}*_;c1qL$q6 zF~0-N2I}*}xG$bavHW{7xjg#5y|&YhO-*Z80$;3p$m!sRY~I7l>S{h(TBaLTUb14R zJUwi8aMvBh7QL8pHgS}2(rxo%Ir4*juw7|a*SR3MSBTI`+ElH{XI{mEO^2)KTI2%+ zC^FuSFumvNsv43t-DJ1vnS!24k*5JeaE>9m8|%f0z5{!#Hm#@cdW8%y!G0pw#trY9Jy9H!AqEzTM)g~E8=ISQA9vW+gV*DdU1}2i9w2NO zl_V>m$$f4}FKrBa9|nP8BdbljZN=`Ft4XQM7lcZ1M+_4QbaAcMdWgOn@QeHdMkT_S zlS%v>Rl{!9!JP8dGqatM0VqLEh$PjY93kt&rv^!)FW_tR;1>yMjO270MJ;-SKJmw5 zQQ6CxnhTT6w~~3ndYuJtr;Uaef;Zyow{315~>VRp`GdkG_Z zjH9myt&E%%KOnChHJ5-{SmE-l?Joej-bX^4rKP2qmB@IP&A}No_L{b1vpA7}lAJp_ zK=|l%w_CExkBz9DE;vVg+^(vv9e2H~ZyC;OIg;@KMH7>>v^!hmfnmC4C0yY)AR6Z; z$Fs}nEdAh?`n83;)7`!?MbFWaH*>RN^IBN)TD0m{p!QR#PEvGV#}8pYG0W!Ec>)U4$KsCwbm<5WUw`yW8td4ZH*ajb({O_HTvt#!`$zjDEZABCPwGhf#Z+g+w(iq znkhvn_R?e%`*)nF0#uN1a0U^Zw(;t9)|nHcuIVd&nnXIh#=HLo66$X)L1KBc+wz~%8$%5G}| zBB3DN2uMpxcPI^lAkqT}LnuQJL#H4e(nt#mNHcVImq-lV4MTVNzkK(*|62F{-@n$Z zVa;OVea}8;pXWUL*?Tu$3zysGLGUtyM1ya;#Qk)HCKkWNuT3r`pdx7Ag%d8T>AV8P z6A0lcg$(76PhR6zH#FC(px4YCEV!KOGB3+by7k8JdhWdwkx~jS+s^)&y)Y6K>T~nd zBmGJYV-=H|ND9i8W9%TXy!H`${cZg==dSzeGpF63FY@2^TV%bvBBq8GUeA1)lGvU| zleoQ@p%ObdkDnP~Hw8gOAcw@WrJkgZJa6q=cRK{IWqqadJ`I2K&Z+ZBzoJ>u+Zios z`v}9PSyG$9mD#=>uu?>59@erPC)i+$;)cU`r|$q56d(g)p`k1k15Hy z;60Y>)hb=5roidqi19t+O!%P7Rz7@Abk!ofEN@rg0a3VuY>AgoY_Q_=NXd=M`cwNe ziW?nsniMI^x|?`6au{oc%qx5+d(h1>8DSHndIYkUwrbyOg1;)+^0XOlr*ozT7a!F|Ap$i__ z4MKr7o=#BSYz?1NWXUu2H2_h@GN&oRH%nO^`kYhBe_V$fV~S1;SzC8vm~t1psEXU; zp2wPTKM6)b_|4chkM@8Hco*~6RspOmpko{fhrcD*s^je#4@uH8mo#Mf`X;^z9BCBJ z?X_hQmypoIx?xJTNE&)^sAAlJ-Tl;~BB(_pL^#98`ytKsb*%i^%sT?t*=JLZQ4;GP z*uh(vwAL+iJ{NodooJFO2J)F37v67p!ywkr=TUUD7Q&L=RsP3w2!Dsm$n*OJjKLx< zzSm6|v&mxy568haE7gD2DH}_CSp4bM)>ck`m-`>T2NysO+t6y+gX!^ck}QaEuK~l4T z@?R=onwt$$_6Mh?Zl%Xu#0<5#&yhVtO1ZF*_e6U)-vRxOV-KN?`%7@SpW+pSbWocHBMa#t;F)9!$5w-Va92x*z}R z{AX@Di38F{T}Q_f-HdE8UzusBQD=Ro!JM6tv3(DQFk)(3D-VF>@O0heHa0$uk~l+8 zzutfRf%Ij?(Jf_fBSX3W8?wbjO^1_0b?t=CKxHk0i{Z>C5uS zP=1X%)#LEF21gO$8anS&(|iEcr>y3JHr`w_`}6N?P&`9 zv$>>x4B#)Wn+q>!VuX8be6)XKUIeU8M~8H*Yr{`2=7{s<@XpYYo`9Y8pXE~m?{F>! zez;Fv*URf0*iQTyD*w)hZ*L31fXb|de4_~-5Wvynx$jN1hZ2(a7((0lB&qhen%%*#+V*9y6&x5t(`YO*qXI? zx!p<@JmV3eNz4#@fan1!9WIgF=*I?_WZMkW?0T*O)i~XW+*mR~w{#5s$CS1`M`|nf zCb^J!*-J=)S6~z#$F$tVu~7}jP7=lEY`pby$U2n(|EPxA$5BPIfyHWwsQyH*lJKQFz{Qbzvm^f)BX2odQ5)!ht z9z3_Pb2jJ;4%FiEE|K}?0BScGO+^D8U**+muk36a+&s3&^n#rV%{mTFbC-ui0TocB ziqo~<``^_ij@u8zp|kdPT2RbV^9|dKws~9bnQP4H5hE}EA}n6gw350rf(WLb$=%IY zk#c;^UQNE{_b%{Tl?PHNLh4(`vOwaXZfV)()y{gkDlJH(y>~CA(K_QbLNcao(-XT= zqOk14nZIpuaCg@6us0n#8^roEWf;PB(9;hzUbS^U7EROrM#qrdtwl2rh z_b#aHau28%E|G6~=s2&<^BZu#9*1I*j}*X)!!d7;}A7|WkdUlBOPrP z--RS776n_D8#Vs4vY;N}I$K(wC~<@ZZ@jiDt8FlSp;GKVdTQhd<>e`N;#JO7<)_gi zZ3;`7hknk^k(2G5VLvnJ9`gE-zyX`UwM;o2i!&QY5qtVM2K$AYZC-76Jgc7FI70$> z)k2i)@0|yW4E6Nu2`0fr)4@&H5kr!;Orh(L=P{5-bDjxk+Ed>XV4BaI=XerKu4yjeg{%~cux{x~=yUYw zIx<&`9=5E^vu^$4b?5UTcKC?;vQXP}WHcd_erh}I)nk&_KKz?rmXx*V4mAQtM!v;) z7Cq-b3(bGPSW=p@rTOp~Hk14#1tcO$aysC8@0v>T#+B$Qz;8MONNy_U3_Q!!;9e^gOR@JjjwNOOWSFC}HDi#jIO zmsNZVI!3L0Ql{Lr5-dBlFMo7YZewZ+R9+t*Fhs44>lg_|QZR)Bhc&ww0aHJJiXKLY zh#?pkQ+%8EA2)fVR1WQ9cTKjI;50Rf)XXF#W&+LFF|BNYom5;+}36KM)^a@Isb~*5qxLdpXB~~HGS(j-(!HT6*YrB zdV7D+ci>7e>{aEHiXZ$IY`AoY5YW=sM=KWfBIS~@r6gR=;(JgGbgS-*pFG`^iMbSf z@I%Ki;wC#vFl7&}PS0&4@`X zsJ@=e1(KtIP8ptoDa0{ZQ@-;qhN9^3E~=%xU0o52AY9DHsi{2r9wSV=?q=Cid7ZUO z#f5i;v^pmU9;IsjQ`dEcY{U2mWCp;sU}4lp_6(6pL|>$x2sXF3Nxv2CM0;%q-Lhf7 z)l?A^w3+g|Jz|C5`FS_1vGjxcEL1bXzaAxWna0-CZ1$p!vcF0^J5%$7!-T5#CRdmQ zo$-`IMBh!!)RyNwlhERAdLCWmwxpBEsLTvvYQnu>pm*_~W&RgR^rORKU0SC7b3#^V zcpMom@eWs&*zbEE{>`Q;%5~5^zEKC; z8W2S32|1td74h?)=kMk{A)sa_$RTvg$@xJ(OG%j=KKYx;BUZFq!$JP7?{zd5#OJ); zqf`!FkuP@{%ii|BGHRL$Z0F_W-zh4?TRqQV`Y!&P0QK@Odw>{NV5>(O%d!^o(x2lz z0*{w{gAbmaon*)6+W zjluD+J=i=BNeNDD*%zJ|qk-0R%-1Bvf!r0>mBDexfr{zFaM2BGYpYk)yOvN9 zxk%0U+p0qAx}X=6)*H#_pP29)e8+yOm385UYGLTmjHY-spx5Llz7u^|!}tD?{b1|5 zu$K06f~ebq=6-h|ijX0TI3mo!YY;r~b3gPYXY01br%Kv5zFqMItOj@)C0-MVCJqG= zK8(MtHr&d@q9i~2wN_EhNdmQHmoM&Ap`Ho{bx+LTiS8UVl1=}(>+rW2b zZqnD#=Z~0`v5{X$hA8HbM8ino_&IO;kFyon^^7XED}m>OY~SODq(jX5ImP!}3%DqS z+^??=PsBV9ga{S|1z>tyGy-DA=rw!}A42xK=M0|KzC>eqNjEtx?UE6A@g2c4Vuh?rL_XJnL18OS*lE# zI~I@nx!XRIrP>9{&)NL6aY5ayL>Ps%uMc;(M@dHFF%>}mym!`v4xpF8I-q#ujcmm{WJq+o(~$mr1Va6TjvFNjjtu~f6SUgkGnWa_qh86KzZ|;^9v^e zCLq(=vdn5+Uxu728Kqi<7jGeogxyGxx6u3kNH7IwI%-dq?Jo%pox4Ep-vyuU2ZLs4HJ+2JmRKS5eCdf3%j{hf{*5hmk+HB#}qh+-*zlYj*xPY^|?23v?_ElbDa39zC zZt^3%V;RCPJ-T2T9xm>OmzKW*4v(IehH|y%`(I8Aiq-2&R9Tl8MpdtME8XZ6(o3k@6-^j~Cz&*m`uT{iKu*_e@u7Ty=~ybQoVu z37z7roA5dczWQ^1XEe)lo!ivZ?#RX2dzrm8F=SK_NyYfW3cc;_naEh;51@FH)4*+N zi&F0t{i!q2I({|Aig;&sh7+%vd`E(H^2W>c%YoEhJ>fr-ABA6elk*g{oO<=}+TaM` z>Q}x*NG0OO`zo7iXL)I7NVGV(=axCKuQmj0MD45H69egeylD@s1TbP_YQ~Gg- zi=jTI@5_6BbSyR&_6M;nq?x633h-WL20d98C3;gWy`{Fs6Q%W7F1H(4u9+0%qm2;n z+1}4WITeF?SQ%m=75gY};%3%*Aj2SVjCdp4aPB&v%2{dIgWvoVb{_RNN4OH@OE|JO zSw;kaI;?nP<&R1&begi5H32H9#c*5O=b&fY+=w1DtEhPu-|JIuDm_On=g|mS?*Jfl zPyW@CkB{$#c^@%#<%NAOmjQhghH7aFZy%sMoUA!y;8!^t1=<^%c7^kfA;wo^$||>F zIrGHSEzQ~nhlkrgJq%j@C9|P4@g1jj-)dg?^y9>Z=X_-W8g1}fFLVjH^5K!;ue`z{;kdaMF>-SSr&WYjc@f=ya zmhL6oTtx(E-p3SHDE>sx^eu%MNp(9Jr*w1&=@2v&Mq3y}_($!_AL2hhHJPX~I;@PZ zn5d4D1?<4aS^|WODb1pRIj_HRG`XH5qr+PPO>-5%s56lTTJrEri7_K3r3j#-V~l+n}n zddp5>-(O~KS3ce-EejUP5P6)T&#&YSR8%w48cY!aZ-Ardw7tdoZ~F?E`fYxaM9FxQ zYaO1%=G|=YZSFWe(hEzx=fe$yI(9b)>1Vk2!-nnh+A{uBYYhoa7rMs8E{|=IiPnMM zSe8-(+Y#eptS_u<@i0M9x0KTB39KM45_O(Pb@YcEMU4^sU4}!4+0KS^F|K*ruE=W0 zoTokQzQ!QhKddKUk%iyGHw9`D7Dm6#XPF(iX))NliJ7lP8fI;$QwQSNf zCa@ji>145A60UN~1=M`LoI3h2<|&gzr7W+ ziv1b;NQ1Xh7yj#qYsiOpv`idIN@`<|UcWQu`kQOV$3^$Vwol|XW|QJ|kgye|y!noI z|F0JlSh}yKpNZK%Qe2%0d6pUP=dV>vn#(hOQ=Tj6Zr*a5%%;m3DiD1xUC`@AxNo~x z1jO}t-n2aL7!>F*Ru~!>?K;slu!+$Q%@*PW^97zht9Z^QbDP~Cx2!`fyj&dgVRtD>_+gJD zGXhJ}#1^L9?70#Tw6!qTdReX6O$4`vh6Vh3L$~8sX6hj zQrW-bgxM;-XtN`0!&6GW=v_jnDvDyOFEBrI{9d3G(_OQ2pfsp$dUW0linO@~z2eOn zB{wy?{*WOd!Cv(2%uZ^^R=a$IRj2p-g^pOYB3&Q$cjoSu8j*)Jvhc;Blw<)$yM>Fq zt{z{5y|X$FHs$U?%Yg)(8lpK~fhWDQdCqV5Uq;aS1ZvsLgvq7g63 zC%-_(wva#jwPT-IUx4TfEa37J<^KAl$NiH7k)CDprm7u&6|VSK+tR^uG@?_V}47Le#_`{r?IB5tRm1 z+|^I&V>G{{Xq#%yX)U4KTac~N7F=1_-)$|RDzMM2?YC%GaHx3&GVeBGf7#KCOlA}Qw^x@9_sD>q3kNgIb$r8aS9RK7ecS0)#2Aix?O&(*$USaKJV!b zjtJ=~=tyQKq~a8-$}Tb$`rU6q*Jze3AlJz^oC$=qqZ>EvUpHTgMhO;Z65E`d;w>)h zusQ69I*uXj%EeVwLlbHB9~7lEYCjcHd_O=)zHR^%?VA`ZZ7Rp}#nMMd2gf zO(Oy`4oYKsS`|7U8yiaF+o!QZ)-_Lh10l_BOBHr8dz-tjyugq1A=|$uXG6~-)pQbA zTsjykii~JKeth0DI3#Q0{p83I{w0ZgpLqUJ7^(v(BzREHd^I95yc!#ONb+Ul{??>> zqf1hGex;36tq{fFZ<;obQUp&Pz}XfbBlemVL~3*!J?$j@}x;THJCX`?>y)tJmMjHTlf~S@0%%K>zyU3eges!HZpF{X3c+Wj+14pDqb>-Kl6)5~c*41cPFT5f zbFdwRN-TmU2HibFz~{BDTPDHa(Ji}CQ#bLd#WQvRw_i;V%JR0;F~aKG9O@TdLWX>p zNs#h6jv2(aD$GjbSV=#^*np?Zo^pGP$yDe&NoIR0>gx#6j4;f^!^q90lH`?)iB$nV`zcy4Mo1b$;vGaM$E=9f>=eAr{%0ZUPl^WdZ_Om#WVAioGHYMH7 zlKYMgZMLiH34~eT4^R2y7fi-!*YdU_)FaU;!e|NiL^DB>W5;V=QkSv$lCAV6Z~h8c zW@V#HIvQzIVZ}Q$=6YUmy*zu&m-ATH?@Zm_ioa3VI6f5y>K4bYB^P*USPEh4Piq+H zMB$xPfln2NXnDx5W#$crM7qABB96VfM1o9I&S`8QLiCRh(n&6kRiJT`>+o)?G#NJm zVRrFh%pY8`9)94%l>n`$phBZ217{4Otmg^%Uf3cNtfGmyBBb02$tzvnAlEnnaO3(B zIrYtsoF#YOt=X}hkhV~Dk;KjQb8;X5S#H4vB;V(orkwH;@cxqemom5T_)kNL>VGfO zs$X8XSL9=zdn74OZ8IG|lud)n5*sZdb9DKeWF-@%ckh=YtR&+Lcw~@vjORnxp!b)} z^+zuCLq;u=^i*L8@6pSA2p)Num%?O!Yv=Y_eWFMi*``>B;{UE7B-x<%uc=Tc4x=;J z-83G~IozTU0ontbi%mKk`uyV(f-i_atV#C>WFn;V^N;h*9`+j=qPZ+ox3fCy{7Qf* zM3S|>F$5CX_O6i>GLMPXn-dl62#OC`MTr#P|$(GkS1&Y6%Otx{`%{B9FT} zI_UJcUUc^*KmOaPg`1-d_=+W*(|EC<5|Xo{d-|~acH1Xx(p|wU0CCO>7Bp(_}ok+j(fx;&KCL>_y5x4=okvqEDB`dZj=CxSg-D(cj6 z2WP^-98WwDWL0VDuBSRgkoA{2_j^Ok+~o<2#k`ogq>5$JQ~Bx;`0no4vYE4fX<9au z9+@N&HWG@;!JQ||P8><;VQm})s}Q5n2S+PKw-7`otoz9-EtG@Tau{1!-aNg?W|P18 zn6ZDY=?TD)tWQ<75yvf8Lcq7RJX->l1>jO27R-YKG2Ui6Qet>#i)`y_;BED^hiJh7~y!sE@OYDf@bKGlji# zuy+7RBpjH{mB85DuEIa*o21bgVQPmbvhY z;>Y!dLN>9lYk;DdA0Yd$g3Po&CO)p*eq$p>-4|$J>EfS^yr>cW{+&@tzS#_%CRj7n z_d1qJErdo&|42y2+PcuJA;Mq30H+4@H-YoMkjOqbc-f`78IwxTleH}v7348UBD{35 zvKqv!1eV~xdUJoR8Zs@p_Atfy+9s&3AV|v_=BRB<3uQ&M1*%aJ5)r;|%OYINxx5(p zKEo(!otG~Sy`at#+Jcg^E4|M{*AC4)_Dk$50|%qcR+uq0aJKwlQR$j_5yIWio`Q?I zM@6e+V4JHbKUI)0*df58s$l9_s3jFcl{V+)>Y>7USMMAZY-ga(_Gt$ChP5>dF3zxH zV?FT8IJ2>+Xme*%8stv79K+;+{1v4CtlH^hS%X03kL954su}arZzgl$>%5=A*ll?I zllVe)YtumS_PsV4$8aabDr2a~M{fdKeAK<&-mexU2*wwZ*cbJaTP*smD6qlv0J*rFzY1~m;&gsi+!)mtGsDp~JG95;q+~HSRBY=6>({3-nRw>Y=*TB0 zamOL@eB_da!fM<(%gp($=}bk%s&AH_Pomv;BV+ubAPpU~SBrOjKs zfVn%VF;4j_-<|r(0s2_Z)gaVOv;4ssZk5CNo#1S>DZ7!8u{o})VrVA`ear3aPrfhW zZD^pN8~m%My2mT6B(>Y&$DQ=x%;bnLv6Px5e9vlSHnmi+zifc<+t#9^uXiYYIOaAJqcp+!n! zy1P@$TY!x3uKUAx3hY>6>r4g$8T#+!AD+v_uPmDq(9&8K&dt;SjW_>OwAf0Br5d+= z)nq#5pf%Mr=<059nrM}Vg7Er&Ev(Zx^S!u_VCD!p8mu}Tl9lB9ti?+S5P3EMft-Ug zxMt4Em*;u}A>VVpJveXFjr`M8kATy%WX*)VN%7+jZsBKgFymWfL*0ul+3$!gu~B$a za@_rEyL90* z&+#LN%HTMaFusAUwx+!=JL>0so`1eb1sQ-Wxzj(T3?)TmrLL9^EBQ0xKS9gprWPp4 zL~A^n{wbkuXWqie^%e~@OnWp5cE+}!iOz@(0o>=VVK_Vyz}wT3@ca{0CuVNL>s(;30tlv7zCyi429kUVx?5xZJ zs@DUa&OH%7Sk@N5>*C6T&{%1-l^iF&?$#Mj^2a$e|DIT-78D#~Q0n%E!5LAJB`;eZ zVH5L1JD^?c##X z1PRP(rU$kn+BSu)y^q5jeqhKVNVq;xMxY$Kb<}x=^`+ru?65abp&9BPW2&>&DsS2Gd z-G{Sy7isc@9@e-`55VS08zADI2ewb(%wNu5CYzr7hx!`&7Tg~qIa}5O4+K4Abx(je zn{GUYxzy4)WTw;l!2+ zAY-pj#YCNRq37p-f3G*2LAGA9BrL~h_J4`Puf=IKkPEoECNU_pn3L?Eqb7K4Tx$lP z^fGj82Oez+;85v_|KdlHOqd1htMPA-?B{I0QrIKWKzRG#)e*mNP8q%>RttuqRCo2Y zWp?}l6t8XH9xhMx&*4>D*~a`6kNidY9U(ans%HTrJAm&BB_)>L&X!H_R-)rMIDo4oz`a^ z;&vy^-a>y#JS;8<>Q?}E+trXuK&A$6C@82T8A2r5azTEZ*oLnSPnVrsl0IwA?pzhuqX;oQC;0rZwny5S7== zC3f4}ZB-coXu-7z`9n@J*mQtSYj$0zhmzIF>qo=ye`6hV-Ww+MwTnVNP!k8 zx%l1<=;ssllL-1*da)D!B01?lh44kjDN zPd9fR%?X}=O|>-BKZR%j0z<=k4&=ILWKc?I4GYB+aSx`)9PoY(L8sJ>jQzTgK!O2a!4?lW zC##|154V%wJYPe;*RkcgZa7L4q=G1F8_Av-zoH6W(wOqwH)jkq(8&CIGv^>n8ID#sPY<|WNlL89%_l^ zJEp&CH#`5JFY10cmLhhLp;gc0p-)<@D@qg;pAY#GZ7|k<(1fU3D)}=PI!}WT2h17sl@VCW#lYMFUx4!Xk81P!VTWyq(p3;=|^u zeeHUf-d=}w)~?3J>om)-Dg2u0`NywwtOj@Be#XOlg`eiuVN*TSsl-2KFptGy2E;`;4ZeTIDXdS21ZZ=_+^iLcA zX^nf(tfLObUrZYJp6J7i_He%@UJB-R9(iSAguy%d0Nb8nFJ=LIm!(^8+0yTVDk5zE zabxYsX8uy_M(-gytA=_7*V*I7AM`B|QBh&aE{$rDkKvge)+05pY1Eb>AD)SQ`CxLA zRcgGcs;bt(DB~;UF8MHdYG>8e>Sg9$_OwOwF9YT#wh?=NuCrJ$Q=3{e_!%Wx$>T

>7P1#Rn!B_j76Zgu%8pn3?or`)JT1-&TExo~aofl0=U_@nlgR-Br< zv*3?m8}K`<&)UP#sb3dU3I!Zg>qK_)J0NXy)k(e4P)y_Lz<8CWDE7 zwdeZ1>Mq!S11^~v@H2D+Zh|KAp^K@-CI(T2WltpM%l?M6AKTt=V!#(Dd~JbcpR4L@ z-U1`*14K%|sibo4;tP6>wjFG$?f5nTaKeiLZm|gSb{wZ))Fu7$fd$nliNH&_f|wx8=`MHpv}5Obnu@!beMvJV2g`C$5EZ?&v0u$z8EE=aQ8r6wD*)=WBXu2`%@&4|y_Uy2Y$M17o6~@H zmZbvvmNX^`O9iOLr>Sn^xyV0_jfft?R3O&${PJfK$MV#tLdI2d=4VViPinV96yG>V zXuXOkAd9xqtQY?*Yg$+gQTTCFsW=6C1dln~TFEuNjMn@TzfCzaHxqQu#Bk88voEjn zhE@``OPuB~iYhSP0Be zkv_nErWMs^juS6V(0ssQZGjDsnLe^li9-<*BO1*izI1KGRm1?fpce0Jfq)yI^Acd# zfa%4`ULYE{sJwIf=lu>tP4I}kIEN56rH~tHxPP09yOh-7Cw*jNdPl>EijC|AliM`69n4*@a?g% zos1@x{!D$Lb2y)#bS7*+{*9Y6CXjl z0$%+?iZA8kEK>Hj_u>^?g;I)NnI}ED!LlpZ3AQ^?5#)d!4}+H1%HL;sGRy9~)f@Gd zbmK3o%`1dA*;;%>X4h(yxro+-gzm!DsF`05nP)jH-D9dp!{!X_T6*{RYVzKnfa1r? zJh=*FiNeo<@x@l1jK!Ftg6W-L;!?fv?9j$C2Hu}$C1dvb_&B5lil z#=@r}G0;LcuNc+@HQ^*(84!tguvEm86Q8>23PzXb5x)0JhD>!Yq@ zHGlm=m>i-wLZI}#wKCF)Bl+?Zbbi7BY|uS-uTZxL+uczi3cDpIFdoNh?k_bx^xn^# zG+>Y-wdM835p*+^g#VWFh3r_cU)d`W-N%yZ(*`p!xuQ!fylH8!OMd@-_tzog&CTB` z0)R>^jlo?xUuTBqjH;4_pa{cjh z;#^Ljwzo);a4u5A`Y7GGhc!QYl~}p@NS2C#G++6=KJ#k1%e`n+AwY)A>9k{F3+#EE zF`x4>xNSbRl|w%D`$AHy(P2_-sn@;Xtssc?PR+~=(i}<&Df&9REtHCzW@GSIUQ`s= zR@ey7CVbH4nhwCW&NhIdkay@DJJuhkVP%_uK{1>pd%Enqv&zUuCi$T=wKM(Bj(?{V z$P180l!)4j?$tS`d5NWb=}XpyHEmBfnvM*R_3AcwmZ@4qbsAN{5b032Q#{Mh5!v^4 zjEty~NSXvvByh+7n!rHbnkNhi_fYeVHh}xWC>;4@y z|3BGc4(&5$}tI@_d~DA znev4`(aaSbFv(E?#kM3p`-PD5O^7sVsPV?5@q&_BoxA8abp!eJp=*4Hm!lRy1+H;J zfg)GuakW)*#+6S*xeS~lLq{-iYbUX*gG8OGm1vT+P2^Vjt7PMth<>&7$j)fc9_&r9 ziC0;X2_mgze2kk(29&~BDD>?6AKjWqRMg2kWdlTZRN-u(&cZ@a;Rz$PC<9eFi#ffR z1OY|wp`uc#4CpluGmb^jQ+yML60>ug#L46t519noutnfxL-||I>GiXW&p}j}RH!K}g6bFBuw||m z0p3M@G|-(TgA^_lf7 zqf2EcNW+841q@kmu9@>KeOD#7@}zrGuq(IZ51hx!Py#;I*~)XO-lIQ)+Dm(XY+q`@ z!USye---{3II|5&6{EY+3q~@xmaZ`ZjAI=31yPOrV|%ElS<9)D8XmT6sBmAd3 z1XOeq0Bs)G=p`QoNTvQSvED`Qr~bJ_29SQEfpu0cw^t0w@`vY1^<>aSR9l`=*j4Wq zce2xJo362_<`p9=s3YG5w=?C&FRlOJix%vgGBptMIDC1D+HhwgAgIOvt?b9l5j2nL z>qqP)0Vbj#)#279z9aRwagpc*E0Jfvndvv18|rZXxVi;lWj;+11K!Z}17P7s!a-&~ znCZBjPrNEqS1_<;zqA~DF5qfytVYo>QlR*V+V~_9|tt9#6PZ7K$eFM#BnCh z0kPHpalJq;2ssh@D}stZ<`&!lOV{ODY0@cqH1JpHS}gnOy{Rans_I4Lpz0>^%e>kF z;vM!9g7l}#UR_Gel$1J zB9X|Wo;F<|atyxEqiiGDKLBGVVlI^vS##9gEgf^XsyHv~n%B!2);Ibv_KOuDu73pH|P%_QLOzfcL_R=jNqi%+t8PRVn;Fe{aJ_O2+f_vCeRh-Iixr z^-O>Cx%~y-rYCNt*G2kgA4V{?)Tq5Kj&t+oRZx5G(sb#y1@{cny&6v;n2H9qxSBhC zUcPP)TGf-#rO6@swzVsNrzC|Nz(T+UUC-7zd-!;{>8yEM&v~KLCsVr`!WZ`@5opH( zR2leT&^O7E+#D%>vlX(9WpwUN&gV-jp%@L98l2ABm6>$x*b0M#-Oonh8mVcY0xrH; zdLl_QY&~4KO<6kV%O_1~X$J64x^w)n>2Ru~H@Yf`1hi>|G(+j6F|x6Ty1 zEUG2aP0PA1xG|{;iks)|6cdn5Q~k~W2syip=GeK$%Q?RG&wg>20XwA>9{j&_K5+XTVw#uEBPKxqw#!@kZuG z+39Dng*`{m2&Qw$)vu_Z06Bsyu8?s`>G|g3x^3Q6`x^&E#rGC5{?~aXC;zo{@34~E zBz=$;Uar6fDo_kKs2hSw0~pF$3~F@|H))BTP1{Vy*f&dcocylWX>lRkN~E)Vq_0mb z>GRxAY1GGm`Ql~WlJ{-nt*(QKk|qtmhB=+5Xw3BwrroV~B*GY}z5n!4=4KeUlo z1`&(f^qxdQ2+66?+n%>n8jJlvaj~X;a1!$m`;8)<<9*%`wShjfpMw(J7ZjI;Cbrq5 z(?2p=T9t>cU7ZR~L-u|4#d?PNLaj)B8a9lqCl3g&uC9PCUOJ1D;3(dXP7Ne~8pD4M z5jg^V*AxW6&eJ^$dkxvl{G2ECYnSP5tylyN{zuV&`Pi}J*OJqfBHQJk0p zGp-^>mY}oM>?&K#yQ^*I8?QBIr!ZBh#+2Q# zq+=*hj^bs)K=!(_TChM$EpVzJr}tBTSo5$}FG=u6&xSSe;#EhR@;^;RKmT9=wqlM9 zS>)XZ9N!1o!&c z&AUGy(rqFR2?_BFERFbY8_EaxKJNewENc%XB=jX*+$;ErDeIdOlkUfPJ$(Q${AG=G zomttu(loq$c*c^DCy}wRJQYh9S}Q8CQqA?rXUmAj7+hx;RjO@$QMrqqJ`5^`Pcs1* z`IorAuTBr@RJY$-YPngL{ z1q7Rn&-B*S+YBn5&V+$2m~)=Hq}{Yv*<<;eTre4dJ!}884Xoz+Gv|fu#JWd1JQu!T zuJU1K(Bmz za>#ViwpFg4^wmr|2v$^FmN!r#2GMuOtR;$o8*)-urRaP7;#{7Ze|flzf)Vb<#8VXg zvsz*Loij)#m7U%Ys__*XZ!e@8P^heH@FhMVr1m*$%s^EqT&>(3u4OuTRxH`;JmcS0 z#q~d|y#-WN{nkE83W$;lN_U5XbeAAVy8-Et?(PQZE@>%&P4}j|OS+{bHz^$(?&3Y? zeBXQCKX=@F$GDC?BsOcWU#%I>ob#E0U5i~LREkab7RaUB;XaQRoj5I@xuHfp%G6=$ zZCwWYTxGWhP0n-qCS2? z!yZoP%$-p+)k>1EwRPE-k0BFJjT{j)TX9VYuBmTA8z6*{A89=QaCgtnW(mbcBWMnf z=>4Pks;vO`4f_fWO_#C{->$nqMz}EoQ1?JhJ=X`&g%Ub()ZL$K z8kS8@q<6I3zN`;~s8ue@jmSu-E2WXQIYxEw4n61(X5WWgfwDm*pQ7#ojDKjwfB&cp zB;6;WAfOR-A=O$g|HXeaZ9N;@^YuLyHMRc1Vm;({EPA<3d)8O7nMm4bI90>=~d9u^5>~CUiU*EN#I#Ko}3t6>wd|a)8N$lB~ZF+Op-K2-uoJ;K;xPj z4D!4IA73tK3L6;UPM2szokwEyX}yb2kd;)_%R+TAh>l4P0m$`;BqRd$u%FyK`=%t`wb-5a4Yg!O>7k@S~9H<_TLbH2l@#-c&vPhoh>Z4sG` zctJya;$20hOe}zKXE@p0U%nxqE_Rh9A)F24JGjJ1Omo8l{_$^`m|J%O&Ac6kINgi36TDHiI**5xZcsG?(#X?u}er>WrZ0A_r|g zj3;3P*_GEBUe~6Od*euha?tQ%izP_2v_NDQgnlz?np#qk(^0U*=!~x(zzI-54#x zVyzrDI8^Pdkjq)WyFr?gu()47#Aa)#uUmB_#edy+BXvqo=OWCfwy};>s~JN~Tw`H2 zgm{X%01U-~x2%iFtF5V$oW^i)xX3P(udruk;42-_N52w!OaA0DMfotUuceg{8xUIh z&H6epc1(3Dk2b7awG^2?%Q`LCcBx9gf$3{)jnM-9BCG??;+M*yt(KJGfdK621LXJb zoxYE9!YP-r$tf!_{an?_JSj*R7zhVtKu}D>{d)|;qQAifJD`t!3&_8Z^j;!n7t9em z1pG~bkf9;~At(eqy0+(E@or+iLq8KGAH>Y ziWw01N$-x#htd>{&=ka8t}w(LM0x)~Z#utD1(2Z_b4)hx;vsAPS{pdeNWoJXychOY z-si(e)=A! zR~AF5X*|=|;*0mPHz~HGVH;{yS<*Z zHkmH|$`2}PAk|E=a)mdXl&$s7_IZYO4f@m>F-cVsDQBil7nR3;@!U61{OVYbUszjh zipuSsx5m-t%?&?LnoH7MUkF(Vz)9n6?StUOrMw6#e$ns6_}Qf%*zsqXfV%E9?u~g| zReh%vhA)l8TKJ$#gsoQphvRlFsa2veSO+w{KnmN&AadV(8>`sG9@hud)~-tm)uS^H zGr#YdUB12E`X=C>xOfySLWi)pL{SP`OR^F%Fvy9qy$Bs-Z3n4pMFO4DFbAYR-7GD5 z`P7&%i&$H;%JJ=g@;I3;Q=c>62l{wMauWd^$h`Xo2Z@J%L*J=>{v255wXZTcd61L~ zL4@qr-gg3&E!eh}e!U)bOJ1}pW!j8$=0t3x%-jZ7N@70Hu@K~c8Y!?Z- z>~eIQ31#J<%<|}FR)-SC@}%<(?iFkPo-TJw%_e61=elw6L{aE+$&rLfL&8qrts0c5 zNEFkoie{9H)>=gQejQcgGL*o*Q>wIj7q$^@51jG1wU~G;e z_H-c$Wdq!`b=;$${uk1Ci-lj?rdirx-C9EJiju_iF#f=nT*70|c9Z8x!(EW34ahD)dDg8>{O zN0~M5KgTxcsX(4(yyh4!2wh#5l?powq(z2RsfOolf_Kft*XmTp6btu3Cfdu0(3kgvtT#R;f3+>P-toE>nV;J zpb)WJ%Nd3m7RA5VxA^dwXRqXEc)SPIh z>TYu7%H^J(kKCxHZ@=K63IQwBIU0}mj}7|wX0=fPkL?FPz;WL~0@?|NYqVZz0py{& zzna93CNe!p>+9<&8QNgebymH6hb<^UoxUd{H_w!mm2Q<(lNB@E4_vEjYV<@uK0CO* zbGBUzp(P_HCjpp!Dl2y`_pJ{^<>YGRH8g7D32nJJIoI~8M%t2EJ*rS`CIqgPe4xJm z|9I+r>45QAy*PN$@Qww5xL3fsjnpS41AYs0OF{5g);b2X887s9QliX%E(@)68(i5= z*bL6uzolQe*%8xD?=_W3cyqmfU#r^S?uH{ZZcj*X_zyC3cC*Go=C zwpBX-T|vcsSeVWjmA@a`|NXuVA0D8G)S@F{Oh$G9qKlrZuS$3y_{*YHG+Q=ndi7av z2ymGlAF#bBi!|$&8UmrKe%5CqP=LpC4TZvFcwpd^z3^U5wBP6EYSjB>s^DC>poS69 zUI_xG{n+N*0(;J+;YI-Tk>E#y*l!N?uzDZkela$#zizZlNJ?6VE?=@d5U|-S>);F1ymlu!PRrF7w+e3dm9QCl5WK#GYSio``&NP zU(39yeqU<+02g}y=D*1Ji<^x!3qS%dv@oLJR3E^=7SE`W`G0->Zv%9yHc+pfc|IaD zv4GukJvh%l>#MTvsYlhpHbTFqRvZgxsd`qsB)TD{J0FMAw+{)zXUc7rE9$|>7XbSm z7uTmONj8*)Bvz_NW2yX3A}_6GNl*dF7JNe<9O03ncOtky~m# zN)}nyU_#P^8DYBfhYc1>=36xQi%rkUTdcwuh#+HhJLUH70+6-9_#KKtW(AU%`S0r| zjXDl6$r1a*#XNICODWc2UYv z0E2&)>VdCjy;SG+34ptEUvGC`wxHUuv$OeO(7b>@*s{8$sI_8FDt-eK83qV2fkKb* ziNt4OK8*lLz%m+HTOg{du_!k0P^3j~$VzE~xMJ8RD z+DyIIvNf-;AO_cm$tKLHB=iQMTDvlzjMJbnJ=!w=IaZ z^nffLz{C!FFyYhTR3&z!N%86&AmR{=u_P5D6Lz-MmPXfB{P0)U@p24uy&OOoYa)z> zl81b{Xw;=}dvB-Hd*-myzs#byWmn}i?A1&QQ-(5GvbBt&dUPmv{ZE5n>$vswH4W^o zzhnsOgA5sroBm(9@pm=YmJZDR;2lsWwEnH_S91bnXS3{kef?|YA0K8z}U~eShdGq<{ z(4K*OidKN)kg>^M{v!v1^gI%f{UwazOI^~tiv#Uu0 zT=rsa-a78SC}V;+I-Wt!8&ZG%{22_y=x)!sob`S+)dR`D5`d|EMkv^2SqE$D>nI9n z6}oJ<lDUk)@llCF%9!alP7sMh}z|KV~q-TAw?c$;)Ep%whWzVj_skxCf{ z(9pnR;taAb>5Hx(Fe$=PIcRYP<=HPq= z{@Ik67EUGR;eMSBWPU2GEug*641k~k)$PKesCEx-hWNuNiZPHGeB7cFhG&TaqEEr7 zfWN#xZN2nW!2Mibm~AaFK5>On=Z+tP&!L698pIU}Siqq|%QvbPw?_v3YHMvkZ=>Uh z%*BxGYy`0a!ce$6fZtmPHdl6ZO=z8^T8mCqwSTqc`NTNAo(NcuuP}h>vRI=|JD>wo z@8+C1*0*l-=uq-Lv-tupHfR2tU*6q1_aO1&iSIKhDW9Vb%3>Q)R9~#46;JEUFl#6M zmI#g$Ct4>8BYg^^*7S(vxvO8DGCoMbLCzh7dI7?(To?W@7dBrsZ~amN87~zNOngqB z0!_h2FT^*7?GNj>Zmm?#_V>Iq?=HN5R93Pr^;*LpOvnq#6KXF>S(aG7bKL!OjqiPp zIQ;Fc)=T|W$ooH;0pc$c^-eiOz+`X;|NDxLMGINjWop7(Adr=UNR>B-BhufE+ato~C;|IV+wpwMp8wguWM@UhIp zF?bg`e_6&nSM&?4X;cnzncGk{84G6{kd{XWwG1n*X_R_swE1Zg0rx+qhJ&~Axa#0T z^@008UTsG-aPS95+TLG;o}qbE@8DkN-*2@l+AAy5-7GE=rSKVJq!)v;<7kUSh2DKw zCq;r~df(}o^v4#7g3OvxZKeXGb#GYjHtxmU&-d0{Co@f+5yjES=i1@Tl7RU;gdl|g z2Ur`X70`@sr?B;oD`jZPdSV>mrP3|l3OMclK>l9Xc;pjG=UCZ#PgIWg_2_*J&Bs@y zDSX9<1pm8s|60d4QosrlQ~msAG>aQ7;ZyXb&XTFa(qcb5vh+?GvWxE?HC;X4E0p=& z+WC{Bma?RH%j@LV@4PIq3!hfZ3=_*vNWN6mc6#5{64Ep~Jtu}D&o!36AU`I#Aoue) zPWEb1 za5Fj?M^FB?$A8;z6@*oUML{ndHzAz0GATun{Q zEh5&`j2EDc$AP}1NJ}0k&*S5kbbPyu;8ce{eRlnJcXNNqXgT)>*U?$x?j!)bY*N~A zQ+7YKJOMEKzrcYjf|epd+|S2>{kSIt8X=CA)GdDWzQ6F!&CaISps`8Qs=N4gAAJY) zh8dexqQ=QcOK%I^1$j#X6xLbc;VYOeX>(7Odd?Xx6A#`_Sk+pJpq9cg)8u3S3_9yAegEfh84Rd-mE$W}%G zr_6IG9QaA~)bH@gRYFp`v?^upWH~eDZAYdO!`@})e+g*sSln#*W(nj6W|p*O;)mBi ztfOW6kXppm$Eu>*-!kPg^-@l6RaN^@(^2^F^#sY)jjL8P)~x1-Yc1{c1U0<5@Tr!+ zYK4L-F^@7%Bz=J4>Bs!PAD%&<;R=E#dy?Sp-ob`6L@PG{%up?OCgc?l4(+^i_?~ii zE=#@7_p6VSW7?}ghkvAhFdN+%^ixdp%GR5i{xnc|V@ofR_vUF! zZD9Sd=1?s&-rrZ^^0V&H7X3?Ljg#zR_OR_DGU4i?z~%&nf7D)D&TGjNa;XOP6^>RJ zCdp+Bm3<>^FygaK4{ICY^i4(gv!+*h*u^Z=zwe?zhrkw%y0d4*>~Q7Q5-3#C`E{S_x^fuGfX)4hJ&50hrpJj8G z;dR!D?iR%mtvJ*I&qHQWwsEdjmSqTdGB*8wFOoa7;{1^YFD@Vgzq)8O&dl?Py`JRq>tLq@|OI$6lxwSXP7FY$>69LO!Hv$4Dd+J)QwT+D$_eV7B z?8;$UhxN{{m)tMd80c0Q=zA1Fj-hu;_h+Qrr-khAJg+}p*WKUTf0Sk-+~M}RMS?Bd zuP;Nv4Kv#A93`&5$r+fKf+rKs_m(6_1uiI5x0Ynm)6?TKGbQgYqwYgphw_;s(NX>> z=BYw`gb)_RC8AtK$Q)6hY5EZIsja_Qm81Jd!ZnBQG2|IE2LjR(J$B-!5#0m#XR-3kCIg$-I0GY8I(I zYm=f3EG*-G^Xd)S~5yA(p_9VI+QQ| z+zQ+te(~hDt#-~XxCf#3K5nw`Z82@4MXk(ZPm za4pRh0(ld;SQ{pMsb7|O3G@Eafi-UieAewyn@NaUpD0uC^Eno5odb9I5Zi`y2z@1QtdHN50pNkbuqizbM+! zP8|zTV@#KMlr&WMN808stQ)Hr_!?}lwIK4u)2V@)(%DLVHp2&VUgvNpj!_ms3Vg=7 zFMMdYBP!W0lbY*Oto5vZ+;t!NUcM&;q+$cR_q?R&el)@TfK=?`$ysdt?8j zmp@1W$B0VvMZh~Mv`gx?=N&uS2U+j&ni#N|ph{QV8qZbJD}zCxR)LPS8F?=r5smY- z9}Pd`c2^nd``y0e=1&A?TQqDhDmrxf9e;|R6RW9t-cY&UhuzII!2BtsaFQ;myOsLt zb9|?t-h<^8LJ3%2YqJJMk8A*(ZGKCDL$yf9feFwxXC^xz}quRhBNnh7rQ zW#F$162q2DlT!wTUyH(}3kM|e(H-SEswc{Vc1_S#y9Hb-W7O;YtSX7FG~1o#XZ0IQ zrs-0IERiDCo;J-Tzy375wlFc}s1Ec~Q<2`F?lvy^Wuzoxg=d(H@<%3-9}5NbnIv#5 zFnU3fBmXqM{#rtR31G6wQC>U^b;a2n89iz+34EshW`3YmpQ%EeEsdxBq7lYhgZEb4tP(tHouG)jB7UN zy1mxoaDFCRO80Cx&~;N7A-@Q^GnvdgFffoiwn1sKR-nW%FgQMCz5a?s(;p5MLIww4 zimtZ(^zrRyc{n>buNr{Ae9RQq#r1)6E)OwiS(PTs0KBYEpiayEZH!Ny`v(Gy1|YlX zKG8+IQa|^m(gY`x!u)+r;)|m~8Z(of@UT~^AyzU^t4#lVqe$U%MHF>`*%aKW+8PiJ_jm*w)8QfTj zVb2A-6o?5xGC3YGGZj>EfkI#Te(c=W@KZV8Itk08?K?Dcz=1+Akf9ifuBYJplM| z*fw#bn`XLWFN(V~_gl~C|M&W6Bn=o$O-@V@{t>iPLJrz(n$=DB zl1ag7&(N^80@bD>$#I2YF;321Z_kifC(vVDfuXS72 z*cjC?n}0pixjsH8K_f)lHy|}pHuu?MWO?TI7ej^5A6R5xYe^|f;*b4SME;}_FZO!( zCaC<7{F8;pQCKJqmSW1ehSsuhgyY#KrD!qSomEGt%Ej655QDuJm(AK* z3w@bOplVZR0n0_rm%BL`VoZ$=I55}l+n*c@A)Us^8G}7u@=qAzC0mz)qCQ^2V`x(6 z1wTO7;9Jyb44*M5orxT~bly+cu;R!{X!nBOR!wqAqLQzv6)27tJY)r`KVdLR&ysHY zxy!{W;Ig)-M?bi4s&j!h#qA#MWIq-N51?Ps2 z5e)qjgJISKT_3M=6;FIi(ligbFub?D&6o^iYUuD)w` ze)(NQ%JJ*fU)31i5x= zs~8c6!Qs1qPBv!}C{KzAoNw!)>eP1n4rG>{S4z7SbyW>Bby;qyvP8R|D=00tMLAjO zFY4kOZXHXv6?N4v-8RcO%j>L=@+s*rYJ+U+(vcf(!ztrh_eXR&tX_L(stqms8y*K* z+~LD+kRyHW%e=neTvmKoX_fw&nwluRjQ#!60S(j56TuYnArPgx zJ-UJiBlhV2Wvan_GDFlXQEw0KMr2Ny@NYY2<2F8bpPQZgKv|KLfQl{R!^lohOfoyz6Xn3RXNaQVLzw&e#agXX zIaXa5<4mQ^`QBl9=DwXuG~v&-KOBzPR1I0^#y4|1lQU&BgE~&H+r1+S$d+#hKMbg@ zNbxZ?)Lg49E72WWv8av?kM>Va*-zA$04Z2SVDdIY2fA>qCjX{ZeO73C))XR8h);0L z)2q!Xs0lp6f|?JfM0JDX^?4=YFvh4Miu8b%kjb;fW4j4L0z|IrC%^Cs{C%tJCU9Fn zZhlQ{Y`HXKb8dPvPuTjAQ$gwAI`5h_PQ+lvs+qhkq76ND9aX`jAz-*dp6of-ED@ow zhnc?p9&R71RXI;2Tz8PnEYS_zTR(J*NJ`=39UPL=You`-|K?)&u3nn+O2Lk5NQd?` zLT9h?o}p)eDMWe_*bq$va-7)!6LPPkIFagTfNC!q9NP{C*AfGelNFQ=yr%As{JTz1 z6}T9NpaqZ;OnT1+HlN%}+8{4>+@`(RvAX|x$G)KfY8+lQtCMj3%+vsyvP)p9YsEx@ zTn>I|cmFx6ifRMP{eT2t+R9Jq>JP_-^YUJ@a5}t+s#`2UfXA&Y=5iL%A_8eTCi1lkp1kmN1GGR?9VGeqr9&;Z`0;f zvGcVBL>EY->{KUW6~(I zZ{U8F=B4hykS-vHdi~G_OTwd!evC_ z=UCm-`3GxLQXYxVkyXAXcMJK%bi>%Unpg!{FM3`+!e+q3w2Z)rw2#(1EeyZqLFxq|n5V|@0l;U{%X z6Ae3P;PkW;VE3f#5^5Cae?gPY;O;TQNV8{|s)_jIS{%x`Uz#70S|sW@Ick)s#T#U1rt4 zfKsw#J8b>qGywPUl2HP@JnmH*47SWhzP0+^5d>2mJ|U(1)5D9jRz6}0=<}S8^R*emt3#gtjJO;>b`xz zhuqa+Jrh^?{e&0&ept7=1Z9?R+>X4f78f$^~_7(Mz0TsNJ8p=Dsy~2?r1IQGg zquZqBpxf|N?WTMM2(8d){ox*Wz1sKy$G4e10Oc`P6CNx0!7pA9#UBwN6DLbXhGdaN z;8M5kgYF?I{@3}TyxaCIcuYspBcclqr5SloO$t?EQDyY-rAdegnyja9@Q|Ja0WOMv z=j*CR949!`XYvnj7RCsE zk;m{Wr9@z)^o(vj`dX1LB0__)jG2-vJLz;E(wRqY{6u`9k@#-@!W6(|si?c(a35PXT?iK7PM)7(=jHMI9&xg(uf{TGDn_pUojhsS$|gA_mOx_T*?XYO5I%(zJjeA7aOTG7vd!0JRxg>MmJ|q#^U9>c#8Q>Vb z8S2iWRlp0 z1f*gtd{L7VBROa9-1X@J7{IK5I(SJRE$yk3Offbx1g~+priJV>ihQQ;q@bunQ>nOg zzr$k;k=RG#XrEK1u(eCB8j~!qKr37`Ppx_0a~RN(i8;DaVl2nFE9Z)ivXmf_qHNhl zsOkD9SfSRmDO1g9hwAzy^eW4|7MEUip#gQz0vA$GcA2Qp0W1w(=o=th@&NI(b5>c( zQO{XIzu33or?s$h-e@csu^27PCyhSb=^wMTnvvLL9p3sD_T>e4az(P`MDrKYAlAUYb^$-`seiJy=@(P< zaA3;nUsWuO<2{59m|fO89-w_=@vTz&OQ%K_C2yTW9(LuVdMQ9gzr`mfVZSY}<(ak! za_rHb4(&W^K(i=mvD_M0YiH>;1Hw5_7Yjs9O`GH}Aa;PitivK&=g46fqkn8hD$D}d zIvQ<||KNT9e88hk9wam_F~=r~?3X8{YK7@Q7xgYnoC1&0(H3_RW+s$ZcZKmI-i@O%Q+ohBmuJ=(LE z@TFj{nY};S7+wa({pmD)I;c;g|{#d;B{cT#v$3Hnc#*)}|FP zTIjL2g~tIDi)$wd6&?c{K@5nJf|u_$`~@a|j(?y=o;&Rtu3A$<#z$Brw_B%-AeRMX z9eHz;)T8qvYkv?7Sko6J7uJMS!K1VbKiP$ zo|a}JEJj9R%-0>lO-)Yz97<+4S%g&764?O3i8cY?+9mc*)W?_P6&>(4iu6<1qc;{N z6M0xsESHabxu|JCSY0+%FlT?k`RDdn&Nk4!Js)W26tM9P7?RYKwLjX!P;?L$fhdz3 zw8VKQd23q9Q%fM-{TGv)#c-#?oMD*%DzFxRgIynAOE{!w@K&Ul9|+sZzid-m{vaKC80LoWylRK*hil&^K^@t8ZsuR;*Od74)XyCMXmzP= z?%8$p;J0V@e9#Bh*Q7(W53<_e*o+J2YU&=*4Rv9yXe5SmsF*e_xHO$6>D!toUAu=& zLDe2U{W@vS=-#C^4-g^iuNyU%we4ei8Y6mTyvgxq+^O0#lN7ou#utAqS)}4hIaRf0 zTH0GxSq^QurH3E4a0aSXB-Q*p9~f9;ILNm$NVx75&<#QxnjNa;nJf}m86|};ol$Fw z8svTCNa(B5$M8OziA8irV@w$30o5meU;=PC6 zaCdFq$=l7+mH$W%GPu5nuUe=1=FR5v+9HHv&ljI z#qjWtZrfQePiJ$A=mi7>JRoJv?o4_IT8A-6-g+Z2D=GU_C*a1Ek1VMy;Ffs-xdGr( z)7$}r+rj65N%Omb1=HJ;@PEf=4~1tK8Bu0hQWtv|&MpLm@iB&h$?gmkEuC)V?Q`Ij ztv7caI2F&Rv83`76_CW7==)C>{pNKTgyNcvTRaZ3HnWPre1djUo0bxr{MzpX$$RSxGoKS}@2 zYH_xW>XH?Rwb25`p<72#`#&|#zckSb5O>m)E_!GHez zp<`xd&Tf@LScH}~zVB7hS^jRor>rb5%e?>2>=Tb{CY!IcOen=Q8|%5P97A1CkI_Th zx2ciQ(RG(UJhdJpZx@JgDwgKvy02;#7;j804TYMA7+8}+Lqjih$hT5V3G*McRx|PG zR9R5SwOjCb6+JVhmP#~MMP-U08y&^p0y0(yp+o3E!K zKz{&*x+RmmNS|-$+xGYNa%r^9&r*_7^G}BR`cS{(o`bL7u^-k>b2fW1sC0i=lJD+z zl54pCy!`rg@?x371*W~3>1lzxN(o|_FYhD)`0Zx%)Y8(h=X^nefvKhWmU~sEBKC3= zPt(EXtHF2N$i5&B4ByCPz%KUYSeCxFtd&%+pP5IFApb=L1g=Pf85TrhIMvPX_F{AjjRq(3ptz;R2Yn$ zN~q)Q@3c3Yhnz0mkeVJRmczjCklVFgyI}PLZM`?Sv}4{FT(koeE#}Az-T1BZ_jkww ze&f{Ja5`cU`>o+0e20*T&5?9s&XIWq*W1hW(bGE=(y|XooTMDL^j5Kdj?C|S^Goq#V^TZKOOw5T z<{Q%79UzqmjAO|aVrlhN(Pn4=-RqX!)urQA|G8KBv#VN|jk{X|JtJe-XZ(rq*Av@` z8dlk+>_$qKp6KYZRVI7eYz(BI^&QuDZ}T&2$7EPrrGYfHDd_D_F-(QebA4|}rN1{h zLgh~n+)01l!B7gbvJ}G-5)^p&X!+Vq+mRgx$E(uV5Yn9X=Sw`T7tR^OiWp6op6ReM}5k-sg$xdq?sG+zkjlJaECH}EpI9T>&f z(XbP|&5j>Q=1D*7&2zXi45NISUvjcagtYbnFvDEN1Fau3DtuQTavxT`P{_O=eLEL0 z2d&0gu@T;(7KGN^U=rox>uAdBc*B?-9c_`P>3ZYo<91eqRK_`GG!2Vh-0bA*{Hz)+ z%QNVe`&q(tIW#nsElcVxEgKPm-JFn^I4*F(l+&2FR4NfYEvEuh$sQYg7UxZmBo>lG zQR{oX4+-y%iz;;u9^pIG)WE0i;CCsA14sreF%IfE>pBc$Ss}r|U-0ph=`6a@~&~i3Y9_zdTNewcxorY&=an0*)P) zo^y>ip>Nt7u6c|iEFQKji;nW&AnecAYoM!Ux_CTKP>m1#VQpsi!}*tMCTCM+jG394 z=!_+;CcNv&-pO{1q{>)c80&QQ-22j&+qE!46WFzC%_|i&o0+4AO*`sMsi20#47Y0@ zUboX%S}v;|ZhK=>?=q2p?kc=YZ@oD{aXYVftaiW1km?khk(QQLYjVe5YP}^HFn-T1 z{QrxS|J8EE{o=sj?S}e%)0Ml{b51@!4fNOeRb)ya2N$KeK^P=dpkoe7N@Z0y z&&$<>cUF7fzB9tWo1nFY3!z1Efu$w&p?cjrWQTrgd_`VW?WGC>+Cp$C(703`$?c$i ztNh!Ao>KO&m8?x~z_K;nZ#W}YG&MCvLziUD3S-sIh2365t$AA~@<+GzR5fjr@d7gJ zN1iE7S>Ip5mOi=LW#X-DR;%nt*MSXm)So!wMdlo=eOQ#v8Tu+cV5*Y6sJ*-HbiHlA zZHt#BXt$6zUq;fIy~f3pVVvRWy9)sq@s4D2CCzL+AsDT)DW;v%=KeY8CjDSaMnC-RwYR%(9LzS86ri94Gj&iNz@=F@Ok!*%gh?J<1@=1 zgCJYNQvrwJ8da#f*&nI|A=|(;)}6xq_=0mfX7%c55^oC*pueZ&Lh-$#s17xe_s)i@ zL-%syL4*Hv`M0`)0x9R4oh=s)8ejrRUJ?2gv1voo-P4JDBhhf z-7w#52`XiqQm?h#{_z@_z5)_mjvwrqCbZ5+y}>q{hj*omy+|bs@8C!xyKthXMJj1I z-G(p_`eoq`GkK}{9Sja0MVZygiWjgOblWW9%Lhk8U2O)%k=!v^BT7_svr!GI!~OP$rykHEB6 zyV515+Gg0fMm4JQWWiJ7>Em_UZ6M7y7n93Vv{{ow4ULC%!>kCse%I`1``|!t3~H?I z;r6>vQ7OSVfy|-9HEeq)>U>Ofp{OAL*al!8>2ch8p?pJ!_al-&YMiYSvDB@xFyD!G zLk0FRIXyzXzvY5Dg?d3*KdYmv<^p2}!-Vldl2e$$=wr52F) z+j9h~xL!rsIbTRLgFkKe54!Ynj}bH=x6<}vQKixr!4x=!3oB;#E8J0a)B#I3XxVNJ#9FNTsVb|EiM*!kFz#c`;yN57|RX8J!|%yh?ucI+hh{Z?yfV~VsVRP{OvUg z@(c?LJL3Xr^^>oHx@dJtqPL z#bAB&f(|%UjmyVvq^QrR5nS$bH_h~ylnj>2<*cUB5Hz`}f8sxG!Qu!5DiBGyH~uZ| zY>jyo-W#urCCqn~7F1ypq}hCGE-A^$uQ!#^XuMY#AkqPi2E8nJlaYBs{CB8J4ijft zUhPjIA`cD5S+Y1ZWgP&^{e{Koaxs z@RY$~Xg2a`YoRrhGMN_h;-p?j~G;|Z$TBOS9rJ84yGy5^DKwF5+^mgdxMu!?WR zpZujoQkZbFH*~PKN;V>3SH)MJrQ`74~9cQ$}RI9Lf=oqHbFNJ`@ zl9U}n>n2&sdi^q-NT>MWJYyk2VZim#LsbH%#biQw<+8_&=~WtzMg#usFyGS>Gghtv@aA&Z9K>(*25n zCp*3;sw5aFrL^Vsx~1|wzrw$D^Rv=@d(n;0{H#RdjWG43=UpKFPP+52nV06IYPO^$ zE8ai_#^mIrIHC5O6qL&%7o#-WgEGu0(?$Pz1TpRlJCtd$kf;RItI5I%ht&?`Q*QKZ zR)}s!hUik&nd9^7jouRVcLFy}_E#htSw-w91`1_nOUs^zV%Jce%ngQ7NA=vB{MH+P zW^L%JG=JeH08k=itvo`1Jbmld{W@JsK)N#g(KIOl`yl)9;7H}7`nsm_x-5`@cv|>vY%Cl zHt3}mND&0G22ClDYPt$7xgTo9r>5dgj~0%#gFF*3L9U=HwesIaW^`$?%loBMoy9M0 z_@4GC%*@Kr<#0zke_L+R-YvO~`Ex~DBwkoz!Kq~nBR+L@X33t5lQzA-^H=w{-bm6x z0biFkMI|n|^7W<=Zqm$h_v>%0GpUcP?v@!yCXEHhikf}NDpGd`8P4v|F)(Du#_Av7 zURpJCD5He z_zC$LUKw&}+#)BN!(&jV}n;jpUo{dQ1A4$JAy+@qmD;TmF7D&o4Um0c7hpBuo_H z;^KmWGs~*5R6tqHQGq{-NHj$#A);p0>nEeF*~XbVGANit`fs5)coKr*%K38Sj%vt| zBpt6pypKRZHP1ZWj*yPWaSdKH3Ac>`IuohE*q($YJ%|`cuL1Wo8VxhJMH>vRojjOJ zc=(&+U!Rwao0q{N-bazhMhVrXSgj7!NN?XEude|U$PuIplBkOgEc&dBuWY|cWM*+V zWdLMVoyQhVb|NgE-YR0l&eP`KU(vSaSO2myBjgE_Hq!hc|I78QfX&%EGZT{)vu4)a zw1hXDtgK0inx1*3M|_s^pEQtFm3>m>1gbN-i>&RD=UF0`b|5Ds3)_mDDxW?TG`eE1 zF!<^@I&yekO>v!0FC31=bV@pK=sVsQa;WHQI;t`LRtX1xmn89uPGoM>TA1`c-<#{b z80Ed*OdZbs1A>B)rV$0=`|7f?Vi#qnP7%d&;k>BS1FVhD+z=gaa(;WVwR;D+Hq3R4Lw71;5L<(s>-iSX{PP;a zK^5jT&)W(~zzJq_^e%#{^I=@P^R)zvg3kamq&Jd2hilm-47m_W$3-itD%yNg%2(Lj zoE}(DxMPU71(q%YQ&_$Y(@&4=`SD(93RG2Pzn#%|_%mCfh_1edEV+Wt{M5ELb(1QbN1OG#-AK&4d} z8l{o$E&-7ikWNXd0frbt1|*dZ$r-x48Je@k`+c6@eLs)y=bS&z=bV3FX74?Fuf5i_ zu4`TK{jM}t@h3@zfP1H(`d0yNm1|@{+d=YC*p8xy(z5t%O&?^NXEDNtQoIyIJ*L?~ zh~_ke^1;PUhqb0yKJ$--(>6Y|MwxNH>tbrbu*uF`&}*&9TWZ)sU=wM=XjLZtnCO8o z`Hd3WfwE5?&-sE)%f6xyw`ccOc{Z>ymd9CD` zR45;8)NW=;+5{jQ8z1Y89u~nT1}W^4)Sr3HULSsEyMJgqYhku`aInJO0k(qAxGn13 z*T>kl)ciBr0r-8MN_*6U-V6;D49x+LKz3u}PGjrqKMr|QI3`$P^)vGRpQgT4K4!!R z)hrHM3!Y|r8)0wcD5Swm`9e~Gk2mgpQKwSS#QyRHe*t^*`QfY@*VgNd(GG5{LIzE| zstyg#TDN_6cCIj8X@`sROJl>sde%8t$XW*sv?~r;X`urM(C<4tk($cxCzfzitu4tM zEVLh5@)r)OJ6v&GFDOV$OUrCLWYw&RqxhAHtgOwF4+u$=Rn4qe?rlBc$SbtSqRTvG zd$f5B5qxPb7c#D-Ni&?GFuTgRYKYBdH2;#8&?e6VVU2?#W#m{Q7V61}(Z+*xm0AKS z{u|I6(yPK@UwL_XD@u-XlB{!*zddgM`7@_9vx8Mg)NjI&bQP%`pr(4&2@uNHMbc@z z)>GE!dqrWvp@>vn58F$1mD|@>g4A{5*d7$z$pzIT0zJj`=TPY}$+PmX*8=mh!(#IJ zH9HA>gL{pHJht;=@QSZ)M?1Aa7YkL_+5YdZJ7o`TpVoUX^v}%~z@oUHa2&vp{F>Tbr9_#tqlM zSQYvvg8^>3AGkV9xGrASd5ADJGVVV;+I7gD{Ps;u#B$xFW&o7bvw zDT0>lVfkOvgM;m8B)x8Vwg7K((j$&nW6f=OAKpJNXGNq+IZ-hSIo>%FTAG`_^qSX* zZr?@~$#?tci+WBNTLvvn=1x3NBM;A_sE ze>Bkd#RzWVXzz<2nRts!F7IM6g3r^^nHs(%%dyX6D#y6w68Canaz}|L-1rPm{`?$5 z9+D6;8r#a!&katKQP(1?BSW$Hc7YTrE;*q7bDag(ii`spm_%nbi zJZaEZAi{=9R$t?sbwSf8R$sG%hJ`6;W1}^ocaMpTjE#HS@nZv3g~Q5WzX4t+C{0S& zjV}ezn)iVA?IQ^A`PClu<)(Q(?~$mFWhcH(G(z_lDcnwZH1h38bln`iQKxzH1Z0lP zwr4^dObW1sI5=KGBs{mipRh49GR}3fH{90H{1IcOVcMaO+}W|CT$6YVAFuo@QngZ) z-+0_FSFCJcz$o54Xc2S&Aqxx3T$|So*V_o=(xtKu2wEaYkwR3TJM6u{(F8G$aqkAUbC-9ct%hx6G-@UzRM0 zIM1PE6Dn;`Q^ogM>kD+Om{MM3WdVE{<(_TaP@5B?v#q8G?IO5ph!Riz>D8M31ElFt zXPyawjN6CJ2s(^D2h@`zO13SdnX(bEcu_e>p{MEKr5b&^^cBm7uwdKunm9)$r0HMz z&Hak{<*SwJ-(rV#+y%s8#|+TsZ+@F8j+pR3_sJYt1net3^fp?O2ZH`u0~r)ASWrdJ ztOP=~>s(#ql_Ao*>&}v<4~{3qPokdsn1kv+qWkjQ7cT%x5cHZx3 zB#sl(som)WYo=x+0`frj(*&mbg!^YTZ-33R1H<-q0Ayr&RcOrlvQT$@!6V3mI9vN( z_)BR2p&<-Z+pQZ04~9yETA8HtsA?`yClbvjgpn$FP`wZjit)@m?ymn!s%WdLm;@i5 zWjjW$`H{^x7(Xx&KwjF7ir2;5+D`2Q7KF}+?vGXw9Q2dBBMhpWlK70}6mVWF?RWC^ ztge)Zi`O{-pS*8nkhnkVIawz2o(SRNH1BDq{Gy`llZ{#}G`)&u{)raHRDL`Bg>pf2 zq*|X*udTDQ5JbQ;VyLbvwc93UfCE}351C4F?3N#IVQ=XA@hsPoF>UR-hh9Wt9;MnFu9uK)3%@OQ0~^ZqRQo0~ZWP2vRGt#c?2oy*Yi5{QvE_MbyFU)o6JM}c zdGeMbP>Co%D(^GfVyLBVY)MLt{EVYu&o4v z@z{%wz&Pn&!VidQmS&{)MiK+fCcX*RY&uWchHHm8Ekeh&nJONKe6U^w!Oq|!*Iz>X zHcXQ}c{w$)+|`Dp3Q2-t(&Yg)&=qsqi&n286)i1V$XlJ3K?iz*f*-Vd+3ZO6oJm{N zK^Ktn?5(J*4EH**6tz6smW6J(5slaEF}HUw7iZCi$`%a|^n8=TC#K8VUFht?LA6lv zgaXn#I6O|ef@e9n!u80NGghb7y!L(YRYJdMe_iJ-@!W@b!3}-vQ~BNPiyt6@{jWGz zy5@r$?H4<9C@IM$4HXUzP`QJ}eNY zvg*CyEP6V&QZ*Z{wH%=&A;ZMP^qt!UZY(%rRX1iex?3%ud3>Io#w|7^X%RM?QFFm@|ZW3VBNpaQ}5GKLp%^b zxDZGJqDMeiyV=a2)o5Bsggo$*y$z8VFPRp2Nnr$Xsv2`5s)XKg+MY%wgb6sPmoAQ#sBMQr6#&D!a|j zPj{;mH(u0iHR5rmuNQyF_fJidIG5jj=r+d+k{sq=)^EcnGXg5S6d>LRNL+~+mpdTQ(o`e_;p3xLGTBH~vEA@<(gG!jzEN17RMzHmii0C6G9vK=^+{X_?hagj?>~g zzia!w!7PKe2y>OfnbCoP%*8MWp7#9d@TAx9w#E1{A7Kce=>}?)(+QDa+$AC#@~Y?c zaPMMr&!V0O$O(ph?l5=Uk1}6c$QBwXXCs?oZm4L@o_U?TQL{>v$ZvZWethU9qG(;W zOJ{jBEo(Fsc&|a+W{X4|eJawu*fB-I^~vkwW>f8E4WB$G-I~qXh%Hyn`IMi+@r3f@ zO{9jr=l7%Cs$<*BYz&7GJ{?j3iY zeALp?Vsdg>7nnbwvR^}fjl-Dkz+S&c6&7+LhNQ<$Jo8jAIDGNOyTfL$a{X1UFp|*% zmT0^>XZ&}<6$n)ytuJr%z1N&KAKS~@V?C)!&g&BB++ypIy{bTJh?n3=QJHFd4u}immc~>6*Og5L& zt-6adG9K$m+Amx~+L;Zu&x3TccxUv<_VyWCOMUAUXB}0Y)S4!mR@26v)BeH2^3{dL z!_4GVZIKYlF3#Mr;`--G_WKh#In0#T^knl_HvF&5I_kCT@KI(VN;Zr{v|ZKpI;K2! zTohyK^IsR*_fuvZQRzODv#tvZC?PXN#qU&sttkPh1^ciiPWMaehs&wrVK5lqr6ayv zqJ=Dd9uAI72dI?ChXM{c9F*Web?mNo?ZJH6D2a~iywTpFK}2sTwQukbhNe+6ruXMN z1=dR%l)Ci#*u^5h&I*Sf)v*h%=+PG+{fK0&V1=l<$>5>Nu(qQ}FqPN1qRf9Ryay&6 zR9-U^hVlQo@)}bqm{;r6B)l^*p?e(3kq302=pHRZO_kzR%>4&0fcNa(^x`_4XE4S9 z5S_fw=`B$8sZB1JWoKB+iIB`zs=iu~f1g(D^TYCtjAUs228~Xn!(GD1T}|u_ASWuu z^+xsm(D20pb4tF50{g^Nq~0f`vL4Y0j-3hV5T0svLN-6a)q-|e)l$#dE@#u#p)>~p zU8bt*x6RBruik!6#ijYo*(UoJDE%Ap|Mr655G>c*~LCBMN0ki(6HRx2M z*DVha$78FSYeyhWi;pX8tJC!_E`Tb|J=L~Y`s$f2K6A5^gB1ShZ+M&yb^b(y1?=^{ zpqZZ02C6uynqxN*{NGo*tEH--K40!ViT!Rmzj5fvl~CER{B(0@bt0vX!-H&-`Im}L zlmMVhDTED8tOwSAVzIr0SKW^8Nn{D6{zoO~&` zokOEg`%_wR&1krF{Yfe&kT6zeLO(yh*q4tF>3ve528$OQ9};qTG|n<empF}gp=D!tD@X25;Z`bN@N8`_oFw;m~wd5_y<@1 zXaw#9o}-QXIxbn)|CB!XB!V#lDHV^iE@M+>RysSp`#$%@FUDbKjt%;HEKfRbAV=XX z_69EC*C+{k>8C4?y#dzP@32?QD7&pD5h3BXg!84t^2drmjt83m-XiOX>N88jQge5$ zS}0g%f70MY6`H&)xskY`|G>yn=hFNFRbQdKaqrP?x6z~JkIEHe&m{bYU*ip}tk8&f z9J1aP^-2bXRl?B6iDE`kl)bT{&DkDb+w-qq597ogmlJi`$QT+Dq~UYp@0xm1_lj9* zj{Q5+apH~Doa|f`!0ApIpHtcZx&6+|XmzT+saCPP|JXWwpwiEAEa%*SVye<^P^aZf zZf@MpuAP7+Q+@^A3-!X|6fq6yn7|0YD_@t&7;*v@f-yO~t2dx(+B(Q*0Jnz^>V;=s zsRpiUJp7g^{X?vzkk0jTOChW!~XT+N~)d9|w{L&!Ei>!I1KY zg$P?B94}DmJ8Ye?h5x5f!@@ZO#jC&vByllCPPVu)j~010_0T3EpPdoXWw#u?j!&bt zka3AwxUrVs-#m)nOPai!y)=s)6V1y()W4T`q)QaW%Jy-sHLjq~pl{>0oeFWgQfeNt zbYw~k1#A0jCcIq7YmO03LH68jN`nFHDPQNQCEq>mTqO^jYSK;x6`I}9hP218KlIHr z9S8EhO)0z{=y=t^-q^r#{@@#;G$2t+^l_8S&RJp)+H&s+27=Xh1}}G1)_LMR|2gBm zHalCecECNiQ#HB0YMeUU+9%MJ={+_C@q1Zrh&>xUbE!BZp%vyL8bct{GXj!WsBvWWY&jRe1JTj8y7Qw~jA{w}QVSu|gaUv%oo;PN?w zH4Bw|E;&p6ZQ_F6#<6MEa6fVVI-8ZpKnb12o>D}xTj*HG+&1-vE zZGLL{{QlHhk6F(z`d1bvgN~eDOG{U;)3v0Pj-G1J?r+)j;CZ~LmPygrGyn+CR@teQ z604C88H1HGkpq}wT3@61YRMwaUR`0+iR>g35kS7z)kkEwKKlh=i`d);FrqX(qRq61 zG1-ekP$fH7Yj9^c(_S@`aotGrWKGWP;HcuY>(c$at5pS%;*9?OH`&@I-lc0sN+t1o z&3QEJApKTq(Ejx!$Fz({lq=840OH+oN1(eYNB!l9>gX3sz8oxl-+pG#E!vMpceXP( zgl(T?=Wj^t|FUr#$u6eIV)3 zuao43eP3RXzXcveq4gu2i5 zM>{Sv#^^@7@|d?0h50^j9;4h~2<*8k7FS`nhrZQgbQ|F%EarT@@bR8IO^;E^#=sKl z9<&`?Iv~E$f*X~pol9X zi;Fg?#>2Qd7AB7)PO(Hcz7vq~m-#H?hCtp2-oOv%hCEK16aDP7-rL9brNPb~X4+o` zQx+XnJWx%A0Ulw~h0lFIDfL-XGg-{5j-~5aO;`Nwpy@YsuiyJ6{GH_;qu%5QPYrEH zquf5005vfak(lZ@&pTE9>BC@6gWTTl86{0D?;aClQN8DxfHE@@x*FB_eQP~ zO-xqg4axXoBC@Ii^_25(26xF+>gRfYq3Eu@#hJX+je}Mmek7?f<5cjq!s97v7-!fb z&!^^8eRD075g~^aJ~>Y(rr9s-wCj={BIKG*YL^uflu6&QAb);m%*{*ke#GMPwYZ|2 z*zGqM{tTNly~A*-*;>@{3#5 zjDx~p0sBhrS}Xx?LBs4%|3z5pmh|n=MVLyT3-45QA&W=2A4Xy>hcCjINxjDaWSF?^ znJ%D1z(9<*w1-5SOzFTk8fxod@J!lzQ?N-f__jIBC>|Hk`esU-jHSWoQ2{(Z?vhf! zr4rawp&bXM0+4VmH%ley_GFr8j`Z2Zmaa3KA#asER1U(8-fr-lI4rtKx7Qk2wEl<( zLZ&Jy|Gbs4LZ~f)vw=%Vrci|0-rghp*odm_YJZR%Q#Sn`fQEO3`Qg_g-h?jU61y?# zZ+nosYxEFgihz54HGTZyEeq&i!SVxL#kGupU&s!x6?N=k!jvBdfdN>b9iUd&I@G?6K(pOSyB8L^}^_I&xE6Mu?{_0KDUlCryVc0P6=NiZN4wJ-{iZM8x6( zz)ptl=3v~4_)kTZ%=&N+UHLdB&0&8aKJlb@aW*1FF)!Hk2%(MX;58Z#CH_j1Y6nK;h;Lk8; zi~RLP1F?hzt@>HXWj+zKSjoQi9~l)6^T!$v3KyaUH#(H24Xd-@=beBW@cgD304ina zM7^+%gsp#Ob`R^#%*|a~OM5~T+SB=LR#GUH^oz+>)crUB*UDWwkLi`M6!EJz z&dOCW&Usb%JwCHeCQUBllfGjKy0oaQOtjo8zaiy#VC4HqrZoA9BLfva^j){p`GCq9 zQ~n7n3kM&$`&|6DE~?SR253HhbY1Y-sJlecrY}E&Dua$_HLLBJldsM%*U{dt&0@N< z#a6$~Vh1npY|(4WJskQhAXdBaNshR_zUI~5Sxon{vON>uCQlO5B`F>^EvnTMj<+utELtEq9JpIb$Vgl3MWn88$>T`;)t$kmhxz=B!t?EWAa;eRlX{KfvQgvH zXVj>U%LWQcz>d_SA$yKdT-}@Wc2oHt1wAE!tPDL1CfJ;vV+K`(?)EZQ7nM0RtU}tA*ab z^_)&&$c-t9-8I5;$JL%=_w@w6+yQYkN*bc=MGfjvw=3qnxkKtKvYeyf<|7?$hsP9e z>A}i%VSb@^X(#e^r}uu(@|i%%)hf@|Is?yQ+VV{YHr&Rls@co8Ry<4B`k(JDQtUn% zwqPMjqc~m!v=(EZuCKk{9Y#D|H^QfMci{o-J06q|ztxw-U9ay!Reb0^;YdKk780ib z1&0LTdzwpYMqQ%a?zHY2#ApluItv@=_cVS}Ws14rW9V+du1U=yA5CC!#Yl%pv~#6M zF(I&-n>>MNB_CIZ%HEp~$7A}cmsP-$rJe4;o>*5xqlcw)kv!kj{vhSWX0aiv;{%~h zON-S10?Eem{mx7h0tlxJnmz825aS@7*Rmocj^hcIOX6n7G!}*bYUPeY}oA8

k1Ey~_Y`jtS3{DmUHyQ_(sA{@la>#*o2SA*+dG;>*{=X5id@{u*1CT?` zgqN|QqPk1hae@HBnbqB|28w^`Rp05y7^DEK|HmJJ-*=2K)p0Pnz=l_$U~D!huYo&% z>!rp0zl*a;Rbj!4BLL>dZ6hkhMNBx9c$af8W+50p9vkxNo1&oNm_ebZm_%1s&9mK6 zJ3_6SU#7VrTHGKD=6T{B{c|uarsfoEO#uNa^DN-Yo2D7^H#R1^A z4dq`-XJ0z*M|buUomG8vsIpeuvQ$eaZ`ZKB#Q?C5IDTuhm^yr1n8v~D+*3WGeia>- zpsS9d;NY+*IdPZYS$vlgs-6W9gdfH)9PP-8I~*VA3z_VkYTP-B8wtdlQ;KbYPN_ z#KwT6r4l9Y)abG;J{@0B%H6MhrKF9!q3Ad1)=iDa(JbK)@>b9gN6UXe$?5n1jXnI$ z4cpcD#?tu*BxC)ye<{@9N*cISnN^Jv)}$PXb%lf!xOae zU>H05dR(K$lH_bWy|Vbh3IA5AfCK}by$2YlRoih3y$&Yt8_1H8t`GIqE{H|3`4wI& zGpGxugF8?b9i6jH8{V0I!(c2PwyYY?R)M}eru)25Hg8;FZ{gMfh=9QY0-(_S)h((M zZUt=543oEE$W9hsl#f54qJ4;XbEauB0_4fBf;4_c0#c7zKEWeBFRaAz=pqAJE#+&{L;b23j>INt#!zeC{QmalpMC`xLVUnoFZuX$ z|M8i3K0U*PcmX8{og(gsLM&%vVGOK~OP>LnhR;5A{G1FSbw>i21V9?~ztOJ%YD#Ss z{{M3OIgB~k!F%lThpV)UY8mD&YYH&g(ak2CYGr6bNqi*8e4!HRWN+V z`(K8L8}k~&Zg&#D02UE#XLG{;*4w@=WXdzhI{fh7a2#WM~i=91#sGykOgJo`kd_S0O&04KOYUmMB$FM4{})cR41q@*@A_~ zslYq}kp;LSo(K0NhB$B^?$8uiegjKa6z*iD`ZYm--KHIX4r}A18i13BKx&24em1Hi z7ae&QW9@DO@`&mzz}VeY-!No2pU?F#eu|KP@KekWT4~AJiQLgt12)t^GGl zyTl!kfLM1(e{7?y-+zB!?Kdvlx}%Gxz=3=2?h%GHWMMB#C$VR*ZQYj;7z_*^zD4_Z z_Q=fp`WfJ9D0iGpQ2s#pKiYzc3h|hzkR?_dC=f2E)so(7L#kOqSDJ?Bl5rnXvemVb z0Y_r<%!f|21;}$jpT}aA=R<`3>P^2pEZ4DgA-g+l#L~D@^z51punw~El7Lf4U{I)1 zx#h==L^0dYgrM#Uz&pquq1u--zF%%@ulhCOMm^Wx=oeSDaVsmYptMOm+7c?zKYRdaSY*(L5<&9MyG=3X@pK}YQ;{F>XG+C+}ALiE~$289<}oumGzI*P-UaXT08{R@yQqt zP@%=L4=cyoKNJ9w3|NRnF6@X?`4+8Kz=%jZYP$fxNom=Kg=3TvSg7c(r`r9`XhQ8C z=);RL-=Jv<_$M&rFI--$cy9~IL$qptO~xh(s4Z*%kly)CDX`2`%b&K~ql)~Y3Lc@; znH>T6p`cNZO#ZAKz=Hn{NfMUx{ku)K?%XfO&~PVxbCo5Z%D}PO;l6qIlJ7&Zk2*eD zps?E*ADbJHy*ydNK|Nf&js{BYNraTUJInfn-t+oXgwQ)Xqf@y{AynPj!8@cXCk_9_ zcjATFoIojY3-8ZCbz96b@>Y5y6T#Cv_YLu?-cr~w-lLn%{zzeCuov(aJZ~GryyQ{U z$U)%KFm+>TX({UrKcbHZiB^F)d(Ug}1@DzhF`+^zlVx9ohWwY7oWbylxR8DLBVrX8 zJ`5Z_0_(vo+{+lNf&E?tdHoLx+3SWWkQtp5qJd&$CIlg{$U&>}IF2(>E>ro+@KeA4 zKvVnl0M)!t&58o7;(sU?_nE|;PGUXvl`;fMT4v$KIy-Jv-;XH~f_uckutuA3k$}9C zk2_BO&box^(E(cg*Z2V0!W~9&KRY{EUM@WFwd87KYmAL7Bs4vQvQvghn*)GW{`s&& zjKZFbY-IRT6R-#lF;>CbwUL(KDI=!e`P%UHjz=CwK8#zDoGyd@#H#*XogD1?{+ zL%~+$?{Qa)v36d|Mj#OPd#I@~ds^V7NV#)URg`RUVW`G^6CE?tiP_C!HmSi#sG7Y5|W!R9Bs;pci7y7wr66X*8ruNuapM{ zoI?-Y0wtX!dN{uAa9IuY+Cac3(8S#FOeuGJmVK!|z&@|4%IDW2%D0`Y+z8oC5Mwj& zHNyf|r|~Wd7RmJ1tM|W%AS5yV9lrG8f1UU}iF_Yo()i&v(=@nXPw+x4DheB}g3wna zH+8{i-qu|Wvv~A|l>{Ru;wKTk)}rWFN=i!VFTfC1J(zdsdvBi?T7bM95#G%$VzYFU z&S?F1KQN{TF3Ff8#IfoD=_i?LMdYrR_AI7c`J<&ZE7 zes%Bky6WDOoAjP5#E|i|F!*`JflVy9jcX_SM*05Qlc5vCp#ph1f4BL?`*92_ z-=!3I4u-aHB7>NI{ec>?#&wU1F1d$`QBZ4b!9m7*fOCAH@?4kOCA7sJs;loTs`kTC zeerIIZOE9ax0zMbhHJ_-Z>YW_QX}4+b^flWm23C@g~?_YfFr`h>d8(J)~INW1XMzT zVN_>!`J4N@$~tGiK3z^s#mC0clp=PMcv9b4tGjpK56W}LG>73U)7zR}AKWW^Ix(ux zjd`gyNDc4bt=haM7)GtfS0}i}*Ir!vajh1Onoph-Kv&rwp=VV_+sxAT zYS?C5Y*p6_I@h5gS_fgpp^N5eh5@2*EvJR{*POw{dG%i9N4K3ygU7VZkOsn=4&loM zo7ADgsk1sT={BLX%?%4h_u)eEflVX}V?)@o+?u-Q_gwWa&11hxSuI{_Q>dglx4}nN z=R&FOR<7VxwQCE6&bRLo9wpV+GsSI+?cPO@uw8=Qkn0nP?ed`&RqI)&L9v#~giBNN z41WAvJ+6*|^#~b>>7Cr;Kvj>!_#ip@Djr;JXAf1@$PL*PH!8)vx7CcP=sF}( z9$elh5fOEt3P;v^5E6I2&lVTIiClzD4)+Tt)|EScixP~}M;9ga>$(%o;AQSPdF&o- zI605iE+n?z7>FAwJ$|oL`Z%b<*FZx@D;hblYd0TAD}g9t-d&&ei{9ywOMB+67tw=2 zlro?%uJ*_|d3kpL{+&1q-mZ3L7uSK z??CAjNMYfCB_r?+{{1ok&Zkf;cyQ1%jxRH#avi8^N}nOLX=;0^=0l4Rf^T+YAThOMOhdJM*m+krMbRQ>2M}>`e z`Krkz`Ks!{!KeqCnwqSJvd&M-knV1BlQ|bm@&CdT%2X{%w=G>qNvD{Ww+?3E)v4L zTZDYuWZalimS9tS^0caQePpTRXNEZ#m|7jSC;#k;kMh7I8X7wMcN;*LRWSKr!7INd z6uDmEFT_I6+8%Z2rF{x%YbDds#;ppPF}zQZ^%(q~U7ea7hveBOpSYugnx7uEDmn{V z!zmujs9HjqUUx0E;h`6uMS^4-haa`YoOv(GnxA3+^R1olYz6yYz zs$lN+=z5X<7OzUiB?%DIF<3`yp*{83_zRShK63nCb;*c!5C5Jx`@y|TaLAs zN;*3D@%{PHP9rt-(&qkXMX+P^6=$c7($nd7M~$EJ9$jrRALcl~F_dAWrJ33GXx@Kx z1IY)_-}gV8Ui!D#{Hsym!h=uXq_}_2F9m5#y9^sF^B3daFeqbs^uhHFAVHj@B{N7- zzTKUHeKQR$o-PmM&=@oRL0AV>T3S?JT^+4Bv*;`6_6T^haSInhQ_GSWrBZ#E z(B&_xZ81alAKhdMy6H(~2E(7aX@nM>M1K%16QuY3Krt1C4L_nYzWbrU9UOKgzXMux zZ${G*3m*nuGx>7Q6VN_1kU$X zddmSx=HK4>&K+<&g1;a5*PN1S1=~n=9pX&uHjx0UYRN_~?#e(+Cm9FrCK{C#Fh(@G zvW{Vu17Gze3m7rSX3$XtPw&0q>l-U9hZK)T?%O3;qmw$}i%LI#Y^9f%KfU$s@vcD9 z74*cV>eD6#Z)Q}iT0-*87&+ta2M4?q1TU}uV_06_og%P-E7ba*N9FMwbgcws8-Ha~ zm;<^zoL@bR)*SKffTot#yv8^NX6 zL^Her`)Q{UBG7@TMF`k&?vp1i6c{@X3v|r?{&mr!33q~H`v)wc1a(+xVsliOWAC@G zXCkUR4TBzG=ELgiW5x3IpX!fJwCs+$`HFWQEAUOdD|NFP{I0;*_EM?T3^Yc><(C*$ zbOci^4rT~UkyxBqSCYEFRhFP{mZM&Fx@NYTK3aAwX_dCL>M2acD$CI}Xb5we?K(HD_bBPq zF|G0+MgL9-92dsWFs^mElgL+-MOzX&ZO?XNu%Y11e@Ge*|`ux6GI2X-t`yM|1m2xfP{DGf4T9`!+%MwVIY{KYlV2J z{DPQSF~on#%0QCwDZZ~8BhYOVYS+9OdgF1yw9o<*qQY!+VuJk&tjic7FoTp^v|K>$ z1r&?kMFsARM^v=?Yu(`frxH*9PH?BevILLm)<1OnUn-U+0zA4^>($+M=D#MSP!jPi z-ACz{aY?3zuy|hq1?!7>G7>0=GbOm8c?aoaVkbP1Nd5w4on+p(gIn}Na5jDK{6(1VS#7!fm`Q+~%W^{#|cT)FgI;Ye+ zuG~xjG><;{lb-JJ)8iAj7Zw$qh1M4BYiEHwCmq9~ci{YF(0v07hliVt2{z`{?45Xj z>lNSQyFdUCLxk3USRa@^1|pSY(|5&H2@G)9huhdz{JP~I8gzkTtEKvtK!!t7l3;C( z?1T#$8-mT`ai1lTPSTACF~@bM3E~WonIO1qTgeNRUB-+X&z39aLMK}wa&iTs5!X9f z>{*Q7>6ec*i~mEbV)=^sCSI|LQ&Tf?H9|-Goz>~|4~!@LG*Z_=eu8hRiA~njiWsIB zBRPi8TfNxJv)9U#w6u11_M=S9t*xUYzv~t!S0pVKQySGSJ%N&CUed7d+g;p88kMGb zaA{{g@$4TO(qxT2(r`^_=T|IW8Mo{95bv%LT6p8_EV26$LVCnpr*2oU3actVQI)7$ z@J#RdMsK)1c7OGvT?{{FtcK}=dwpki?-D_h;eY9g` zFQ0S@7I%F{^9cP)naA9Kr+_qnA~m4SLLJ*G77c^s=>3>HJ>#nOSWJN5OryIUd2ycR z!3sXa-s>@nrkt|lUggr55lZf04(FGABc9wrNoXS~Dq`qjDg|ITOiS8Mqsc;&{M1mr zdQTQI=CXbKKy(b=;b{wPf{qL4h0Sio>AIxE!PtoXN6C}pkEi=-X}c>KC>w6t0JZYU zkURYWJwUl+bGo!JLZ0dwV4Gug_oHim)yNw%l z#>EYI$_b;d2obuEzONta;oLORnG}w540_52Ij@bgA7#CjSuw9Im@-+B+#%ymlv%!@ zEqJwP%ThS*y1wdP{V=Po#`wA}rOsl1&7ud$-#WHlsj|a63*`^I?Bt#%&A!BGh=U)R z-^YI)PI%)C*neGWz4~;sYm+WVt8^>!l7TcA%+cNCAc%BoOz73_R>G4i1KC{I{F_Lj z-3Z;!A2lQBXd>8ZIB3MCk-0n*iA}va49N4J)8dq25TdOxQk1ys`H=Y=X^UBE3jJc5 z(yg;V9x*-lu=wp>1Sv+Kk!UC4>LRJFOvY%8K$|#Cy9OAg~I+;S*O ztl%yO$%~crWC?!O z=cygcTn%6>Q0Cc*YRMgHPZTy^5ii18aI}*gVFd+pV__shK!%F(s**cadUPwe9>x{L zYTHP58#y11T!X<)7UpwT`IvupS?LoZGxj|fkUYFmM^3}5DWWG6e4f^iprMWQxfN6-EaA$i_)go0`96 z%ZSD|5BxeARO+C7(SDtidGwgbZM1_K zrg&?Q`F-iyosCC4?xV2yyAW7hSSY6h{sBxR{~m7DnvrAoTTM_6@g%QCP-CP+ji;fj zTeq?hYnZ@#7e|}1xgzLtlt`R{mQP2ug=2BHUERYtE?Fio9WaO0$fqtRcNi;RPMw-m z+6?V7wa1(MFGfz?!;2R@3N(4y`pMlYp>15k6RVo^FiCW8pPx`k+O%tbUt!I9w^1&+lftYlJB~9=MHkP~M%@u9Uial(uFRZSqdm zkSB>~xcmTS<`U9+=X$=Vfw3*mDp>u8<#Oeblz0~wLM>ekoSmJXnV8fKYEGf}T%s@9sZ*bn#HdHN~m5cP$_x1{XCg@ zpF=GLdfwH$8kf0g=vndym;+0X2=+o#t~h(Eg?qvkM4X-KD@v6clcS+)N4HY@GRlR642m|P4{z5yKlb-+ zy@=ZAR-~rA9fd&9T@i^ZQn-w2uMZK98%+JSvW~Hqy1i?QuxeC3>VAT?_u*0H=Cp;i zd2|y#%Y4-Tc(fWtC7UVe1-hT`$;tZ{#%n$PqQ??s8*_&naAxDTJhZVU!0uaJOYW$7 z8r%`%9k)@QZ?ULd8E*hXCwE*vgBG32zbj~{E|g*YLD!jLKYGV$5cv>TPO4LRJ8s%$ zZgE=o(ez0@5ocMS0_SuP9Qv0Z{5N-5%JRx<#)hJzz|PCQt#?S&e3Ir((Jy?E$Z_tA z+2Zhyi>;n;BWhyAqx5A0azY!hEHb)4JfK#4YEwZvB{=>P#A|7ye7ZbDEqN!;ZPvq| z86NvVGRuv+%k}Hr`488ewd-)Wfc7>Vs7N}SH zTf1&x{BGNE^-x<`3;hWZdm_#)@q@er|L~Q=YHNiCU-V5LbWIUw4_9s8?o)S2@BTr3= zGf%+(9&5OD-~0Tn;(6;w8+wE`Hn z2=H(}Nf^F`4Gjb}vxdQ-^W?ekyQR_@2u3>L@C{TPeX&Bv(1F@>dCQ|tIGG(=+EJw~ zZXO=#hO=bU6}aJdw!bw8e0+};2fW+=Z~!qqX_yS|9m+$pA#lwXRBPu{vqs1pk58T+ zRGy9tq3g^5t21kruT&23ZMuHhOC*PPHlO4<#K zq^TrdyX+ebyj8WQuk@vSwBGyS;PPU|E+-Cu5ff;|n2^m5rD5aK87&Y5nL58xZOS_t z9>%Y@pylifVv0r!6PJ!Q+K{lQj+l6@&^Z?ii)V<3-ZIQAGA}GZ!0X?G17csTm`JAW zaO{tN9RBMHQxf3p(Hb&bVcZ4H`JiA_j=@0+a z^e=z!3E#_1%Ipo}g5LKla6K75p82u=NWI5o#N7qyO1+r9&sb`Tcp5JKHg1mhsP*N7 zlYwoAO51LQ609*udRMi~e6?^avw7igV>N%ILY?0|qx3M@nf=}E5Z<&|o$?I9N`2?y z7OsN1l(g&g}bQq+1x%QFQ)&9IxXUjtK^ob#p#GG{-vw4ku?Fkg}l0{DzfcY$RL0Wt)QhEFjLSf;KVt0s*0!jC7L&mGNcC@np;{hWmNUf$Z8k@UrTyQT^y|5NN6(- z(jK#glp)5&cPZQa2&BbhWsBA3gzD?KywP2r)+kDQ=qXjb2)FnCD%rk$YoTq}H}0#V z5o$C-?If}y{D;cj%!3zpe!q@Djse6VcUIYkM8Vq|3t{J6P zvrfpEuYv(890|()7~h!xHM_0?#0!*qek%PHFlZh#ZieF@M08}^=Y~#|+wx7u;#yt> z3TST}?`R_z8O7&;3H7K^gT*|Lm($A}=C)vk?z&2%#BplwmwmU9T%vwv#q?dN+32en zsmWI7*Sp)6A%@>=5NV;3fDHSW005y$(E9&MXr6Lr<7m@!vj1U{VdCY9QoJC05&r&& z;gcuMG+xzc1d{^sPoE@aoz@RhFx-B!sbJD6M4qlsl0|&zWo&}1r+4D`60A)y(K!V5 z*ckZFb~N9@*FTJ#V6B4%dTZ_5Pk;BLL?wT7WO&$`VdHIjTBq8VAj15&7SMbI%J8zL z{9{0C@wdajKc+tbA#2M{N2dHWQV_DXQULRR_9+K}p)dFiXCaP+RJz2KIljs6&W@g8 z6GKmfx_ckhl8&4vt2}HG)x49jQuhNusGLI*#fvs)S{NEqOSnlJNw}!kK6m&mC=BNx z5A1yi)Qe!Z=8Y@=IQ*BMx{fh^e%zdIjW9;lM(#b9&@C3tM|TLpZ;ankY+>W<%l^)7 zn5aR|J&=pvfWB@vM4bJ0Nqk8(aYnhBHf8pO>J#f zHj^dsi#GTh_UjvEB-^7=l@fLud}NsDo#WnP87g!R{dCO@K>f%-Gc2*v-K9{u;n z8<>-C)34$CUd5Lo0c_1o(ctpFXb866M5PGf4F6B^!fnCR~Z|79yl{J_bZTT54c2{7v258y}svuB^Y zVS>Noot%iHZ#P6(3jK~MewJHQ>gau=*Y$pEY$7&0n<4>$mh!5xg$x19^Cleuzs5dFHmjY_RLDvDX+HIa)2d)3#~-W9P+@e3f2; zd{y*E8}mwLd9a<=znX{zV(7pG61I2#F>b4mNvB+*(_tXNh^0-*e+nr-pKn`n?A-TV z>1rDby@dyJ@(V+ltW#5kD6F(pWu_R&ip_;T>168X$mvIBW^Df#YkwKg0Hr%6l#Q?@MM@aq7Xx&#IckHkfpn*Ix6&blkOW@+YvK8LLmp>Prk?IBSZOm61F`0F@O(3G_8r`hAG=viSr(0KB6rmhGUvX;-Fc~z z3-#MNbqb$v=vXk1!%PjMyS>L34dEcqdyBytL+2w5>6k|*z1>wkn6u=`%jOrwIv4|5 zD(6pt1!Ll69xnPllmN}ygMl}w(3CylMd8BsUS~G=rc^njb0JIs0()|E7do$5`l~_q zJRD1VZuSUM8050s#aZfN@#ISuSA7x_QkCr49NNsa*WC=GqjE?=@`B50)9UaX+A=P) zwV^$4F~i-tr*?C~Wv7E}s{0+tCoG!A)VeuOu~>0rW9>PE$1pCV!Gckws}(7ssaTPP z9)F~(FyzicFVDAg-O>(i(O=|qBCt6`Od54(BU;OsDdQhS4_qeduiBF?AyWIj^Y{h@FS!tGIW z`+SC;Z|4LJUQ0M^woH3`wk229h_%AIFzX%vz`hS-Sli82>XRR?ukv#QOPRj$6x_r6 zYjkC^Ek|nVsrx0{zTtuUYU$JQ)d3LpMrPYlhcS-i+Pb~nHS@M;Y5X1TQ z#aBI{&C-|BBkF5%=8tDYvR^9(v64O6s62&os6EM6m>v^3d*<};?q?O%A3;}Y4Q7hO zcqSj=cyaJRY*mll*uBk#j9St2G5&ap(I%OT%eSv<`N97RvT$iDxQN|wmXM?RIRb44 z#(bGF6f)b@o7n)tmT_25&yBDnI6MOIoMX>=VC#Pse-eU?LLum=8&3lYs!1>iq zUF0n$@<;`{%(t404{C*lSH?d6nszrl13s;wI@)bZULbneCz9+GJ-SwONhEM{d0ljF zFKci~etJu^VD$C|8V}BR(LXxzf46Cm>VNOB)*>urT(P=W4JT0@uieADNTvG5*VpHB z#L(AQ&yldPBIe^CPh}Pq>UPB3Y3vg80-M~cU*g@0&LO1n_0{sF*6G<86K^<{!bWrR z#Iaz|L)Ev?Uf=)p^RmKg%8T6IQX|2l{dYKd|KSiB0zkJVO$)SJlEejQCXh-#RL+Qs zqwT)p1Lb^I{OLZ2DJ@a=KnW>2b4UBbx%Dz6fYjt%EYe`;(4j7)?zzwV-y{5^1E)4& zXO3F9^uh*Dq# z1-hiSUWt7n2&k><8h;$>r|iBqy0uX;TYBPSv>Du0Nfhp-e9t%kexdxexJI=gX^^&j zDzSn3{+9E-FRCVpW}8+1Zl+ybM$vuqb!7RDAlI$AUQcX6uozMVZe9x-e?BVZD)+?) zS(g6-C{(fmQ*UU@xc-k&YX>z1csalj#Bk*q z51oT$Ri7#HO+VkGajdQiJ<{FV0M31=hxn&=*TkQDq96nF6184#ftoEOA z&jb`NtQrUuJp4zz_za2{hsp%L#cwYcs9*oRTns8;xpahhoa-&kiIND#WJ;TLk_ZXJ zu26AmQr+flAttpWYGPwjdUm86B|Tc#?X41WPc7_Nf*PFkb~J(USVJW-Pt|>9s=|F@ zrKxm0?d+?%Vu$e!BI6DWI@-FJnYWlj`gjjU4Do_>SdZ<&z5m4#Af(_%LJ^~f2|)k- z!{PdX7q@f&4^S*r68u*z^j{qPCB^|3nYX7(>ujJNc(O}RG|)>bj-n*%!F_LS;X9^2 zTD;Dwf*ZTOx*6cxMdvE8_g$&q7%g5pWXH1KG%a50sV;=rxDTVu=Z}9`mz3zaIl`DCM^Hd*%w%aQ<8dkhEKaA_A^6dB+fj8El=wE4)SfE1u~w zR8m8`%zzedYfars=eoDx1lW)<5hINKWWnvkFyweoxtd1Zzr>OiBUW zBL{a3wueBwIPKRiE;0qW`kZVpwk9+d%y^P%--QlbR99E$eW=ZP=Dbgi@K%3LMJ67v zms5C^&J6$yx+Odo7MBQ_B&_LBjj1(BM5bAo8pe(Rfd``9vUp=KCQl3@3JO%uu($Jk zHlsAc!Vk~QfyVQ1(^PpHL?Scf+$)V-z40a*{`70Agl0XYkP|_SrL4c`vfj2EP7=#i z8t1V1zn*gO@KY8PTkw!s6`SnY|KOE)$u_PQ%L%z8&DV5 zA`=WG&6;yngIec%_e(mN<;+7tQvPOaR5U4GOnchM*UXWxUhvUF0DWnl$_cr=$cL71 zGB{)^u>8K!To-r?p}1>yD9Q`G$$V<5H}2Jv?v%F0v#vf*eG^r)Cn-U;*w6N2#)*K- z%_rK9-{8#%9`l66(R?M{%@bdJP$-CEQRKBtwZ@V%++T|0` zRuwAn{aHo8@SizcI~((`y=wW$%lQYJ`%^W9(L37x%IlsmBr=ri?eh?cK);b`7AR zjZQS+5QsfsyXU(at*-eZ$VR$nBX_im=ft_rik+{wDK-JnwwJ0-{IJMSAGqU*m3}R_ ze2Jb+Atu45Tw1M*EM8a$SMXsDn>F27Lv9C%WhpC@t7bR!e$7&}4C?Tq{}a0Qq$&sN zf+!PXsqi*qOnu0!EcsA>@BKD?tZFEqy>GjTCkKKfNHC@B2Fj!J_-@{wbJ)^RHfYDV z!Iv**bPTV4SXu_(HN04eSN^qS^rlc=$=eaEyq++lMJxPjx3jqj^ML)P#Xn&q3~91~ zAOe;2j-=fC5$GN&xf1nIpoNu+4 z7>wVC2gs}1E#X|ZKWoC4!N3SOX6)|!mC5~<)KPH(JEd^qrV=+ZFeoLrF9)!PF=cQ+ zXQpm2Es%<1Nq#d{Kbq&gP`Ek&zTmEoAh)`c@~+3g!hD%vld?$8yB zyL>ui5Si?JuvoXdGKoY$fQ_S(ngN8{ec`N}=c8TFu-Gzhb%pwp zi#z!x=Ivx}mEyp)dISU2in-uTl!bNp%o#84BN2=5~W7p6AEJH-4c3 zr9ECy+Osk?8XdhyfSDP@OfF)SANL-w;a?jzch&>~)^9Oc7xTM~FOuILrI~nAG*q2m zt6=;hr*)3nM>^mB5w2`lSOilUYP>v>U-g)v%LAMUa3lkqR>e;IRA`WiHh`*3iFdo^ zSa<7?mH1s3V@pe)>rl{jfb*sB-@!&EgnW`}rv=v`{=Rd*d-MR%aoFw^yn%{CG6g>t zf-O-A+#L(_4UtD8-al))!lUSKM^msE{uY<2en2C%X70NGo6WP2mE;*#W@bDn(p#G! zYURJ#$hNMF(Yb7miiKAz%6ngOFl};{Ff?u&M@a{ZBfKxn^dv6kOxuEbqhg1c*~@g4 z{Fo#N`weOEreobT?UrtKolow%zA{sgU&Kx&vq{W`_F5J$F{bUKg&ysyK3)jwA2 zM;!I)Avi3DjveNH4uy$>jmN*cbK5&$k=PNBo{7;z?mY5PpV3yvikF3jj-GzIWlawz zJ-xbi>b^$5F*uYsHDyN!he+Nh`~X;O1h9cXRFP+K8mI44omq7S2JfuJJ$SI;P971n zw09pb**87y)ZE+3mysb-rkVGrH4%qeHsvfd-v69>u!Yd-55>QOi;wC5C`*KDf%m+| zoSx^qz#X(h`s$$5CvTxl6Jz68$w(?`f2ZK|bT-Br;%;}}F~9%fma}@Ti{(LT=I3`V zIk8LP4ZP(G0DMrqHb3bA=54Z--TRwxho-JtTyh-f_gIveH}{R%;c~Op^!1-~2oJ;l zm_;Qo`lvmwbpl*_k*f=$>;wvpsgvk-&p@<#<=L+Hb#FU(D^fyYZ5?NBeJ^%%px;f7 zXw8(SfL3v`KleLOk`dzb*q=lT|*heMk2P^tb@-!5bhmYF~hb?%hTgUaJkdz>6A z(BMs3-)ikhmVzu!nu(t7$O^zi=uZ^WGmKLYF0;`u4<1Fe8Gi2^Jk~F7NwVwr(H7k1 zCB%SlxF*R`q3;B>G|-{5`An$v^x!e|5rb@sIqmB^dfQD6Qd9Iid^$4Sb*v5e{;qQ< z@=2^LX)RySO9WhgX)CNSo)~0Qky1PE!U z#!y&Af2-97#roj&AE&kHn5YmA_W3M11M1yac-AOv{qc~d!#1KT{U;MUV2-|r)sIl2 z&3urK!bl_lrY?mpABSZ*3kf+;gz-}BXe51mkgKB1Sw2=!Nx1j`AzF2_I(Rl_bmE%# z!YsXjg2M4+|9ddUT^(;kk@PE7EwKxA(GHo;;?$sztro`F8T)xIa2RwW$wUBvhOar> zb=q~muqlY7c-3a*#3OWVY*aTDG2%_^%SSzG>Mgq_RkLiq5|u%T%jOg)aaCeZHUusj zoG`w*y};iW>;KULC%pw&Wxcj4=0HCpX}cd0zVjgWb5E!rVHkeGWUDd& zDQc$jM2X12z0;YPe%Nn@59FoLlqaR?SrYQ|ol8?`8PQjqJ?kusO`aRK5V+D#`84*m z@v9!3jm3y2MIC2bhS=({WUT?B?~X37nqAQl`gNlVvVe}`fR=7a7e zPBeyI;2#eM5+eX#y}R^`7z3qwuS375d9RwF?DZQnKj{Qr6cf1Fw|i?SZM~%-?8F(( zv@_MuT=n(zM(cYia4A@ojaL`PhZ4G*;m7&}SVI}ST)8(i@Olhz8|w>xcqtK-gM;`v z@sp|HT+s)^kDZRY^*Y!Jmzz5}I*9`nefd1;<&()@+pW7vt}_ocLiW$@if>K?zOmnu z9vA20^w?~f?aOTBwQK$-bRwO{y6Zm-c~+$E`@;i%hNu@^uGTDnWVb)s-Pa*Xi0g?m^uN6 zz55Bds-2(7*~MiU%~M8T#q?EkVPLETvF@(E7xPWGDXYzfaq&kY0NmQsn*CEym6Y!y z8IiXzETUr{LF(g_^%l)ji@L}5PM{Jqv~Ujq!2s%2{JwAoR5M%O{MSzs`5#Oc zrn{AQt8E%HqM3V*B5Vh{svgQMD=<0#=QW;M_i*h~#D@D|%dlkCLkF9j%{oQ+acSq? z*whBItNQw>aNErJr1M@kL29nXAuQPGm&M;by`Ptam|qCJAd+2j%X_q-?{UT0t(<1@qibl z65?o~&`f^kub2j`wu;&9A@%!38>ucf7u~T6Xe*H$ zxh1IKU4JCqXr!aiBmludJ9%nEQxdQ>}-v+*<`pTLbwzj*WtLw39TKDFe+awj<;Mk3wc6_+8JnN0@ zP3!rtzOERMw>ALPe7&#Jog1a8HkFli1Ss?wsZsKuR^T%}>y*}QwfNp>O%*XXF**IB zt*uS@jExq;|?WIpC68n>Jwvbd>>PsbR_!>Z%@cTbKjD-TvLOxBPNb}TP$j!;Qym~JSfZ0e!$$Q(C3YR32PjFs^ zR?8-jYG!Uvneqp-`gY#Y1IXQTu<5iZtCrg}rcxYeubTj0+HJp$FGaUz-x4$4pW}-7 zj%ITr6CI7HVOx2QNZHuBFa1FYHIIF7>o)}v9hn=I?_9MIL&od?_-lr}MpjJqRw$a( zJE(CFL*F(#&*U`obtX-G(3c%ng?qtZ^W)Y z%>V%}YMIiCgaS>tvYo1-k*&zJqQNs%WqgVVn+JD0*R0vQEjHxuJTLJ2O z2ey`>&QFwGxTw{?UBREy2G?C1hTn+TsWU9@NMlbPg5}nh#9U_{&urcBYo2Rg%bWVV za%72H~90tehV3v28PbFs~g^X4jLCrTFfR$yXj!Owy*9?s^iR@#inz;flz?e9N-%ZrJ zV^L`q2{1YA zk8gN70h5zq8qf{%?aUS*$RE!nuXiNz+RU4aA^SdjjMaSN#0GQ}snDDii?J@s^sWFR zYxvmdQ=X&2jixTi;=FYEojF_lL(g3IQzPlUyDW_i0Z zmHfe+wNMu?Js}!S&STFd1pIj-nFw3C*|Bjhd(UnI*2x0CotAf5!pB$#QqG(l)0svf z?Did_5@mZ}AKTj=?qSIF;*wzFkrVfur0K>p6;3?UwH$;=Ii5D`sX1OGl67xp>! zE+tnvn<3g@h5VGII4h`Ge1DU26yar>H-@u~87-K=CVklwor0K@B-c++7NmTTnxY2!XQQ-KkERSQsXs%nY5 z`PpX@Tn56tBGU#c{U{5IEzL|T8Ez!>er@ea_!?l9jr2Cp;BK z!~xS5qX$6p*7@!9{+TC@PP%&dw=L!gbMbrVXRV5}J(%dET}sD51ACPdVgU~O6Vp-B z6oh)Vpzo?FKPnwcIzdr;Fj4;!Ojnym03o|TutsPs(tozF_iZ80_+GwT%WDpc5x~8> z3vTA)3!a>rsCATT(p+S25i>1ZgioI~8&pVWa(v=-)r-W|`;MtUk6$G#?o;tS8%1ov z?E}qw8>Z4ItEk-Ew&f(7$tTRAn3va%v%)#POjbGW`jkMie^ur!+t6;hsL*KBcQDhZ zbIIQ>>A~{&@n*XNk&ky}#pQJ`Wci<9hUX-|;;gZ?zCAgqzDTm_FWl2G)!|y0ool_g zv_$Sz+l<_zHJc8+YNJZn&+E}%T^(Ow+=oDPPH`L7wK+)aEVxIQlFu?3L*?$;ZNKGd zb(_TvT;RU7hMHTomuQ$sgJ9{MJFBKe7765yq#Em^V#nsJ>&DxIYcfgJq^=nvrsM&l zxv4KkQhIR{?0*|T`S|6T>x;TJ^~3E;05`L zmXd3{UV3yoZe~=PO7%?U$Lmd5q5gZf{L^t8BIHrf5y~04zb4t7mk!`%%4TP_NOB$x z;QS!Ck;Y^FbwOyU#n~5iAT||PoW4jQPly~{< zXK4bh?`@pDksf+j{bIp$L7GqJba!0ztfQOT*S61d;1cwQMW4l1Z=D~Vz&KbhS~-0bP_@Z`{*M5OR$MLr!z&BXKqR4F z>^vhVepLyOm?JCSnkmS6Xq2lysa2evSzkjl_j|=Xyylxok-B;yME4*~GXj&go4RvO z8=`23o}5dGp#QumVbDNQMZ9A>)us}}H*u~_$G7cNwLMQ!sB&=bZz1ikA8#F`v%DBU z*c~XrM`I7z=FTz$bx;%WfgXdc9+V<`jy@wCrR&g`br@s6*e+d*(Y2nj8Crt9LXb5J_u2CfByS_Gg{4Nw8Adzj3!m`=vh zOXKpb#R16QxFt*B{IrwP!l%KFg(ZN4Y-t(IYWIBv_yIORgJLa97&8JN+;{LmW!|;0 znlF{FY#f{*j;vfIe3EhSk1Qq>0<#ZioMQYl8Q30I<1OghJMJISvfge0oc%kAc@Xdv z9En#Q8hG!S`thv6pbpHtUg9|r5%4~FH7OeDHFRu!z@o7GJ){3ubNU`sYUtBv*qVF< z2JI^J16KGeRac;!I`r{)PXc4F(HZ;ylbH`9+y}FmJQL~Ltx1W-KF9k_iKoCcsXaK$ z2fT5X1XoSz%2R0hqU+HIzS_D(vP9Cx0-nWh38$?iG&*0zvw!TYz+F%wfr=%9VFH3i zy4F1WtB{~T7j+2ito9)H*?NWN-7OxOIYixNz`B=rcU2?h`>1U5sh6&QG#`fWi*?bH znL_{?8NmVxH4SxJm`e<>py6ZPXf03!5W6}5XJ6XZl{##PclX2YlgXvLF^&p^nSA`H z<2~YVG)Np8+#S&_b%)g@$|lerG1ZVo5-v-jC=0XwN5nczrgScsPcCHTlk!Iwh?&|b zpv3^rf63kd%GjKv9JB353?@!Vfe<<=H1$*h>-OicIWH~0iw4+e`GodPAXUhuj(^(X z+^PX257I$tPo zW<%l-hhhj{4gT`S#OE0+xmhii5aa^jT$Z4^dwGuU%ZUM%;G6@>b1=uBk3Az|%h7XI zN4V~=LkyQZWRGJkJP^Dru~($3yYg+xj+d~*k0w#Z^)E1JF-XW^2ELieTeKwo>W}mP zYa`uqp@&Q)Zr@7|>KtyMgM(w~v$6@hMKx13B@-k7bY?!#+^5B_er_-$*)f1PQ%Hon z@d^zvl06goj)$MQddPyKwz)G;LP7vpZVG1x-Hz{>tcaA=f*%5L5qJRH&lFX~QtsUO zlgUX^aW1NraAXy2>8an#d!Ju|&C0gZ=G^bU{MlM%hz2jFmD(N*oB)*vv4;@~p0bW!eDuI6aOT@-P86~p08`-OYXGbD4=LX)x zJx23|NkX8k?W$CtxM5JP@>rvID=}m%BO{}^6)=Tzar(O+)Bbth450JoWk>%Heo~+c zRMpbfdm)nv)qU{H%6}PhE}HxFz(u~hD~c0rS>~(^VH}F70p6wP4cu)od*A+VvK6>ITWnigLNzqv5?^f0YC4m8^!FUaPjY`2e50~vm;QmJE%u+ww z?`!$>>(_}k7P=yBaHPxv$0JlAT7I-=UOrj3?19l$|sr2x}?kNAs3i$3*NMI*rV3vxz zS0P8-)5Y^wOY$J~Ahc}2rBqKC0rKE<+!`qm?ETkImaAe}>#xjmS{DOi$2dTDfflLV z-Lmm|Sg^S19>%Ey?`x;ahhn^U-}6uXTQV)B z!veJ9W?u#Ce;&Irg|!GBN7%WPwO3BEcof_iKO`zkf+T1prJmiJU72Aw#@Yx%t+UHr z*ptI@eWgNz9+yp7tqOeV1&KL%9KItRJzo>&VIC<~R%n%=%f9_V91baaU+;^7q}xvQ zl}do-+~iOUB2s9W(j{QH-3ZDPXAT~6n80v3`8_d7PXUr=E?+!#%-fS57)+*kdcj-T zE@V9k;X6u&9wvz0EK9mBOtRB?e?^YPYW>~kTZwoNf|U(g1HfZGZ1jZ#_;g{3sGi$THd5K1CbDKo z<>yk{rl&z-{B7eHjV%ydO~vkhS8nB#W)P72O)UP@X2x%lZo3bkzCVm?@JWN==~$qb=3VgY#y6Yd-k1acI$Kk6){L!s*xkm@1tiSOOwJp(Xy8Hc zws>u1Io3aBG&(`7v?+oIkUFD4<=rQ@t&QdD%*+204NfAjlt%qQsHbMTNOS7P&89nZ$`;2!}kfL5GP z;s&Au)M2M-XxI`U;BYy$hs9v@Isqu}ZBbGMp6w#{ug9v6nr(f(di3k8+8x*~5QCB* z?>M?Gsin+43E8CKx$5cSF6{^A<20~{3rGI?<@bI<2ykx5dD>#) zW8h%Cy-#gz%+6F5u7yjFhF0A{mU>$H7p|ieWp8KpbE=ukl!G^kD*=PCi-n4n`?>aZ zJUk2hV1b3iV3)8iK_3bDQl(E_3#H-!*_hzHpT6J8(Xkp4d3Vh_7IRf}+#1Aq^GzTG zAzoI<&dp|cw4uOAN(K~Oss`0U0kp1<3nRCG6?h?n}vhkvv~1C;cDov*7_8&HLU1>^kU zt5%=*)|^i1t1;LfhP=8J-?N?6Ul}{Px>&$!5wARSsDZS#GQO@sak2PaVETao#KaKT z8k486Wv9}SwYV&g@R5W1=$fENO77b-OA-fr%--ars28<35JLdIb}swv(|-a>cK~KJ zAWI#;_?Pt0_x4{U9q4mnfJnY%R-S+HG1k$NM!GI`Uy8BZWCxtA>KRK zggaWSm}_JHfz!bc|y|=1_hW$*`gMcIa!fZIM*Dol(CHcMrQcm zR}ySM8mNJKX*c^nmXe`z2Q(xD8kp@KFiRUX$E2aP+|YO*sPq~*@9vXASC27VNiJ$@ ziy6^tw|ae&$yqd+ei`)Y;+P!7Aa-@hZvN5li1d4mGpnnQdqCZ+kia8rHrA~d2dMiE ziSqm#mzDe5VwQ)xL1a_rQ2giQTu%bKXaSb?Cz1WfGsJ;IAuXXE$h#jzU1gW4*||V}%_9Vwjhz2FgEzLB z5bby`?J+TkbyFTR39d;MH%sq`!XijAt}ueJS3F>_S_#LCxlLou=L02}sW7b&T-D)d zuvF}rgC${s%{BJ;4a1{yA23F~p(ZE#d&?OC#5B|)oEgQW4l^4fhaV0eCJ;2b4BQZ{ zt7~KJ>r1rPZ~phK75>b=y=%=}$X%DHYu;4uh484ES&uhCHgJgD=zOLN;I$^exC)$R z$;dDdXAf>O3za-AQ(-V^5JfRBdl!=7<~i-$$x~t4MtdkXVeVXBi~S_aFQY%;)P%b_&@RrMiDp?2i+RIw?tmV|gc?(a5!ix!4cnd3T4uL+!XJ)s*Ep%(v5>^JhA zs=)Vdi%YYF<1$?Y3E=~v z?JWcBN>N-;K$ZqXNdwHOI%a7WGyhS^0ny8EGR1QnSZ!R}XJQh^BsVrj>Ze!7VsgmZ z(_J1zVfr_`+V~&{H*eX{is_+Pk(1vEKkGq?3R}TKQ6x8n=Ne(uTz_FXNRdP?V+I7W z8Swt#)Xe4hUYyp<4!3Hp?M-hl+=et%^3t_~-?{<0G)>q%CD4M4FzM zqN{`(i~l7ZyMvk!_>q`_S3ly1--<%u$4scSM{c7DXNv@;vwD(E5}G!ltWxUV9PmeJ z8hD&*D0^N{yhcCJiJe_b$c%Fh=j;O)nkK|)QUo9m1 zy}Ui2GL!#8IxwU`_DYEH&==>(5L_qL!F@J4aW4SV!;=LDR=qC_gb4fULqCv zsGI|Jk8Z88ZY>Zj)cuVp2~d)R;)08z3jfI8m0mptFSapA=}1DLr_}`qL)R)ll*Aia z8aAl%sA70^D4?j1>0=zYHZV~GF9g6PPEtM7P6ABmDkI;K#wfVgD(~GTYi&^ww9LlD zAOe9XOZ9ki(wr4(8kC@*>hSR8KlN)E62T{bsr~Xha_JXH$sR%@Yr07oGJ#+UCFZBF zcgDq~%71hIYG*kJSb`s^(Vaa3hPpp5orX40p7*-eLjaqDxZI0jbq^hG46~R>`8om0 zF-VrwL~%xzSe!_vi}_7ZcGNTKHUhO_2h<&JPc>ga>5)JASFntw+jh8Iq9P*EyFX7+ z6yemXu_2CISN7PVw%Lv9&kHX|v1gm>n|Df)V@^({gru(OWNJC{m%-K~J$KNh+qP|1()yW@Y;Q=MEpVnr)fkvg=Lgu%AYSKN`Ar%Tdj&AExzD zds@3&uBCN>c$_?`8Z7B*0uPj9uFtpgI7RNjssw?w<(Y=baJI#KD26h*_f?wm*GVKQ z4MhwEURl*hpn^36BZadF->8)x&g{aDRP& zX6JKe!jSri&Gn<#mQrn_*Kzaa^F)0>cl8R*Pz*?khsJ)%H1+s3FK1?d_;j#P0x1YX z@;u2|-Iv;{*qkqmZSB(M+FO=f)DcA@xK_U%W73yk{(%`aX)BgbSLNXV<#y9%okq((TUYM_FC*g~~qE;r1pA7vsh3MMg zEt@FSD{mhc>#t6ybS(oO0q-65h*P{?i)aSy`R|xo|3~Y43b&;*?>Cb`)gomt! ztXDE!dxyTegZubQfkr>l`<%XL*nxw9KXL$+c0%_IbxZM9ifqlItI7|p#d&o21o}vC zKjDrr6NrH|8O~~v$6n!$yV^yvA6_%3Uy!b}-l;PcBo>i;!RmY~m$!&oHCWN58~Y@PA{#i`JO{G$!a-G~<1H=BX{*E)Yg-vE_an zwpe~BVuaT3jX{)Wx@z9U_31LwZd<($zF6PO5n5AFAHCsK(S>vx5X{NOB89H}^V%dxq*3cvG zM->0l=$(ML5ZijeKY#O^JAR`CUfgs2=pkw=kjshee5>5*ztZb?m8Azx?pBoLDLm(& zrhE`&e}O8Huy2!Iln?iF4r(ClRGtHKmP`hXmXeG+p<(-~9yMrHEBRyEY34H^9j4#D zLx~##CF%rJKmW%7l(?^g7bD+P8Gt%77>kt@x(xDO#<2`mbY~TSy$dZYzeE>EJaJv` zp@aA^(Cob>K3E^Utt=k>zN)EUB^Q-d;z5AK8@y5|gY%&Ai?p_QY8$upx>&M`s$5vpR$*lyAQx4(s$+9GI@fZilyBZQ- zY?3%JVYN8UJ(-~}PYi>JP%(S8wN~*Y6Pw2eHo(byHuu1C zdP3D_6EUv(i?7ghj-WF$F%b`Rfu~kBKpG#c@A3xlWK=YF^%S?ZweidMnlyKH-AEe} z_%i_x{7m;5;4thC+@AJ-gd!4K*9TjSPFhc-Ztyx=ShOrw`CYz>oR^LSK*RKm+10M* z=Hnb3PH}fy&*kKjHxCXkb9#AMFM}J#A5Z2E8smlaYXIH|K_unYPC6_TUuD!4kZS!6 z3#L}P$6vX2mc*02OwDLH-Td+~7_Bu@bW?lm2I7{#*kRGNeU?iD^$4-bZ<95rO~h7B zjIUuZ>04+Mv;NbCg?p~0Uy1Q=&&P=Qwa=i96XeL5ZeM7Z0cNZ=)d;n=Ce-aOlo^}h zm6+qVw7&YG)ijrl3cW^%A*Pd0JkD~-irv5aLy#W8PylUg@FC<(U16U%(HYaWB(84a z1%9!5D;;B&<({YQ`r>I$yQZHRlu8bSQ|^4eot2f!-f80=yryRV#mauX4e(1v z^cF`tYsv#s?*Qz^jt|XKo9z499td8D`Kq_Rwm0;`Q6*hHD*$~EEXuJDRicX0^|&dZ z1mCpRHYJ%ZG-`(Jub#Vw(I@wx^Z;6gUhmIu65b}92f#!RJKI;P@5;RuWxpO(?!TEN zr1)^mA)q%XcBW2o@%&dQvsCwyqO?=`IITVk148RmVCIG9Jzb8uybu%_+Z}W?v_(e$e}M6IEkdg zGq_oKGCT*F5`N%XDI9UPMAwa}Ks0M_L*0|zUbK`#8F8NJF`ci>VtiioK4XGmN1Nxq zbUGNqV;7CM64(GFJpl9hGoaDf3rBa7?q!{5FcrN=3Jd>M^To9gOwCPBhtv%7c60iV zVwm)*;^EjN^__^`On>(dApw6KgfKaL_3PR-`PeB%jgEf$PqVbu@IKqt9-453_l%vw z+RfV|0M2+{QR&b}EjbIC2K|?*@yQ313SPV&)x}IkY`kvn?fn{!kcMPP5D1F(H^GjY zUF$O~_}v`<-?qGJF2+6_x8DbdGfxslV)C?;#sikA<&OAv2H240r?+9YJMn@ImYYnP z%=MKWH8FSh(wQ)?n?`H{9YuXRk6-JHid~%mV@B2BSR`>Y`*>R$kb-Qe z%lkG}Y!P|*jmdVM{NV=f*|PrA{v06Pu(=q%*eP@nqQ*7W%d(7T(mrin-{*%JfJxQ+ zUa$htuU+z}=)6&1+5-J3xmbDkTR`N%L`y7Sq z!DiqXlmy2R#S?@ijhRy`__Mb(+XsRBtM^gJ8eMlog!FzP*B3;7ESE zr8gEc%RFa#-B}FCmOl0L0cR`oEp^Wv_LB40AeMLKyRB@wuLQ8)4JtkN8%*(TQ?UVy zN!{8=_c3w04P*>nFf8h1V@6*eV3Fy%GRGS3w@RcI>y$T$#I$~f?j^({emM#9YE z&S|kCO_zEZ-nC16RYQv8U&j(;H!D}-TQw@twx5DNPU{<4%`Z5Gh2ndIda`_4O|!4d z({7F7H$WG7^-RmuSI%#oxIzb^r>f20cxyXIby!&?92b8zB(dOfN5MxIs zz#*bIqKWDCQuI`!zJ`e&FIgbP+Ye|>Fl)MysIDIFixrx5bzlNOXVH z1Yl{sU9ftqmb<&A(txsONsI@8Me3c4%`xn1Yg4<7ms-qV?%&0~dZj|s<+Cuj{@5mp zz21shNjDyRD!u3>>9f0dxOJOoLN7qzYar}NeIr^E=m67eeJwZDqq_Mvuh}%Wdho_< zInXmUr@>pTm0*SG^{D?$YF-(A8d=q@Ox}|@;}NR zpn6};f9%`OPdi*vYbv#?AOJmOwR52KG`J|8>e|;;g+{TD@G;F9q{nafVCQ_vsEUE9aSAG}&k-=0)TxBcsrzMVjb7G#wofTaSG z|MnySN@cOB)YKx-Wrl#9;Csr2)Evl}5J0jU0A%NY)GmO#vSChUEKk6sg2Er=PFd|e z0noGHvn=1AkN{TI=a>V35h4qJ+@(Lmr!VYf2z=v$+2C|e`bM3avu0A^y>U&)@9_T9 z$qVpr-*U!{QmY!{ThkfZsvcEfYH>1MhkNC!Rt`)Ht*U*1J9%x|NGG5i*pn^-L-&R# zpMlAkfA@Z(JZPqm8S!ZOC8e6umlS}RL)*t#p6kT0`P;3Fz#eS$#??J0=8|}>B^8R` z;~T1FZi@$5FU9+RYxbz~>slN5{87KYt8UoFrS?C08TNY;(0+R9M*+ML}l9@YF% zjhBZn7)jxB&o4W^Bg6n{X@ql9AoHT|VNt>ptZ&@*CNzXLp=-`-Xa|e@#N$plq9C#O z);ztI`$R{{&&5ksU@_7maa+7(XjhO&XIg17ZX70c9(7U#xdD?Bp%NX>)J`h41=8wZ zp&T9Rtx8@5wQ0%4<~(C+t1BGt@HhTwlk1Dv6%X07VsJLV%VFTkc~fnptk_UxA$T`{ zCO#Hm&H(<=wjd=N*qKLqD_~7a0O0jTca6$X6pIsZk*}w~efFm_`EFgR<7|}7yoyxE z8b{c?>bUfktFvE*<1i!w7{Xein}ZR@vH$ZDtKU1aAbo3CYwkOPSjsT2omWd#$B(Rx zE%wG~WjQotOTY?1KIn3~Ea`jCurzaTsnuYNxA8mwRL~2xQ1qzxdA}>Iw)G0ucGehc zq3QWw!ly`6a6gp|*)q7g2Vj1zk|q9sH2$J<xz$u4y#Q_qHox1r7(hblntuYQ>7GDHfT{)!5QPc4I62#uDb0X^!XxOmeBk zIUF>fUptbk^6av&*fS0X1I0+&)KWHC7OR32Ftp6$AM=6wyF>l!Qm^iXo)g%YCO*O( zVgSCHp(RxVl{zKFTS$>6+W72u5z>Bw9A(yDOU9)143 zH%^d1{_M3*m`dwx3v)&pAkVQp3cV=anF3}0M6G(Cs$Ih&?|x03XX85~4bTFe&pfRD zuDxpXOAN>JxS-4Pl1uI3+f86?kWcywk0;iHg_3`8roy8@J@?D@LTUbgU8wo3EN{*^ zZDtd8MIIu9@)h2P&z0zi&uD25Qc=bB0LyYrT{PN7~k8vB8~g6Z(82wNCS%A ze$4(MY#%iYV;%hI!k_o^DgFE}n^KVkkYUsa5#??yraKGnU@cbSF@dhbyG7mSUPKGq zz8UZT+z2}dZj2dNtybgt_ub$u;OfC17Q(kH1rgw$;O@$zGaTTy!)r|7p2*bLgP;Do z$ME|Fiawy=hvy7<%JXY%fBaB{gsxQNHwoEK{RDib?@QV+=yfGkaLFMD&*y)B$dh_y3;JSJ1`583*~Ysi>C0Fdb^<20lHwX=-?x@9pSKL+#7V(a|^S6@`RQt!`Gj zk`xL>`-m(C^*3sl869D-ZGe zPh}WUbbJixa-M~}N|Ry~uH2tGH+S8>t{9d#GdtV={C3lB8l_kCAO*+K3sZy6=RbCa zObQr}e9Foh*?-O54!SR3JSdxoEZhV1)FRpe#(Jh#WsSWX-z7}ntTpf6DV#0us#Kc0 zpQ&e}{ZqJ6&Vo*Hw^x%>n!|Wl)Mo`2(Y$-Ewp7%bVbB6OUu9tU*Ow^qGM%P#9o5t= zR5|d;xP^z+CBoAMHk^N?p_jdvK=i~;Oc2=-v#UH z&%WPiJTeSE%jgC=6zk1)?g{j9OGum@ovVDL`i3~!3l$Ru{@6aG)n{fJapAKo6-Mh}ztf~u(4sR1&hb>;eM=0+rE6;xW^y77w zFS+h+CtS|9XCS4=zO}t9hlPyy#kVsJPnfs1`W}B=&Q^kRcM~mY9d&=cXHW1c8)ME# zk9O&p!$aJwoQ0c{5>;bSHa3e>w)q{N|8GC;{>0@g-!6)(-p}{b>dpT$u_STUbgxBv z`C@r+=~CPsY`!rjypp@9)mv%rKei3Dmw*&>Be*9a6e(f7Gm!Vft3m1>UdD_`kDxDJ zt?{91KEBTross7Bd-lB<38VjpA>$&D!dOVQ|1dI-S_!Y!(bdgB&nkZGFOz+yd{Ox%79sqW zU*HBzBPzaO^g<)JB((?y85%*;eFv!jVUY%QLazp1R(|@A7k5yLAi=&D@!g0(3^Uq_ zQo|TagH}Ad!{F7mUCNJqgQKqKsWvw>gs*QHYjX$Nmm#F`E}rM(E5Bhm>1y9veXYIM zc_VP=ZlBFVUHJ&s(V5!Rl$0AE-uGT}Cn|^*K!;x$c6RAYyfXd#w2YL0QtEAN$9@J@ zVCL8~z|8D=eNk2H(DQzgZttl#eCo0DvuM4jm(P_DYu{2{4cro|5BiUI`Bgzdf|R9G zN`i>-$>Znm=X*}7{eLKX%djZBwtrLbrDN!BP(o?xX6R;M z$e|mgo1s&>bATcC#k2Q&zy9}rzU<@R!^Iqv*IMgb=P%B4QAF{(K=?zp{hDvC(PrCK zT8S5E3yn%Q+}(NY_i#A-Sgx$>D|UU}Y-efvk(sK3f`XulB5jGLYwjp+tG*mS%aW9p z%_I!K&88N8c!=G6-$H;70YZ6t-B=}Zp=B@kn>wQ7;s)WBnK##$BOAkXigtF9zNu$y zQWg-T(MUVD>n8Eg+M!8 zPR$QN4~)G;BrwtvzybA6VvEh+d^y*{YdG~<#b_4^sTZ`J=f!Pp;bFClZiH`t#Z?Cj zqj#7tm%28`;06TR?)|*{7k}_|LMM+Nd^}ouqsx>UrrVweLR=peTALj%XFK@#BRUCQ zy^`!A=lBIfEGuk{m;ZoIZ`GHTMaHsfe}H;i@);GWOI!sq7rJ?q%scHRe>7lii1%-x z<0oF0gn_EA_s~?)YE=ltq&c%|d}xS;blVT;`#5bo3|ePN?lDcMq(yIBaay>@b)$Dx#<$FdW~@niD}2P>5Ho9`3{O_sx&}1l;^s#MbYZ|MlkQ-ran~UjMJ2@jh%g zHejDpXI=K&^1JZ7oPj*#wL=D2tRxvrTUkS%ONpvvTtr?xNwk;m)W}- z8W0Qy%fZ6A$)JO}#hRb15tGnX6X?CWjaZkxFd!Iq+8+*0jX(IuapRXMX@ZAnTL##B zG|MD4Gw3KtwC!TNBd>GC`qNkZhG?hV>EY}+9kIAF8#O4uH6Qd!x_Ov% zW95g=W!q= zcR60f2iMGdSvb+Pfd9Vz#&>hyxTfgSlmB-6)A;a#4WF<0t({p9riZc*lYT(Irn8*! z1j)3jQqRxgl=d%u4<;+6X07TRWHPeO*oi1fw&aGsZjGvmKp-f^&t`n9d%sOk^Oj1# z_4OsdVlN^kP%wt*cF^*Br!FuC#&c7TyChB6zAujsFbkzduvG#dcvHA)h5>s7tYE7& z6S}5PWaZqER3hG$*3kEvvM)b-qR-N+XJ`KeZLq;UHf6G))hrEF7VJ3Tx*+cBqZO1n;1Bwqsf z&HpA(rrmcTKX5#br!Ofu%9m|DBUoE?pD+pc!zCw%?!0d!d0k;r4&Ul@vYjo^#4TTF zqB~Bd(6w_q`7G`Ke)58#GhLavB<e9=FVnw5ZPvZw>drfQ3vA=QB7Bhtx_*RLNr- zJaXRmz#hS1F!y#kGD&s)y|D@WyYF{;cItqUI)^O3b0?y)cC5mfnDGirG%Ia;|3Z1V zIb^r)LQ=c^$4@h-1rm$l)MbN8XlB~9G5-kJ@4D z6+T(?jBed!>CKUzI+;CY8{G=2B>Fv2*+nJtlM;IH+B&e zghZT1Jo(eDGivvW1+QhziI$f3JC&!0E7*Jnu^=PkZ{mVdtL;s?8W z$IF1$h`VM^PB`7p)6x0%>q>=AQ%Uwp7KJKCd6N%u`D0TJRkeF3i}=Y8qdMn&=cSQx z_QM^pLKLfd$g}&7REwwMCRwo#x170JNs6rf7hIUze|ok)`fNX8slfVcBK$ie?tP^;DTJ6aKt@$Gs;PhU^f2}7!Xbf0#NM=47GH=?_vRBK`P;c% zmx_&c?3h2!?yv}$_FwihhtRXD6xw?`y$-gT32;Mgd`#hgJ89_~3~Vp+fVl_ejNp!w z2k*QE)%e`=u2zi1OaAS0YAfi>+#ITG`{~O&63EVPXvz|qh9P;NR8ZZ@Z#9MXrMVQ) z;cvCQcKgLejDcWeKQ1?J|A*z0xhCCyOZ_FFwn!wL7D7SfpoZ9FuIlMwOypRXO*}cV z|1;P+*uwnU^Uu;D5x(Ab?3M+2{_$^(JkLQvUJ`u&t)N^i#7y;m8cOXKKV*VDNcLxL zVW+l?3DhxQ?w=~FIdSW<-;OQc!9=8_5(Zsi>Bj>?y|XGVhNWpv%URtOLe2t}5K`$l zEf4C@m-cXJD`jQn6Qu6#$T4#(v7UupuAx(6Lrj>FiMC>XUQw3FZL-8*={?oXy}3F% zp^HD6SF=nX-M7muHCY?3&xjHQtTFs0#D>grQ(IxR)rn-EZymQMM%!~!X}dEmXQ~{A z!Rw=wOl;+W#kIAGHy6%uJFNL?XDY{?croXBTP9pek0Mt=^1s1jg&+{)s_MBUI{#~C zCoB#CQ7X-U{I<(6J-|Mi>dO6lrJ4*;9o4JEF-|UMIHB63>}-d$z0H(7X$aDv#_6Gu ze%zBMsNv~TzUXq6@B&_EciJ*X%v1ez+jW`1Qv%Z|vIj^YchRB&h8j|zXb-{n3_1tS zSLD9F=n}j{L%q$q!cv&^PuB5#9KKd}ub7VI;Y${g5ZFzojI?LfXMDf8LF*<8Uy}xf zgk&k6GwoqhjzeQvH9stPaKxyT49E>6fgPpQ!hDnzsHRl9U6(7x-_M-6xgrFnFG=+Yp z`A+;{lhOEaHEy9)4GEQb<#iv3+CNo_)H-UeC7CXA1xedGJMz@TlN~^(o1;>pmim@g z3{9%#Hg`!&W|>B5H4ro|ChEa(vewzl(%~gz>{l$V(0e zCJ14d?uSF>Me=TP@lgK2R@aoqt0T?3%qwWO5*d;iB}=Kt!NZ0Z$g6-EeZ0oDs6{ed zWjPbW%ONZrhBUdC!hdNfDYe}Sp)wyA5%K1^KH7eI8Rs8U#$%`cn(@i*M6sr#UDq>n zT`_Q_y!)!*e3ydQ3ug8}LUT7a)!MUZTcwJUpEqCSH%glNv$WRe-HQbF;VnChjO<+% z5EGh>il<_JY42{2R+%=dUzXEDL`jH=NtxhVJ~!7JlPh6sTrcy^3bJ3TE<-y}0|fJm zXx@i4D8r&hBuPMymyz?lW!o$_Oa+~7HQ?J<7!VW`q@Gm|ovsM{!&SAWpoUQ8n=vlZ z5j{LSbXZHsmCu!-U=ih}>aFkjaCRL|&(EL8+Ia3!dlb~$cY1XBkM;aVw^VJr-rnAP zDGifXx6KV>zNlFE?}oRqszDhq`Nsw`|Db_YoCGuI%&9kmHeOC^df;7)%FD|;v|OwY zaUnyvo@EcvHhJG_e#8s$_B%uFts}!IPg;+o#vq}bd4?_ft^VG_f7W$!%0?6tR&$BH>EksMiTqfYm<7NgcJ@Oj|2_8dVmXjmi&(_**<76bXT zzh*`6cyWb%2BrDT>XVx)lvzxM{cPvC}5VPIC78yKjr zRC#d8E{oq3_QE!jU{faPtXvVp>O%`kdt6>Yax%-w+RXlNhQGJs?TzR7Y4yT|54YvC;f^Fm zz4%;Rc3}gXzO{RHK-1J$E*$LzuXUjwt)>r;!J)hN@88dZAUSKVj-;Z`r3|Mp7?f9U+}qQMiR zmXqK3ZJW1yjVa%KeaAV{eh%z6u6q^a!;D%i=$tAVLjUMED*->FC^?ja16f$vv~reo z!Ifpj@`r0X7wT<*z2K~D0dh#?wEf;T8FVguv(yFMXg~=op~eI0o@Ju<8lt|dhlJn% zi+>n;2c&N^?~oMg|CL2Ne}2b6n!=wK$P$|N0JH-y@g7Ug_%`?O#H`?|g)#0-IB06K zN&+bpJ;4{)`q7f&Vet%lK4GIKNUDcEs-ugn+kUN(b0u*0!KjS|RI#47x>JHbfR(DY?H3=sm3PL#iQ@0fKi}hR6 z$h;CW7Q%88Lsbj`3W_et2sb2Eu%(Kz-R@*G>>AKm-QsuH_*xq?XGw@?$X9z}W7PN$ ziT1;TABtj}bYWS;!zMa>7s^}L9x<`Tm`}5YSrOuf&4{xTzzGJ8F#jYWN>}Ua+$d_jD_|1m-Dh z8P1N%2>FZoku76Hq$A2=-WmAtj1O<^GfgmzohQt*x%YpS$w2 z=+uV<1xxYn3sQE4Q^dB>v$KDz!J;Rf9+f2na6g`+J#c$zTw$0_KZ&t*Hwk|U^K*`8fB8P5$BfdYDPdMk+ zi|cT8*p+|fv@_c+GrYht`m}NnR7BEQwh$%o_Rz*_E0zEDs(f?fn?!y-k7bX_RY!|z z&}_JBXx;Y#{%r@xy&l~%iS`z^<*fC*WUS*9e%evX>iOS?xbN_ypio(;$B{n)tmj%N z46Als?U6%2E*`~i&uYU>yV~tNG?A2Tqu0(bHnHwfrOmMJ$!{9jJfXP~T`ISY7Icx0 zV#vzwY(nnYWeBjb2I(fT)-MXuw#Pcz;dx$O#GPC_i!kChv^&kan!Nn+4^+ycSG6c> zW*?#2Q1#o(&7-yLYIbvGfmcuFIriV_AM2eQVr01S-=qoPd7*b2O6O|mlm_d!9H41p zjP55Uq(xdv-5EXmFWVUX8St=A<7V_MwN4;=$Z7wkmew-2p>?J*gj?QBy++!+_?*c{ zF>;29XO=qxpZgR6e9R(nmi(eyKqgx_2$sK$d9fq`g*R8l>Q4zB7jeia%2b0AX-Op3 z$`R69>`nULvK}F$qc*@hZ+ci$bMzUSV{Ef9A7Tw3GEX#|CE7|3(Pv2F#||WO{kThn zXh$q4rV{^bFIXdPG-yA@c*Wk=;)??T2U<^Gzzw?O1}W#J^54Z5FcyB&;_MiAnydYC zGdC3!#$O;Z=ZUh6?$Os$jF@a!KWz&aR+dQzQ3~$Ym#hDBDTB<=mrI70U4yU*A4M>jlqwgT<85%hyHPcd@_N|02@KjA7YGL z#L57)NiNVsB2+LC*eUc(}6l)aEI!GitWDvYb6f1N;BN}0A>XXX=9mYQl0A+d9alcNG4>HzAIMeJarKpyl8T{s{quXtVUw1$>`^_-`hISEeK5&&rdX`| zB!lX#uLSg6kX6lv+v-G^_5)z|W^(qD>dqLq<{QWsurZXn`Cxh&N6`#a$CTa6jW=T@y4G%s-`wf*MX@W_ zjjTUi;gH^dOB&B&`D3pIFQ#%0UnQM);Gg-E>KYC2F)BlU{Yuj(ZK-AgpDiuZO1TP& z=%W@axWfC;e+a{mG%C39D({fkS*O6xiz`xEI_Inz>!!f{{kHqs_M*YQAzYA6Z}U6Cjy-c&L%` zkHw>4V=4tpJA3CLGV+-#EF8;O+v10CUiIFRm#A6v>n@e{5|+8mn(nAEY%J!)#pi$J zi)mPQR2UWux59q~?g!Gq;<{X`r8Zxn86v_$fckzRRE!Pb?waYiO5P;I02MF4kg843 zs^a&y*kYQq3kQv&O0yI=!n2JiNi>d$0|Q-X?G)|@+l=N}DrJFjp8;v9AQ(V~vJof! zwtrAji1EBCGEknrprNx4^z+j-M=nrV=u?1EzHky&$#H|`ukRb0v zHUO*4Eo)XLSMBH+Eu&vop_Iaezl(hYv2NNG-1Mwqoe`2-98sP*>id>y@ zBy!n@5jX}tIysxMQh~*zr(UZ0Wi6D67XI{{DdoLbBP&t-uG`D*m*0naDloe@+335n zE4!j@XlD0?>xoU~3_R_)-aa~Bo!mkiO#T`C=@J;oNJNg)ZekAb?`w0$U{bd1$KkRW z8O!>#4%{`tiCe3=hyX7U$5$*ybR+XS^KKJUxr+SZt1|gtTh_ji$jYQ%MG`!BmXX%O zI34EF#cqL&=N)7)hpjmETX2ih2kbTEa zRWGD|j8TpmV`*TT^IYE@1BgTWa!C@S!T*O6KEivH*5VtMEk(muvmAz`iZr*{G7%8f`|lf!F9cO?V1L{<$VK6Y~O=(?d&9{PWZ!`ZW#IZ5C+9( z1v}KXex8X2gzWi3T^jgpL3tOzTG6AMwxfOIb&=hzvJxK&G}|}eS#@Q$yNTTQHRq3| zFb3l6E81T?m2i~eT5LlMv?(b_Ex9oQTunAbts%D7vZL?ubRWJAqsTo=HoEQixUD}Q zfmDRpZ$wTcpiTiimcYkUb|Wiz!P)&P_yE26nJ`+kxM-EFX&?=$W=h_S_WFfb5k5=n zhxo5f0{w`uQ6dFM+#1z@QURbvuy8?YQimnFgH+cb;z~hsH(3(T&H_~6sB$OTbU|Gt z19L}R*@TWy2z!hs)v3n5{iR=X>fSNF3zcBwzqiAGuls=>8i;;F>Im^Dy1Ru0DCZR( zrw@Aux+{CxvJKo{O_q>(gYA2X64v%6rKMD1)l4!ZU*|>?h^TCfMFDp8fEmbGg?dMk z;)EX-0cfyMv#zV6>n`#W%l8(&p#7}rq1W{#?#Y?JK2zM_@86$RLGIU%stmSi@;*%W z8@5Xf$!PxnhB*>GF6B3rqyf6!F%)3jWFJ z4dn~&C@6uy7!03NmKgC}*;lsgFgsq?HKzY&<>yb&%Q>d;mDwQZo;>*%e~EdR2Z8DU z`qsHxU69GrFX0gtifU5UGX5Ll5_mJ*g`^|={-o;nfzS5quSv>30h5b@_kjM6fTRyg z`4I{xmk_x+P+TQSoMlLW)fpGrb#qmsQ41X>8-BUbid#d}zMJwSi2(ur@de|u_$@uj zM|6H2F+dZ@ExGV0?Y^~OwkAEg5vphxh2&3EZU^4x9tNn$NP^W?G|(iygL;y_nRpG@ zX{7N)jxafd-e03p%Am=ttY@9+V>OS0L@rKn?ua4U7jd4pEWu#u?DYFuw$sGJXX86w zkXeJ)g9Y!np=&(BFJ4#F3{#_cLM~7{p;%XN8dK}ZOAccO)cE#!>hpDj72Xj*?hC@I z!ZBS|jAHQ9)&jP)$h`&>YraAUF$T=xc}_O-kZ?1V`4c=mMb<_~8onEWsQs1Px6(Nl zPD4OaY2gV_al@|bshOQ+MNtN}U7nXyq^1-Lb#v|xnSndMW*R-e!xP49W^o4Ly}Oc5 z1tjnrzb?uQnVnQ7&=pngwb*_m8lz4Wd-xZ1*DztY$g+cXk4_{W1_1a3dgR@P(hQWT zT!s7ATvJ`wur%7j>fQ}15>hD+jHtA{kP)+CgR|&XeIHTdWU;D^eKs1f#{2iqV7i70 zm~U(!mtI2$+nzd{{>Pp}8eDfeKe%}CG*NAJ4pYGT3GZIX%Y7ROHuB9i?g_HNQ0mRC z&|M){tK=CMtN7kk$9E^Fjr_MNtB;lk8en7#ncb!jM?02x-K1S8i=DVgwcW!Xt}lP> zoD5m-T$(NB30ohi0UF`YETl|o?-mADes0*?v>W}ie6*cmC8#YpU&PZsk%8>~J=NT) zHkY?vt2SF~-Dk)NfKY6%6<02Vp zik)}vyz^{c5PA0{tk;amXU4T0c0*Tq)@sSYt>Z<(z3y@xsj8%4o@)5K zi`7#ZRcnj=Zu^zlPWv`3){?07CJ9+Ccms&-)meR=iZ47~g<`+qavyJxqkz;Vb|obP>7wC&j;jiZOSTV~{t-3bADFm4atXz4IaQxJxVXAH9sr z>dMreWY^w)WOZdk`nQ!um1kMVW&FLC9rI20YNQ)o5bnFw&QW|f5jYDCs-t%xsr zk~#ubf2F`5tnIZMNJA@c3r;y|={i}bI;Kxak+W{Rc*uVi|4kvA1r$IOvA9gzySWlB zqG;f_JMG_vNDUJ>dojMC;G?OnC`yMb^5OBV#R{Lxr>ygG0tQAC-7sy;+?>c3{Wj96 zDd+1;W^*9v7klL1g0(KUKBhz~$60BAV$W0;aC358VooVx`KPvM-?odQjXX@HzpR{x zscX9F_D1!wc}dNsB>!r(ywi{8hg2nJxu@AHf@P7OONbzJTuog2AgJxxzZ5sWNZW}`%1cN## z1y0bP)kF^4M=N}>n!Ct_P$K{@Hn zv#zFHwH^<~L#?%l7kgZO^e&;d54d_WYuzO7Ynd?&jCbL^6pPbx5Dug%U2Pzxb@j=nuv$kc6Q1QRdTQa8cSLQ6AEs-$ zRQU|pw97(j9X7uZs`)Tk4TS1)ZabOc@rU(JF1YL=a@Qda_GH_k>zzLxPCL(11$hQ6 z1$p{bkN96+x}PW!LO9%GE8Y65mNqO&xCz}3zZceQOuMry?GF7Xc3}Mfj2->!z~OBv zBnZsEh@`)Ptc}=X7jYkVF~#OTuNMh1U$Hiydbm|qqRnEkr#xT4n1H>PK`d~=E3FOP9Ie*gY8E}4@cj*azFNqsn+ zU@>Uph{!1&P@&KiVYHU*p3bc+QDgfp!7DmiBsj`(GrWs?)0M%(w^xu$uPsiJZ`Ij2119+Ah~8p9XzYVtO06mn zEC5zAMJLszT%K-Ag$td%?x3=JZk2bh8aueYOT>n40Xsi-G$9;Zak*2@ra-dKVaq~t zn9n;PDHwcn`J*%3Td6YiE8Ol?ok(?9>D52qU0*o9);|R>u){B?K297EE}WmcU48B)J$|lZRz(0K5ChO$vvsOBMnxrz~s!3 z0{at3Zpy8{tz{l}j;zK8ub-5E!NmWuo4rrNy7Nk6F~3u=Aizuvx>sFL5b&gO&(rwtbp^@`{FCj zmxZ=~X>15+^|Q!*PlIC%biaau**HnWn;MYcR(|#F=(VIYD0L*9*^=}Jt;{aAbd`PD zHzuigtMS-IRBglUY>Jt=;qw@_qqg^)vP0`*QFZdVNNs&x#S9Gts<|58wXlZe zceIgQl`PD&h2(0t$pX-(Juiwb9jk&e^k~98)%G$_b3>)h{aN1HowDG~44grZL7I;} z(n;J*_@}L4Z$(-hCzjwx9{vf4{by9dA(tnc9aQ>!S7^odHn#F#PBi-uOu(3kb*S?* zZMSa!f`mUp7d3I}h?(MmN^*Anj378B(nftz^0rNk4 zKxm!$$I_>PLXHV~z*Um%UPicmjhf38D;dcLHV&Nzw~;oyIoa;+&ra)3Z<>n>3P4jh zvSq)@slm(MClQB1!6(*FF<=e6M)P-i)P4hsI&g@alT&Ff3U$5D>ZO7!r!DrC^`p71 zFp2GDiid2X-|AUsGz5Y)9(jN#Ea|Ss%o;)`f_?)AgXPuLUtV(?kTjf(K+Lc1Shvg8~ItyR}qme9P(YFY+#9zRs5O_PR?K~^#dw$xj z-rYC*9wl;6`bxFEWl-9yhuP0*0?+YZ6a`%LN8JG_d+i9~|7w)w00H%w92#G;MzS7r zVqxrIIGxVKH-xIdrheal0MQG36zJwGo9)Hi98=N`_*3ynpk|sr!q5 zdI7@ihIg0laP2M=1UBI zH7a{8Lm>av-24e3-^a8^*iV%a%TUE3L`S+@PZmKH51XGo2JrM+pJ+s&ey9LTGPZrwoxd`;y4Gy~ zv}iWe`$l>$csbs4Ya>cIC9^4(P4{#4+>Q62LDV5TbD1YVH51|E!;&*P98rgKZx6km zrrkWa9BJFpAanlRJvr|paD23J%|KOdR7@K_|VB`OgKF+*@&Re zWs%zM#0%BAlVqJ9(&Wk3HK(kOB2Re>M5H~I<<0w_b>3MN|NUdRn`A8Za}iwsZIb!m z0h}4~2MJF4CFi#spfk%{ge;Sab=vn?em^wEm)aA3e%_BO){xb- zJ1$~6XJ%keeR%RY*J(IRd&Gi&={`_EpbZ4S>5dV7*1bu1)SO~dju~_E?rb)PwliRR zJZw*Yc3e_iY=jTAw7uM1pR9Z*_gHHcvSnakP=txVKHJZg&y>mNqVybE`ayeUPlkUi zlYGwX{hBsjJe(3-z2HRX@8_q+w|EIR*lxzSp0Ye9p)GPGn!P+#KUvesS6M}ceLs7-E20|G^BdYYNNyc73pNk6=jZhBWSd$Y0&78oB zyXv0mvO40x+U+2{EBaT3EHt&}GrutFKyp*tg8_N5nTUwue(A8Rd#c}mFEtz!l#EBx zN=;4GHV~BcG%y(LH+ph9ZaG}~%!T-#rwReq45xk1=Jd3>tgL9S>r-c^98bkLwmX~X zavl?^?x!c1*$X*`V$iFf6-CY4=h~U6L`_{lj@MYs=ZqFA*C(xv4|jh@v?=#yWawWW zc0r@#HEUL$38lV0X#9oOIK^Zqa?8EqT*>Bpp+niZ3*;c-L8ChES`Yp*RGHq~xjJtk zAy5CSy6=$;Ok3ebpGONOkI2n1tZYBOWHCA1U1OOkj_+0#&V5^*d*fNF;GmSHOd+#F z_`7$Z4K$1U2EzCeR}o(i9DYLNM6mbe+c!tuV2gq_S-{bUyz{BPDp{MDX3j$&5C&Pz z#CC-L2Neo@v8Td0XuS1$RX6LE;pa;u{xrAl9J0~DH8O(XEQ0d^8;?>9FRTf zqTq#5Pk(=Q=4Ag-+na7Bj+;!wlq5aypKax zaoJEYDd38TXQ_JLEgVR-b!kV4kkjSOZbl>j(+glgaBffT2#sF2jUDmpf@Tnq+;;}d zQOL3(^q(k+yfb%HSsq|+YGq1Jk^hg3QFkg%J5s^(Rau$1-=u48J=NX6$tW!(OvvfA zbm9rGf7wq3Ndp`kqk)d#xDlaSvJ$_Q2KQ5?k0TWo0}88lhrq;~(A9#JmvKitnwqH! z&Dh%+V7{*=VKh^v<+jp~nk06o?kFw2IqGGVM}<_dndF++umS7Eadj*ybv_1sw!%Q0 z9W}R9R&Kv>0k{u8TGq(ksfx7``?gW^Drduhp+xE9;hihjC{8f+a)tsw~pWA&$0`>eaiFkbMo6bA=M&zA1SkUQmheKUwci|Tj}EF!6F zcb+|Jw$B#QK|K5`kbb)hqdopWuq#&t3+2{TG0OZkr3p2hY4%v2%%sDR%WK^9w9ryQ4e*(xcY8j4`BRRJkh&KPyXO_ z{B+ObO$z!otOod=Os7wDHyaqJB6(>5PfZy%>Gdg|bo>F)_}B!!vySaYX_>11ygGZ6 zRE-}{ugjQ>jEu2YTF$$?#}(ojduc0S=|8Ay2Vrs=vpNeNXd#XEXH^Yqyyyc_)Ny^) zQ=@~vQ?iXI6J100ZShwCt($liSt)9!w;8h6lOo67fg<=fA} z4q}A8QUK zlQa7C9cdn&uCQUc#F^OGGSNM2jw$I2T-u%(EokC7y}$psEf>!p->a*+lWscQAv_To zRn|%x8U6@Lj{|RGCxWC|=Wvk=&fT>tP!%cN>hYk+%xouT>gRaj&CPW)z*skyy1$-e zRUfNew=K4m<8=P`f2aTJp)w$V&Xi4%O@04MEBMz%dH(v&hGH}PyiAsWR{^l05LzzO zB&ir0%D1F8sO(Iat?b@&Y9z*<4R}Of^bn#)2XNw_#rl~zxD{Rsl&HsMwezk`hfag5 z;q@T~K)5Eo3)lCHj3<>I>#3Ryky+PEK_-f_0c#C?Tu&jawsnWzTvD^$j>EVQ5Q99S zjOV8a@7qR)_1$VYegShy_9r%AF*?>y#u|tlG6&e3n)V zjiTeaJ)PcNkZqf-^-U4Yu_m(e-jdVua@GVF zbYHOHyL*Y8N?dMa4o2J9o@~hXP)sT<{DPJl15oNi6x2Ns+<^VbuLoILSo{;jf;9pP z(keHmXgED1B9VZpD89r(*x7Q_9ZM#GgKu*FArXfPZoR2JjU}@X8!<9kHOFf_A1R#e z4M&No)}moEd9qL)bBhZpa=Y7eUvRGMc%TY)DcR8j)PiVWJzGeJA~3z}DeFpvJ6e_T zor5@bu2I*}puxx=JK?RZA9cdbcCN1Yz@_#lFLR*t|YnfJgl zI$xQ|`_(^bC3ZzI$QOzcd>rSF>xW%*5swP9W%ddoFiI0g>!9Pk9X{`}ZT5Yh0rfpw zd~K-P7DG<@*r0aZ(I$}5)8d<;(b#e#VYlhn`-3V?V5H&im4UBbDq2a-7GQ^-g6#nX)E24)w2|YB?Of>a#yJE#gTfOFV8$bv?W-;jDRqO1t}Np~o-P5e~5K{y8$~r1`+t1T zZNwex$!!l=D>vKk!Rnv<51*OuaLT=H$Z=2iAT!{xO=!&vK*!kBcdXV)Dx{{&&6Q>$ zl@{Flld-b4Rl700y=I>n3{z<9zN7bf>tT%;HDkIykl$d^;GD*yieweo+$Z&^nyW{) z&B`Nq>-YyaTP&TyxR{rN^AJ6_ZuUcL7Inig+ocRabu;X|N5qu{Zlm#*w-$1>S_J(bVT%o$IxVxZPcq{ki@ zk$pIukw5bT_>jASD1k)<10@>cW5J@EV^m%l42r@^?gIS$K{Awl-&1G?m1Ph|vSBqf z0vp@bjk$p6onuFW6;$`9gA`h#1(Bv=211? z)XMEcN+F*;JyKmMY-RlPAp5mksAtFbIdc*Y@lmtflninYFfaY!)`;<1(bNebIWw|< zr4RRhC!jyy^DGUY`NLh99W?vlo)@> zC>aeVo!~1}QBfJ%@3T4j6ZboO>W$+@v*S9WdsGLl>GK``O| z*ILnz_z%N^9UDSe?)QePi7|r26PiTzGwjHORzehs*#M90^uzQBr{wsK&!~37ABP&cVkv5~Ovk&%dgVW>ybUo<<{Qw_ysDju-3cC&Ivyu50agC=zP`2M#CE3!fIJR~=FjOrkI>5L7uW3Nh)TiTbeR|yDZ^@kn$om;^KF~;T_s+Mr#9F1(?H>}B-7pGr|I0!$uqR)0?M)$0DBAGIb@Y#BG2wP4S0gu9-K`;jK zN+pD2Gca&)$O$k39c+KrK(h7}yG@o-GjezDmk%~(WlO2%O%kYUd6NY<7&WPrswc{eg;nMECIJJ!dZq5edr^v=BK z?sh8+Sa8RjTlktja2(>^s+OhQaG%N3!EF2fNf;~`)*x-gidAT~qYp$x$J1#o&O_e* z&Pk+;)kab9_?(+1EWjl>mAevn91#^9mQ=W%0VzouG-Ium#HBN^=(JxssJ-m$1ENyh z>FMtd4IhY~zy1H#lKpQ9(Oo$;jZB&zP(n?~eg7T?lt#`Q1GcU(({y_e$GUphoMcg> zwj$_(`nn9oMqcCQL;1w@H7f?1?pjvu%G4vLUAQD)fiz@mhAC8mzg2tk$y1s4X{nft zz|j|S{q+ey8ANWEAtaLn3SniDR-a5Cb#!&)_c`y)g2%^|w|M=)l^~V6rOQGFYHA(r zs3yRx`+>QKkf%3tgn*HWMX|N^lM|Wl~kd~9w%)f`TgZzq_VxJ+3 zudef1g6Ty+e*a8v0nVcPsEwb{vp?0aafylS_3`5)1_S*mXx5Nj@!H{^c~Q zJNsdV1KW0UwiUE!PI4YZFF)(ptL`^l33-5p5cC3r{Y5cg?Fk(jga5(0XzP3eLPpd@Q6E7suXZM#TEfu;6zhb~JVhT-xP=iJ{--ofsh$AeAn%cK0?iV-a1sbaXJT>*%ox zenA>(TN&6^gqScd+wiYmhnt@5)C2|R3sX~n>(p^gAb|F8)!m;poH@(_d@nF1yZmLx zTR@TCTm@{l?)7`-DUY=G2=OzlW@_ii!)JBd)INEUl}J1d)@G677P#MZHa$}h3ua*} z)B^XhphBX7^5_u&2{eoFdB+~zywH2s;6bRU01 z!lR9+_u=?4vs%M(SW?WrNr$5PRj=2H zK-cNa*llx_$Mhm7W=p54s9F$K$L2mHbn9GKTf)5kr7N3x3kn>+yS!yN&6dNzBI_zd z&~ko?)HdSbHgHe=+n>&9eW!%%pMstKr6T{n==TB8bpKcUi0`t`c?s^%UVZW;PR2Gceiz;}&&<{r1m;SS+lm?>^Xf zI055l|JO&Zp)n;sw_An#Tgmhkf8Jzh*oHMkfAk{>R;^I|z<;{w31QNVX4o!Lz zMtHLxef*K~kDpaN;M4j;%wBxwMDL(=I#^tZ-Z&6&$_2_$N5}fMOyVjAn4dHT1dxk- zdTd|Jcp=tFlzs@*U`REU{#H!p-zCOhefISZp&$Zko%fBoViB>dI`v9{FTrD`B|je> zoqy$v_>|(B-KkNY0=-I$Flz5KLN1@5tkMKAijP4)=EWyWA00fWpe$T5SKEJB)6x z#5ca=kt*TThY1~gc*Re(+%FeDNto3Ptw76*clMH1P$9 z<3?s(aW;UYp^SiBvnohWzJZq;>O4Os`H!`_i7WGVrTRqhT=x2)uBp0_Fv+^6?K$zG zx@^OnGW-|_BMKP%0`B0WdLQjZHpC+NYK}z-F6?jnS_LyO^QwwY#jF0F zaQ|Kl1Lf>mR9c*VJ5iXgGyzT`nQNP8G|_QNNn6pt`0aqRr<=o)NXocsT@sVc(AWDN zv_=&mgG@Uz5_mxV&!HNiU?@5<*|gRV3cTeh&~3&_=tJc%W91z?CK)(~$$-2SjF|a5 z5!_hK^o8SIa!NSyZZWy-{BwsGMu~y(DEmID}ZSE z!X=|_R&)7F8Z($iz)>;>zmJ}a%b$exDma!|Tjuj;ick9c(X;Znbc47rUqUv!%tRFL z3H+k;Jdu}FGP7nit20-A7@U#IAhD!J9``dMG&?U3m}FN;Yw*`)@ijl&Y?z!fiQxr( zY`}SUE|h#Ihlol>`bklHHOx!Y!mZrPx|^Uy#aYPcNbS(eWOoUY0HDZ7pO%O?cjb=% zpKoxV#?20ZW^)^v9PFMDh!!wCt` z?PJ=8+YF1C;{kMlD&OTL_Bm6!$@&=4fH&sp#<29RrMrDM*Gm(i8p9k4)2<7n$O#_z zxJI9*18(^|w8GhsS)2t=6b-;S4FRN*-nT2$Mv>j}2v0aQgoY*lmbBOesWpWzQ)w;3 z6&OF;m`{;;B^<&JH?0*0?ItE_G?Lm8wN)~QlmJc_)W^APaFAWb-n@`@&1-?4(IYpr z&kWZctgWC_7G~x*Q#i{bOt672TdPd*R3&S8Q7KSZMGJDNSx~kROxXE0ke{+u`7jo~ z^x`j_JM97x{HiZX*xzCPMZ5o-gdErctK{l4xmX}!SPwNL z^Z7AnsV>0GDDiWx&b#gmV0e5`KZ> zg0YBDNx`FUq=6;E-#_%S-*twlWY*wZ-Pm6UvVU6Sto2r$02`vs@C)2Mvhb3o_oBg; zxh8%>+U3zoXVB*fuvqxJCURu4bQ`iJ%$lV{b~jyUqhz9n8ZD0aWKrxA`rt}?feBZg zN$=}4&ATQl>&W*coevKvZH-C_Y~Og@(0tk5bxi1LuNO9u(p;jp{j6&nhx^C<)8s^M zQ^b!Dx@}hWpzulrPOl5@OR3KJLH6+@7XmW8jLyhZRAK`x^3~pftzhWDW2N$$>Dp7i3cFo#r}IK?9;@B~%jNG$k+bt2xOXKhZop7(y-WvRKjI}^ zoUq2Mxc~nh@ozLhlj2#LHj4j?xA%Z*YTMd|1wlmx1q1{H8%3!K0@AV4i$Dk^6zS4i z=*^1sCcP<0OCT5^fzSm*?=3)R(jf#yga`&}f8Q7k#@^Y$B!6`(^m<&!DsI2}&n=TQ!Qcx*2Wmx~|cxrVC}2@mtG%FDLW|-tcE(D35bq)oNX< z=+JX~+r^A%nz0;4xr@*)rFEM+ukDnKZ0mnHe}XFYJP-~{8+rEKJ& z{Y*{(eP%zh{8zK#&v@dk0J8nCFLw7u*K-968kc!{R|%)?Twwc*Hn4q$)x?r;f^9@N zqhC9|6X!B*K=~Cq1$g-bD%QfLSq^-zH~R+bHKn+DJ|zo%<^@udz$tc>YzhSk37}hq z$dk1Hopb_vY)`TF@%jB9Pl7@ofHlXnR!PDmMt5KCwRhfYL506BXuYwC>3ZrUq`rR# z!Lmphf>l23FI5?ft?wB}sS~uqqC@B06=x;8jc8{q5xaxZ9l3d)@{W^e`~`a@mrL9g z(Vlft8pCZeF-=EFZe8u858|TF8Dy4gY|xtISDh8x7!-5+Qn6Ww_gs4y*3RZW^@i@| zstkjfoCN1>Bi^Cmt^fs%VZk8Hn?!!OAJJk&3%nNLwU))}kRCClw`fv!oZA>k%OQ%p zO8quaWkoy-&w1OFcT%gHRL#Bx0*RGdwQ#yCJ$`rR&AF-J9eCbU6J(jDGby+`f<4yV+X4l@ue=B5AO6J8_ z3+l7GV!eHrI>!ZXVV12kvqoRLHjh#7#{bZ8+3kEk;odz1)oXcdyRE-H><^m=YPjHx z({P<@5i+C;x0adk?>5D!FO~-2Ob%cZeD1a!JFGmnxLW<4WL#`|3XvWdDFX?a4k?U; z7$l>ZJ<}><>T0uJ!|u3`sZ58se~*;kL{nLjS7rNTb6F81IwVkD?0#^#jX?_}V?R*4 zq(URG{l^(Mm|KQBDbr!M=9M45SRI(;<@szubRN*TaD#>TtPuiun=l|43C z8~u`Gl`(O(d*yuHD?gn8)8Wh`Uf-5&W&#Wb_AS3Juae^JRxB@01D%(hE7AxG5_@Sg z+GK?F5n7Y$;LKd?jg6PhH(XlTs4JrF_jMg`fo>ZVK{vztiC=*s0mx*hJXYbgj4Ql{J1Cz_%-8)ZR`RIa8I>WTM$NlxK zvOSmdk#0Z6D#=pRk)--DLGH;e`dZw?cbD|kb2*br-zFnyFOEJ8W@mYD#o9g$yAU~f zjd>akK?w=!( zlJ$75>ApG=m`rK-GaG|-mxMRK+f6#IKeg+FL^NX_@f|*tm?-nadBr>gP=YzvZRvaZc)ne*f0i!cB z47>XzgKt|BQ#w@DAG2I{3vYe<6b}F>yc3~bTZG+NgJIDN#K?Z2Lqx3AI@@FtN)fwn z-+R8Yr?>A!@A=zTW+$Pxr^ja(3xKzC#JV2(>I5XBl2~sY+b*aKqU|YN6ZN=7Nq$r~ z1wG+HbZKlta$MuAdJ$rA=IO1|&qFMZo;{N>^LganB_jDwT1&=-h7xi{p&g^7ptTICMTl%i6SsK?7*}Nuoll}pl4%!6JH(ySKo>pKH~h% z_Y73WJE!6%Rpr;i^Y$VV{Kv;rQ=6vh2Hyn;&{~r4-*2BfuDt%)Y2&K%V_X+EzsQae zo-RlSz{M3XD0rz7EImI$sZLTt6fMW=>3~x0r-_k(MIy_WiFtJ<-se@0>$%s=5%*=> zqihU%T*@U>bi5N$EJ?NY-loHxOr(;}0R|*iDK?7r4k_~d)Cdzel5Ng&fkq z*U7#;Ev`vQ_=>Ql#qHa-cNN6nWxXk2Unh)6J_%0io+rD^ye>&3WC`5tPJK z7kVCkF8RO|@}!<;CAeBN=wiYKcs(^trs)>wI7Fr+Rj;i~9#|^|nTa`oAdP#q7zNx( zCN{@@5wPbn_nSORA(Uz5DCs+MGSf=-PT#?K_0I>gEEnCcVBl6!jFo|#2!`znWe2X8VH)%Ja%xiM!K57(oCRa#6B ztd%BUheoN1djoc_baIqRhHo-yi_Q=rCI3;8Hx*lz zF93^x^ASLE>gv3XP{=cMII8At)gv^*w zo4AvXLaE=276!_PurnLJ>N0vrc1@1}u`R^HjGdoFxi=!kdx}os zi+79#CK0#=yOanXXXh3e`xLpWiG`yV>~~kpT~Q{uNgj!`;0(wYm!HAU$dvFu(oP|` zw#us>7(4gAPc~v%dBsA^(K!1VWY~mvHUVDfCB_2Avo{SPa@3E9pF+&{>jMjeep;L` zg{l(s^g6S=i|;HMm0*_c+}0WZvxLL9$VscwhpXSiLjFivnX@|wP*<*vn*yaq`@v6!Qg2QZP-aTu;08ABWK#O^T7>RCc2ym!4<5esJ1Y$9^~F15nWCtmeLt;26s4 z-mwWzQGoW2=A{$v;_4SndcO^IIg+zgi$g>9>%z0aiHkxD+5d|D&X_wT>d%c3Ft#&g zVTuEZ7J}CV^3um;#1SXnz8FEDyJ-KIPCFWMa@#G)Glvc+`}*no`7k?+$Ae}Ari{^` z)n-OxQ}tSPfma)mTR^7Gohaq!p~=PrY}^6H{_5I_kDWfty;bq&-qn-2(3_u}*ab|H z-kP2IQ%jho8L?xwK8R()GQ?vRQ?8Nd(~A6K8n8LV5(_pyPOTu8@Ct%)JN9g~m7&`z zQ6D;spUV!#ov$ClKjf2v5pc{rRrILf+0G_m~C5ObtDWoye|7r^b%o#MUu*0&1C%PKAm{vM#n|y?%bU#e;PD2F^kg~&nkg+GN=R*nZ*MLfAFc?DoOh0$-QI4UC zG}QM_Ncd4_`Vmxh4B3*xdvP8N$F~lDZl|bFwTr9B!&YAEbvWVOK~XV!dW$?IlcGONn=n?t0_^^|&^nZQ?RD-! zK>u~2ykg)XfOdBPd`bHbD)3){?|)t!G6VjO(Xj7Tqkpx0WArB23Ic@1}>cvN?s5 z6i`k1L)GLP4RK~rA1}dc05)ze)c`Z1Z)FQ_wYaB$&F`VFbXBG5t(UtMBH~CXme0VE z-F&;gvz&%?wXf}9XJSq}u;IBXXiqpi2#~tpKQH4X749!<>^7R9)zMWvF-ON>OnUEN{f~(YXOcwd5!I!3ks4~iHv@GQy`h+JYzE*hUdDYv9oKxv7wfR zPT8p^7J;lFFcC+`fA2*Ib^q%@w1?1PD6Ol|`(ZlUJ~Pe7^nymHr*3HCEmPW)r!6-e z`AXDTPM-K8VcJ3gc;8|G7Z&?WpZ+CH=gBmkFP0QJ_TNzpV6*T|GEGOGT^{Fo(7**4 zLV{pdpe*a{b2Gj=!PQ=-G{t7e#|1GVFEeM#$4bB~+}jQ+cQuDw`@R$M z_ag{)%3-uQaNp)WB=Ym>6(d}=+ablS)22ykrh%68os#*QD{CAv7ariYU%z|*6voWKdjW|}>tw1qLD*(7c{mZLUkr@C8fZ3zjoqGV@1d1%gMdag;J8>7J;LpQ1#;u*Y zydzV?d6V8iRj8x>@e!YKo_ zg_yH`J&^~`Gf4_ZOy*!lsGKW%M=-VvqW2fa3Y{F(Yh8^a7R5i>Hva^COpLtpH7=^! z^<9(fIq`EtY2TpVHI}p|>>hU*;ZblrW@*7$OPfyW$wL3UxlReIW=r>-H(S+3fAo@} z%R9skfI6r*jWEs(1F#SB&fC=aUd?VRn*&ZjX!Ri`{5lhguQo0h)EO57wa9+}n=Na> zPckRhJ_bfX>BF7mtu`DdGf!4KuJ|GSwC$^qV42(p$Kqc**H7vy$s@m`VVsDHsD%^2 zB7Uxuy##YYo?}_5V{{U1;U<*&Z~1P%DP=a+jxs} z=kosNUd8ui4L>fqSf04eFrAux^OS22zIRP_&$b02d#)|JW1EIp0Id|=$bIr+cfWHK z9j{l~>+bvriMi*Y%f&HN!k)`hAz`{X_>m%Tvodiih*`qO_z9Ml@_UJ%fQ&J=yW--9 z@8Z%u$W2H7C-`;$6o)HObL!An;VKObdM!yD5WS6*OlmJ!lKIa@`h(A$DbEzO;k!I z=@qwS$Mw4nygA3hsD9KSIPJ}O`?`hD=Z4JK?g@jt_0AKD*o2S=xlzp;(R4XwI(Tg= zxJ!N!UR~8~yY$E~8mjd{eoN`~+si~FoxA#%+GJAp_?`&$#GC3r8MvH`k5&uMqx*d4 z+r42<&+2l=tJ(N3Uldk)EI2t>G#=fd&~1tr7QUAMz$m<+;Qg32g#HLg)#;wZc7%=v z{+7!|bZ3v%{c3n&p(XmTy|jZ#?c zk?Ax8wo5lot-2tO&?ryIDt=t+UR!mRt3J}wt0})iH6Fm%wmFcoXJzZn1uev$T99ON zVd>P|LlFyye}J1o=BtQF`sJmIT?QHAqtzP0#>S@C?b-R}6Rrk)oyl}!KkjE7TDqCWKabwpoU;SvqGjHfx<)>jXHlKAJ@Ci1%7sTm4$5i(JzP{km(YXeO$&t>-RL zNDMp|q&ll`gyOIND!)@HHPn7zlf3%y?++A?Jl#|arW)T|eMRr2Of#1joOa>I$ zIu&EcPhR;IIM#(dPb)^^bLV*E*Y+sJ1}C{q9$TKj$gPDcJ4-H%YRWC1L}G9_#C=^qbHTyn{z zi3#@0oVd{_c>U>Hn##71RLY+s;Z)-p)o0qHCiXzwBl@MP2KCk$Sa7ul49>5!_tk(^ zcgSiFL_JoSwQ2-?_Zntxbdgq?$@0*~E2##v7{UM4>#;p*+^?dY1><*x7!Zxwdmjqii%YWrFGakQ~~H4Wdtzksbs74h|GoO|z{ z@fttYe{D0B{XL|($1=2q@#`{zZWKufR#D18uvNP@@g)RT>t*+SP4S4w-IRI?0>{ec z9dL1pK1M&n))$HM-GjvuOFW@%AtB=+YYAcd7}Ek3)b8zC|1nX4GlgO0$2I5{n4;wh zQH9!T+HDnh<{_iKUS(|k_=I4IwQ_@?F7^25*hdM$_{-JXoGMry&d}DG2b)%(pZWZ; z)PoO>Q|DOBGSIzz|8W1_vsAXA!(=l{OSRqIkoQ%vyUZw*iba!dcF+Rozvqa8N(J1Y z)G%b)0INT7TbS9X2)(V%_FhoW$nSb2mN{IK*&XkB072u;X~*P}EJRDX^wnbfN4EV; z9a@r_3-Yo*VD0Q}1l+HhRSToHF`-g>AV=ibSQ$x5!mmre%TbiisM^Q>W`!e?%2C*Q zHE_>bAP}oE>%Cc*g3qP5+P>z1Jm%OFID{GP&|het@C4P9u%0zU-?CAs@S$P3GW~d( zN>S<5oU;mM;#4Axu260NwROwWO9{!7W6jAC7$Iv|Eac` zVV)HE5=l%rnCk4cIE7{2>9GZO>uQWKSLHJgdtd}6F_%sbhLWfAX=8GNlY<2k)uR$4 zTJswCXz#SJD1S%_G8J!q7VWwD-P{RpPBUiGIkLaqrT-%=p?PB=K(s>jYWwP=5n%c= z_hIg3NyyH~Y9cIfJ)G!`-?A>7V1^e5h+CkHJAjLc;h^g%e6u+~5G?(Ti7v-Y*ni&Z z6g{ETfXZs1|F7i_sE0Csm#S*829#v^V`XW@=@qU|{|~vZ zFrCfRTR&rP2(w|PI{St9hKLl8jo+@7t>xfUs6o_rns?gjUEb-yDnhV--oYovjX5Wb z$G!@P!mC(U_rA^^aA-6?h1Yze;ZBN5!vs)%#bQHwXSy@SL0(i~qx>|awm!#3Ut=pm z<;u+rvvhkvHPT}YxTg;+UwT0e0%(n0Nj@M~FH5e?%@SnYU8ji~nt_!?mvL6sH9;=k z_vH>evR0RG$4TYa)Iju5!ih{BEV)00xf4Z35ohRquDC^cuHG!T)P^{lpqE!S=YNSa zg}0xml^O&$*zbG)b5{PP{bTAIrh8v|WJ+D#f8ONdmCg9c4ur+O6fN?$H@TLnbbH9z ztAJ`;-$5$YV`9aMkHRZsa8NfTzjMX29_FwoUtKk~&LN8+=;=L}^94QG9tL%3bMm>P z2y=K`R95^VDLuCC;3n7)!NJcm*nTvNcbm@yC-RQL$5eh&xMy`aane0yALcKQ@%PF3 zF%!2_`a#OO-^6(;*uUH&>w=8`6(&Wi2QMA!JW!BQrw4Wy`F}kMfGGhbw#-&^^)DvP ze;A>Gn)@slg@o;lBLmR3ix*LrD{F0Bc$Sf|ZKBj}#~fqcA@xKT*p7=x3faz#m0w+r zt5hivOWLg}_@U4JdBv_QAq$Kdq;^r9rSX}!&8jKr=D3i~3I6({dAGp!p6FA(iV$6q z^@Utox5HO@1}5wYy^98wRi+vKd(~HKzc#LkipZ?4Rj6=Nn=ZzlORqUlGu8AWwJYLD z?HlpNg*tXHxGv=yTc2{j!0*N<4(PJ7!VhQuq00Wa6*}?MpTXr+f_EC#AWdbpbW|%{ zLa?-yxN#SBG>%$>dVDzX)!aMx?W$_$`+;R}qwS3It!(#vZgHJrhg+(6Z1b)RFsc8J*64UXAE%SCrHNPzJDPe_9m3?sh-0!qjnQ9RGe= zIZgF#$|cFzCC6OhKjdV2uJCxFR20zLdNYn+h16l415wXg(y7KjzWY4ql!EK$GO8$w z&kbM92aZ^7@B8SwGlUQt4V;5aKE8kD@{YD&&Ukelh*>v5dcP*XO@R}%?@3bQy|`Da zkh0s8%H)W0>v`qlW}uqz;#(A@pr0<(JR?|IM9Mfre~R6h!mBO2zfyvljc?))qrahu z=A5;VwEbtd%YT_|ZOTq7opYl4mnpoCDP8!5C?)@TF+Uhgxu!egm>}R_p9pAxY`QPK zeHx>6IrjjNoi^@?U4a+hGy-BG1=5Qy;2Kxl_ULF)>`|6M)H`JDXdAF5Iv3j|8i7$t z77uPi%^}>E>b(oVCL`_-Uxo1cgBv5?gjnXl{QVZI^bBxXmF*R6N8~4<3X_N4(Oe7z z2|-B$cJUn&#R-WEujU@tT>0gSKSIe$ws&1VJpGRp`0Eu*oC2C^d{nJQ-Ov+|eOdl! z&8jNDxa#-lJVS0DL@X4ZsBBQ+!ep$&(rWQwzP-IImd0nT!N7;4l@$@G&YQciqQR15 z+za8BD0Ym6GY=}GV9)G@ke}ZByLsw!>a^8{Xwar~Nmit>@y(45b$!j?-s(ReIVU4D z^(r(pxk{L$JInIo?vAY~x)opvPjk<&slORY!w%Uq+wtmoeg5AZ_IE92eJv(4SehlY zqU}b{c6z*~=W4t~Mt*$t`zve-T}g<0U}Ur3CWpWyX7b3xts3PV&Yj7fE{)__}V2voQa zxSoHV{{JkCWq?e1_8+2t{gmZRuttNd&u&rt9Ogr@!2&G1FzO!f^qRbfz&!iOm%3kx zDj0`Zw!(sInndB;1e$~kczODyz=YfQ{DXAXNJ%Cq7EqF^qmTZ|VAe@cEg1YUV>uhX z8r96`rm+QQbkn3$FQ~KVhZqP|O;vr38B}c2F7*HLO?rTke-Rge)|4Bo14m^hYeWbM z3ny*aCrXp@vah5D-X{EK0DrquPyrl^bJV}lQZDakBBC{47tHk*sKC-Yto*O=;N=N1 z#(rno-*+qQ`x_t~VjU(*HB#9Kan;@#4=6Ic_ui=h$5S)7#;XEq5CUV!ktlK$#^D#g-JlO|n~cgSb?>>u%F3Z0iAG@_ zApmo>BdHv)G(`L;_s(!6k>n?@KEKyg7!LTi?Rm6tE9}!vdN$ym&&UE*X#3e}-le^{fvNO?+}Q4f`z?Yg&diM+0Aa@gE}_Fy6cB zp8srj5(1d>C{&Nt>H^9UnF{RH9-V?Xr6E&*xBmMF*FF7iwpecmT#m$ENW&1liqNxN z2R82bh^}#Qz*G2F=Q`ehVvHBLeOo}w-nPdD4P(J`Cp&h~~@! zCTh@vdSw&i;(NeHqT=L<`1cR6PQn0b>V)4TlPyFm_M?V8Yeo+p{xzQh{~68y=;i!e z!v|Czjl?gl$*U7Vy4ytgD>)Vxg>;F+#!I>%9iKQU5iN4RQ?^J~&ovSKatUhAE9SIY zP`9=!&nIBgectIzd1`*`duG3}Y^;?5xnS^YLF8}J;!m09;(96~GO{CfHs6X=cds9h z%W5ou7sqx;l*FR=lVD-+#SZ6dsxN~~5P-Okv{kZ-g5G#1#_xC2<^FPAKrY;}33 zOMkt}k5G;R21?gjqsdoQ;NDkP}}053z_fV;-4#31;b(R zzQI7fFkTllDc!$3AnSshrwEij;G!N{*ptD<9u9wBBNJ!$Ta)ev(6-ovk^c&-{h`Xj zE}ad>J^+852wJLyJ@eCl*wU;G{=*nb$PLG9@9AI9Y!cW zDHbnP13t;9@kscebpE>zJO?pz@V|TPc!<^dL5`aOs41%UrGHJ zasBkl3AIn=BH~h)6*bf2WcTP)$+OFc5*sRoZWHNAJ$C}Smd5<6Ng_~D?LbRVEKaL!kENnL$BAOlkt0o8Z2mi*)a8sZ5`v-G0zhHaR(qs zCEF}gFe3w>Q5V`mf%*rvGR8Y+QQj7;S+CpL5blM^u)z|}^eMx9^y1RKm8-nlj04~B zhh0>HD)X&l{z17_9TwQVIuBS+G0oOa0whtu_Ul2oV8;k{HbvFs>J(12_PNL{nMA38 zK-COg&_f+Of{8o<1bsLB_L-=H71^f37&Zbt_Z@-{MKo!fzzrf3J@NW7V~Q<2bKg=9 zbd`ock5X_&Q>IwMuNPIX+`QhRp>b$9@>NNn86{SrP%C#z0C(z^+In4d)=Gl6Ol(zS z>4Ppi-$i4|9x zcr0X8Lt-J{6t&n;yBm-eXTNcFY_4t?yxlVsB5ZVOT-`IV5F&iG1CT38ERu(QVVI(I z#hXN`^`5YBE1@(cE=#q2iARSGF+dbUAS60NZLhAVv#`N;Cl93!W}n-OyXC1TN~Hna zYE=Z{){MM81^c@x=V)Fwmcjy%MW$ttfPB4q-3I7^bo*>sFs6vKH~O?|Gbp*^*!LYQ zM7$@z`>TwfKl9Qlk)$ne>&=?0ySElfIT49AahReI<6xWqZPHnm4v0AaJ7UVW?>lc$ z_2n7h;GIsWe^!vy7WnI6t8>MAhsqMjm_>fA`+ zRq*)~OCiEz8=tkBv|4%oMC$*svt-naZZB<$hCj znY~mY>Je7b6l)X~u3;waQ6$Y|n5%LYf-c}j8Qbx5glO9Qc-fe`jn+POlc@(8Zv)cq zy>I7-jnhjAHcGAcMGze7mky7p3!MU$e(-wc_qBC2NLJ!TdaMU-Tcw(2PW71gr=UJQkytjE-IP44c5+z3`c#l3G zpjneLs5F#4m0S5OlfC`>ajxCk+$oFP%B7%Hw;zKZ+VF$U{w!nQzW%~g(0hI+L*0Fg zh;8moZG0};?Tc;Fr+x;PtscW3s&UB+4WR?ItTb!BbUBM6xs^AP1iOs^zPSLN0Jvyo zL?lTt3ci+rad34=>0oXlUqGNGECUcvfB(B4A|xbZeg@b0({jGb&o27nj{4V)gp38N z82D8`Q@v7rXtigvXO#q#DLOO~#+2U@Ykh^{xBU3SI>Dbkqt7e2(<8O7Bp+XZ1kD zE7W6{ftzn`Spch4sP_UlK%S$aYetdMiTMpB@d`zSLd-*nMJOc#_G)5Gw-c6hEHPT0 z!6m?KN9GL`B+E=x2Jquq@9xNSW(2bXx};dnFQvArt8K$@KiU|uvARuc5&W^ige%uu z=@v?wB;;5Ae!9Kt=m53+G(}#vm=>`DY{sk za=TzlAqjRo4AoArf{;7)k8?SFmNLCpoo)$J^pBjW^3KPqLqWc4AbKRf%kl+=#Kfc zVI@%L0du16hsCz`(aFFB|7uM-4%xyh!}U^5c267%++kBd92?3%@cCH;RyvSu#L@~C-GQA6y;8lbLIl6x^jm*U7 zp0!AMjnysE>C?c%aPfUMSJ9v1iEjqwIxx&6nl1jtfgoB>uA)qe66bQkef0o?HL+pc zX#>5QmTdmm_W>;HGDnw@)l%g^9>z;3aZ2BVI$C+_Kt*Vnlq8t=mdI(*=i01W(-u26 zWjaY}+dWNnzGKkl&iLXUzYoh-A5_GU2=mmsaP;0A&2K4--qG_lzCndq$9D~sgm!I` z0;A_40wiUqUU^UL3*VsSp68YxR(#!Ge74H;6f+~_@?D~it=k9{`0ehgDlT=NstF9F z_6;&@(#M0)TJR+R?E`6*YU#u;KN<|6F&}A(!8Xn z*q3`YXZ-U-leSz?6N()@9m~fX4-GFbl+N0%$syug_I8h3lIohsnc|c8gN~^S0wIc0 zt64jPdf${?=NK0^i4va^WJ|ldHe`Ol__(EvV4uNZMSm&xsdIIL5&fvQCQLsy<(r z)YZMR+BKE9ZY8^5L?L(To8x0ZxezvP8Ofh&z1do9<7X{+?pX=I#%(a8ghB=E}Nka>qj8IfpE2PNL3XaVtbz8bR7?**3Tn^%Pgr;FOjU zoVHJgWchW>=&ZuqU`nYJ1@OnAppAfJA<&hE1b3MYk~G~OR3oFYXGjQ+#L|Ks*)IE0*P{Xt>& z{g+1Sr5h5IRs9hfjU22T2?2Z2?H{l5rcXJ!ZJZ zdgN*2DIj~-0%C$ByvE}tE>)8_;&hB#8gjl0(k+K;oE9Fi9l=IMrthf0|4D*R3_^1XDpYIoW>gI2?I8 zLlaR*HSW4)gt(HQpq0ACoeC%u8f|Uy2jNf@|U#%LM@ofLS>KfR(- zS#{D0ND%@4qLKzQqpLDZqsqA4EHnN^^@n2aoXE&06c4V2L}%)@RruxRmjqRP-b8VS zkNqTGUS8Nrg%F45uU+Nfi$IoT-_}*&*B;d+EwiUD+SxcRrp0W8Ca?HtOKC#k0BPJ1 zLA}u2Z8GR35!yelFMRj%`00xo{&2=5=vT+ZLQz&nsi!_B_VEt-144pbv>HsG!)!5c z;PN-DwUECFP>Y@;J5N(uzWci(M%BA+-V0N^hEXVE_y`e!^u`i~@{}l>Vf?1v2ZoYm zLGJji8~QU)jx0c`A?C*rNd2gaG0d8dZxI@rWr6&(!j|Ua)3LKF46d1yHz7VuBO1C- zIC0oZW!^-8X3)PHBOSx3VVH)>vc72cot|Cf|qvyPlZ@fu`F?^bs=q=M? zEh%AEgs{0`7BrldzfjvcvMr$pUS$nnnwImMWZ5)dK;KLZMm%jNhdZ=<#*ZwR=yZTPjUHs$q%>-HM2nXI z`dW|4x3v0~zzuME3M2LinrJ^`HP z9ntn((CS5fh>KlF3rVF+j=5>!LjE$`=GG$8h{$k*h3l4cI8H3MoFmcQ7^fl)D%o|c;8-Wfu_8yhQO0;%;U58C z8B2Qh%s)Aqw2=Ztq(5vqm-Q_5ERKkDgV@R8&g$kFrV_Bx7ySVF=V)Ygv-OOx<8gMl zy#U#XER$qb6+j?UA`&-?<#l9Q?8aH}sD-KtcLAZ>sOOlX9CM5_!lu`)X3KpL7jV*Z z3WBVz(&?$hP1%n$8@2+hV)f*VjGn2*O*wWou#qX2GaMddRD+;+PyCQhsL~rN^c`}p zCVHn8yY6&$HAZoN5oNJ0l4~)q)nL_C6+s!9dS z1hjFYkdyluAYOs|c*j+Q#prKV@rh1dK>ektxL)|3M7d9q;Q@zFYkV^A1~s?v{c%}lxY?Y*KK`{L4pu-?n{QO=P)i_8wnSuP_<%f4LQadOvYV;z z>2Q|rBp@oKg0ETlHo=0eLQ8r6D0i5`m{#>{W15TNoxx~fR|c1yEO2$?{YKcXqb~RC zD@aS((cf4f|C^u>6SyHq?@p$Xh7@>3T4GwaQPyY7_%o`gNX;;n&9b9;s2|WeOYM~` zO$>krJbX9%wJnNn`QimPT1j2zIIDJxrc}>D7|dm?sr@0ien`1;Eb@0+=fo8tPIy+f z`+v|njLt1By!Ux$c;a0`UOlv&`e*^0AzbfEFzw2HR|lN9rhgrdXOULUv)+4IE?Xb~ z7*nyefHCu>wZPssA%UsXZO5FP+|kv2BTc-V-~x|#&gpwS#0%~A#x54qpLPJRG^m=G4-Egbtt z@AbQWsob=2anYZ@3Xia~c;e&`vt^&u@ytiC@JfZ$jvlynsI9^Zc2elnZx~wZ+EX9` z1G=LSaB8`);y`--HyE z@Eg&Q;N_ila#JITp8tyc0o}wBP)+?wf_hWLM1s#tJIAsu z$0rgk=1$cJ=j9&Xi^d$gBab0?X8YdlXHnSK6JmC%e#((prW&LLy2TumNuN=#t~y1A ze|>)@=f0p65cN}?=(WtaI|#8s1K;{QpWj{BlBsYEFc@pEL}^)vJM})*a-c2N!lU6XsipFj7Rhe>~}5Ly!;nAR23=!QV`zV@YHWM{DRa+ z*xX-q9_X)_LXJcUFNxYj4KDt)6>OjaaxDwlj~4w71j@ge_9BnfBogaJ#!g8wGmed; zBZipa@QHrYM=jPEG%FlK%zm^_?aR|ex9`AiLBj?o{&+UYa@7;}L6G<}3JNr|9)|nB z%Qc(FI<~q9K2G@E(sKM-cyVn3sq2FGyB721k^+k|2;M`Y!uS@fUZLmx=({XO3xPWp zs0{h%dvPhj1RH@1ze_1x((<4H>`wmAD=QUk55O%%J(|M3GZ&LYWfw)p;#!v8<5O4o z3~J3oi;QY@SM2QvlV;n7`vcVrgzNo$_pCHq=p{YAy^n~BvZAeoaE}N%*vEp1s_E_Z z%f}yFd0ZIrko#PBoPS#2rQasNIe~os!qevKzfm#`4kzbeFQmn#gg8Q?;9Nr*Dao%3 zV?3B%cRt{q5g*32je%6(lT$mzg>hQwun#HuU2Tb+HdB~8l5ZKp&s>nZ{QTZkgIOgW zmJ(x>8jziP8|Gwb%?#A=OK-2pmFg~fZqEB_agh!tg8;!5;by;fx~9#UdO^-m?(xuM z#0%*RTX?*lpKniF-O-jg4=>G!Mpd8!0j{B;1P$!S5I?gjzQ(#Q6qfrTqTpmj25%uE@z$016f3OYsJHo_FTqP;z#k8(7=vdPF=>H{vhJ zm_NnpbR+#G3Q{8`DT3WyS~a zC0DkiFm-iga8@j^u>lhoa?ehUiRlsUAp3N%#&4!88^9TmvV*9O{Bj%sY+kuRxiLda zxpFo|xzhJEjWKOSi76(__ip6o3-DN$OsP==n=x-kHV zw5vc;n3c)Bw(<1KyTGoBA3o~+dGW3USgs7iBPO?d*^Hi7>9-a)w?6m|g=-)pu?!44 zCA(wD42`E8Z)$7o)LedHRRm&$ta*M>JIPJ zL*0nqApsj4$R4{!oP)!N`nV(d(`@vTLhZPZ}M4Ayw@}zyt*V<$8rhudUT< z1mi`nM?ZX@T?1*?75IJsPM)W!+=cgV&WEcQ72UzxY>NL>dDo+{%+V7XZ$3iNbo;O?f}N;2h3v>lZWfBax7n63GdtZDhJL=-?$~vqT$iDjNt4eFfuX@9Pipl)%ZFDav%`w ztsWVL3+RHJ;h-&}S}w&m7eX{@hCt389UzbiC{n@*G@e4+vcOp$VEyRa!nJzju58_n zM+-PrGWcPU1r%sA3c$WIO?9!71ar=C$5kwSmO%*_dNTSa^dxM;q!XD!hMv$5G>&J= zxvk;ILlV9F4|F}96f=G&aF)ich8+97W4`H!n9|?pT$jka%X#sZ9)9O##L)21xGVOrx9n*Rm9d z_nlHx`()_=;U3^|;~n6Mcg@f>262LUzeE96eBA-XvYekrcRDft>C-!*e&0Te#l2QZ zbSx-I@DYschaD_!6~N4l^zwA<@{=5tE82!#^tp)-a~ML^c$azb-oNu}{@00$rS`b% zD3GWXWX=%Yl0k)sB&lh>R_DxNw6I`wO=y)~OP8k)*WAiA;nm%OOjKy(4YeV6H8CoP zAtpQM1EX5b$VB*-R;e`39`OlpnFW;YO4sAS4N*w{MZv3HfL)84#{4e+b|Z~) z!}~6%f`esWD&c#o>^^9IpndW9IdPexlJ?_z#+pEkdbB@)JE7C)9fQ}scjKYeFKHuw zgHJd@aR^uhyArdff9-)OOxG|e0bAQ32`|{wUMoY234E9xA&pXm+^BLUzhTP;A0WW(%&U84&0Byco(7aQ z+=lIvzl@W!1?_EbjvE?(7B}RKRpMIJtwUvX{BpAf@MeYO6EVR?Qlw`}|DIU@=do0O zJKs&0-fWrSPn+WH5`gp#*GTuI$atOR!r+o`!Wd73%803iy;j|Z`&Vt{vU&U&N|l?wAHC38$9(Lhz_cYZNtU}5VN4fPYw9uhx2G4N^HGteDkM{xJ z>Dt6piBlgqBRHz@5~xa2lznUf_1}UjgYQ|q2P4VK`2I$?wg zx3DQZ@!=Z~^r#6jL8^|O#!GMQJZNN)!FiiiWUir^orjQVmJvF;k?_D1)m?a?uF-)h zo_DlK?$P>?zptZ*M{sazo?i3HH7e2UWnR|qQe&|u(XE}3W`fjKJio_w_e2V}E%+*h z+6(Ni596n{?ea(aj3k_;zBar>kmFbUA(8m2QGUQ^RV_jQ!k&^88mev z6-@wyD~(xFc!yY!^r*==#1MG_LcfFn<~BjBb<+KeOcs|M71lfH-be6}$qhqg>&7B? zlYty1oVeTv$Z4h~G_j6Cr!sR4#4&}XJVy4F3cG@Lvl_Z@kNdFE7a-+x*p6{>L6XlK zT?)`!&@NJv){Hw1NecjZzpbd34cg|r=hfl}YYSlxZ0w8~M|f$c;?sm-jUMC(z!(x4 zf4$pK@hl?@bFUHfDPKs;Ig+F!A3$F5`%9SmgXu|2_3pQM?vIuye6o#dcy8{(8Rb~q zd8KgkmAt79$=uW9nA)!@1|8{9X6pO*Ikr9N)-Fwm{g`XBvch1~6-%^Z-koPr?9RH9 zg9i=LuhA(lVb_*;?$s7S4O-%Bl$!mYR%Y)m9l}4CEt#229yy_#?%U4U6*a{2A~bKY zIh|x?Kzmh5ulo?KbU3HX0^z~RvH|Jh%|4vR#Qcy9nwi=36?+wIeNtdBbl%A-SXfup z2LvpU%O^|D0^Q9O9zR)Xw#nf1TVkMgd<{}_O8M7v+T&B7r8}MT zzGM$xz6w7GnV06Qhzs`ERl&_H?Oj=c)VryWi#{a1k(lvun0RKdHu#K4`)7ZuOX{7< zj+BAlKq4@&1aKTG{);4_a;TW2`iaJaUT-wE0;DfO;q4uP$E{VK&`g0x3F#MRgYX{; z6k#zDaq}(EWBg9;0Ur-&SD){TfGFGU7tc0=1J}DkkX^_2RL*OzboYKz87jVWwy_uJ zLq@g#5CQ>-#xqI8P;r;@Dnj{sb}=&PI$8zumGN3WfNhv?arM~7^<{EEcfn2WO-+9L z=9pSvxc#676dg>baq9@?Yqi?VpPY$}7H-L;#rLaeEG`#CoUVe^@eJz7>ysu7uWrwl z4{)@2-2R~M%teQM86nzhSr1X!e6Lk3@@g9G^lHF#Ghs3@jSUG;ZV*vfUCjY%eSitC zc}h2t514Q*$#CBdewRLJ8eRmJzqrC?(;+fuipzWA7V1yv_`Aj}8@6Dk8Qv&Np!{$p<*^+A&16+Ie;R>hl?-Qx`ug zGzV>7S+U`{Q7Vx7DEKYU1>SP$OQW@c67FHp@w3-5zf0*?clA{!j5Cfe@r(2;D|t3= zg8smisOj`%U`p4<{oUq&@Xibs>t@XX6CPrF8b%WfEceKQ|Fo&}I;Rc`bq8f+*QH2e zv!`~d#qQ2XATOGG2YzsK;<2D*j`yw^=x1^i3LX-D_fws`4kb0IDMUb#U43`E!hu-H zQfjdl@FGo30}`$|#(gL=ah2U;-Lk+Apf-Jv(B)F303Wu3;jj2jN!v~G>5 z-)^^;JVMvWk{g)p#*0Akr+7inM)%2wNA(c;>G{0g>92WzEV3&OEyR23Xi8pvtl$X1=PQcXZt8h_5)K>+1l? zI=jcAHf^C~YTJHI5Vtq4I;6A^Tk&ey_pu72nZ6g}!*15*78WHv7~$5S{x$T|yW}%W z?&~ZR!rgeHxNUK{yZ@RS|E)a6pO0B}2S`Zxcf!3kDgFFaI%$EPxoCx?1pa(g+R?iC z==@;$&7=Pjo&P011(gZjfjSgT(GTMnYM+~z^0Q(OEtE)}{~gE%($m)O)ttC*Q5tPe zs?96f?Fjz|&p?>;M}(~T>~?SPVwnS`+_8wgE{|LX;B*H>t)t+Unu_?kQS5$ES@q_( zOar^Pv(A<$M)-daU{54R=~HbiJ8ayNaQWxSo_g=m%auNE~X@0`+~FAV_1%RmC~ z&C55Hox<3(B6@zwjo;S%b#ZLZJb;2(KO%JY%*|6MW!$jX>W(Xc^RPk_|4*`be$58} z>Kia`ob!j>2-RLDzq&9IDS+ibQ3k_ZvMw^TFeKLl28S6h`_;!yC=*G7+4qX?E>G~yzi4`UGLUlmxW&s+65$e2DB8SEg^o$sqfS9c-s zQkelOPw(2@ZlCQTzv@n-W+)&K&Jl)<0rF!79~>M^W_vzpPrRPbK>0pCH8X+tB@Zbk zCt0wfYNs}WIt=&PHh#p_-8Yt8@-jw~V!h5k+*y!T|E{1oMrT4kUOu`y-5F$fC3XFx zkrm!b#=9}B50{N!Iay2-UdEPHr@U}xd6A!TXAV)U%bg&oZzBl~T0<4ytBo^yqH_dW z2(Ltk7)`vk8+D2eQw6kh#hDQ<4}InfG`M^rY$TBG`d@|Q5h`x#1vgFuV(d`%METVb zh5$p@3jgBOyd@8)G{CwfM<76`{SE5IFrxP~A9*J5Xx0Do?S!+6Q2*!c7^=`$ngq}M z$%T=oB!fGz(X(m*7Xykp3_HYhBHRu!qD?k9MtB}w_*?#nkfqkPTe=v=5V}DpBhQhk z0rC1b3$Dy(&WD_q2%=)j8GZg;~ zj7f?!w+uPY;WU9IMIlB-3K63}{y99w4Q9hd#~*?xT-j}MivVJh$|ar)G35c5f%-45 zfr1ea7MAxW%0WdZtkQ;`e*1Pgudwj3M?+%0qP>$g-ARJFKn_o+cydMYeb(`NgVjmW zZK`=lJ->G+BCqwMti}f#@b5Hab98jjP~!#l$K^T13uV4tyBKB8`;y>g7dRY_)AcU- z0IH}R(qQOM)x?vfcej{C*t%+bEh(Z{+2Jqlg^RoG2Yhgtui1Ap>OQ!6$ADdkpN8~? z*_+Jtx#Z`_oI37yOAB6hMi)`pHsZzWZkK;}(m7BqWSB6=mdFi|g}q4)fl}%_ zZPmybLTi$hF2W}jlB(zb#2<@Jb$azKsQN{`t)ao%&#Yc4X>+StY}4@YeOsKv2CZlK znDWmd6v@7>Hg-wcM^oSvKb*-cJ7tzkuz!fls`Q41nfy^q-Rkj$7j3{LI3>a z%cFNcz6%Dc-X9-t@}X?klgup7vlliyEnmKTu!I(DfWZ_?Y-(Mdm|mFC`UK5^2Kd}f zBp$^wxSFy6v2Shw-X_@?)Gb-W32f}0$IS+0}gGW;eOk-0BX_VV3-~$9KzuF~)DL2rI z7Ca3rEZk&&NFjhKlL*XZ#K_s!eC#QEL0J9iwN_=8)Wo_EcMw4WtLb=%@mGhBK zM=?&Nb!$k^4zT+v;^c>MLce<21RTvDfg{d`h=BQBsy! zkKkC}dAuH|HQ=-T`Bqqib$0gOP!Nxnww^s9y^+y95fgDv!Y0gIqi}ejA8g6_;j}cp z(KSm`9XnzHe}v+8)I+7S{`xQF1Mnoic)Us?JY{2JQ*&oIY@Fv0pGh~GokSiikPj}| zCyFe%P|_W?9B)_G*TuIko9Mjv^KVcB0W<1oD$?}lbMiCO8)IWDXPE+*M6h}8$>t1W zuG0m3xHBpE;o-xFKNFGcwEBu%Qf1nS?y@pnBG}+`U?76)yX^8*5wBgZfBHX!ll>h9AWpn05lvB`Y>#D-nuLGWd1!y(4A3RQN zfVd3X9xntXg?5_7)xBSOFO5?o>S=(mb_iJ^lHGtD!;!C=1wBzc5l#f>f2SoIl$qnD>)Ae3ALGtRLYbd?1tXZu8y*Dh`n8YPI2-1 zbnHpBR(?9iOfA|aPyR8=sPeo2pWVsFqco;D1K-0YE^b9S2Rhid89%Sd;Z1>ZgT1-( z2`I(Bfr@LzJgTk7w-vCKi40?O&KWh5ww>a22>IHrw{PFxFWOB)vbACBg!kk36o^Cn zq@+Pj`0V+EPmkg&!@&lEM*9pNJE$+=t|Iez4er%Z!C&i|Yhl@AU)^fc(7mrSc4Dko zEMH!{yN~0=1zSYLvm{cFTAeLx8=j~|Z?)%P&#Rr`id$JM!KZ@wMAVKMJ?iWlT2$?g z<)7<*9`yZw3Yg^4h_slWkA@tr=kZ5a;oPlZGmmQrpX01H+rbdn9}>aqUl1CxsVV!|GwF1yRB?8eCP-@6 z*tF21O!N85TP-B@6Ssdp0+z`S^LWT7_Nc*g>8HZlVQ?EoM?sJVAtmWcf{$w0(pd{THlXLjWV|+~gG4)#{_aKxXqAPC;R$<0LhE`(2cX6l@6QH8)(?zOx$iGR9fDaKWqMCpE>*S}lft=kn>b9n>&?D_W=QZYZ#Li>VX%ae@j z$`4Kqh`89-8Y8{CCx)6Vf*+5GYN67u)4|3l&f8)4t`&T$nHtUSTI>OZ094ECBEF~^ z;*|W=EaVvW~7oneqH)JE~Zg5TP>%m5rqItcMU@}OGobtFYPh2L$BB2!-0 z%%rYReN3SstyH1tJ{S1Pe1pfrDLpC2*2nmj{6ngk>EA%Jy@@E!ev^DXUm+RgiZHFV zg|Q~DOD8hrY_;O*o6|`HDLzH#B|Vy&c5kCyKsb~BsUz1`v1bF!)Iq&adP;4tk2qP| zAP*+{s_02h3^+0{nQuHr4x6H31J97GLh3w{5P=z~n%b-W@%VM%rnIR z*<3ewJRffSQe$I?z7P&wF;dq$lFr$6CH;(q%Q70>b%yKxStiCx8tKnk#cuzqQ1e%& zBMQ_P@f-6U+4NtM(SQCNa_HlgvrtcVf_=NTf!MWwS6h(-!N|*2^|d#yGKe?LGjt!U zSJc=$twJ2)X4J_sj;uVEd-8Cd3%*-`}?@+vGjk2RMX zuN6Kpe6DM{DL;J`6}->2r;7&aR$yiu7^{ z>S6p5l5f{}b`=N;>T%{oA>VMI+0g$SV%1lN>CrBBk81ihGKxEBwF6)DBR|POt4L#j z(zi>*@g}ZT+V@ltDRvxZ3g(iuE>w1&Hqos_A}CWGhU12?LVNq=&EzxnIZ1wxxOj0^ z{9HahM{~|ZI@8($X2o3>W#5(LPQ5ViYc7kyQ8GivH-*i7t94#k0i1@7HB>$B^}xvO z`X$oXD7gAgb0n?mZTO%~Gy}`G^E7;l`T2CZ|K5^haIxR6OLyzj zU44|CPgeEM#YFC_?FJfZI&5PxjBx7CC4IQ$n68`FP%uut^n3fOR2X`ZJZO8J*2{r#5i4LfRzS)qT0ErThKarVYlghbjCLjhl|HsxG!d~o z+HeCMQv!Gnxq};M$ac%aMZ75T7h%_ixG-`IqMx#f;I##(r^WlH(4K#(T_rA)@!y5q z-t9sRVUjILP7gx}?cNZc(Vhzk$&3HBVqp3hg}S6>^9+Sp^Bo0w*PW*KE3%8mQX0Y> zC~qo{n~l6yO5(?h@Asf1di5F(Z3@*&l#-!JAk71+IvUTR(a0EjC)TTp) zKp3Gy^D3@z3uNj6)M9#@+nAAk)+TyzwO{4t+SDdbY*DbI5nrKYdZTdPC9QvU|LTjB zi=}TJ|FKeF-&nHDsdNHMiczb<1$F#y%>=sY#m?L!rad{0p=gG>}^HTxo>jVrywpr)_g59P~Hob!>Eo{sw<&M>|nDP zpy;~$(n@VPEt4gh-No^*CvF)+fCUmDV1fXo7B>TktUz{XTgUDdxsUlPCNme6Nf=)y@mZ10sxOg9MdR{PN-Lf8Ds6iAj-cqPHFRhg?R)aDC)Tq>=m4Oqp^Kxz4D=4SA11YlfkoYK zV$^-{rDhwiTES6 z2a7jXk-QI4+p_9(I4H?B*pT+A-5)`!0UOokW}u$zMYRks#ij6@^jO1NGBd6-Iy;{~ zx#e$Pm#k+VwhOJ}jA_xtzvJx6&oE)C(VdV9t*j_T9&ViD<}K@QR+5R1KpT`OZ(vi% za^LQ^U-d0(rvv~wVafQ4U8P=elT#TslHEq6o-%~NVtdul(au2ib2Fv%-fQZ8oTV)r zLYDBEpcV^~bAOC*V0O5lXSIY|%h7rKIR;ePIp5tq)X;8^buO~00~Jg3F=72pM zGM^R|@h6#^xE>le#_Kg9A@XnOg^pZXa(lwv%t#P_J|-UH+X;uJ8IdW0vBWVp-6aVw z9p64OGE#S{${1Z{rh@%`l^xcyY^NUxh{vO46!^9FekY52xHEGOZ?z0{n@5l zai1+9l0P*-mNb#?0M zVLY&yWd{gbtw%5TA*D2oev(UD83A~57A6{DyF1xek^AjnrPC&~Ri{N^voa}L@8B!>yYmidaLClb;XFHXV=qoa!&NR4d16lna@I zySg|7b(5B$x0DFdK|H>;f-Ab*>L>wIsmNG1bO-N>9!h++^+NcGgT~ z4~mV*)|_m1-wTO56*g;Y+9z4D)}Zc#KUEUKwsp3gp3fp!Gd1*=1j0F7z6R{(8 zG5aT_#f5Tmat+ZC=^tv%CSY}oJ*!_Pp+@d*Z*T8f3j#Q8YuqjdTq4@8egiyM$XT^W z=+tD%_$LM0k-86hy`kxILYlz-K?^bS{Z>Ph_!Y2YQ()WnJzzRZuA~V+C+=&7-6&c9 z-f96<3N^oyDm`uW&siRz(4FJL1;7|;-IH*`qB{^@SY2{Rbde~jupr%#%h4bCGLxash?wmkRm)O_3tc%x#6zk6`gEi4$n>lhVlanAF2J>$K-kUc@tWlvjS69CuUm;6(oubuGG3nvQ|qfuuP532l6#0D zj=KIqxXzSXRsA4a*oDYrE?9}B{gNU+x62D2P~b{f`8B~8D=k6ikTJwAOK&kAi*byc z&0jG%Gp1lQE`&smUDtAXyT848)z4YBr*{D-nG>jbf631imZ)vd<9C7r?Wz8hLiy9j zgXqrXdEO=Er#(FGaJ@es|2RHbLNi<$e;ilO!Aj_Q>9?8gI$iV0$T}g&)Sig>WDC2( ziz6JLh=?;_Q|!|))2Ry&@;C)>8NlMfR@R9qANrBn6yU6~`50Ufw@HurOs5W68=G!b z-6f0ok@dFh?Q07EiEq1768vncieqc}uhq8~n4VZO>m z%_2!VP~I12#j`zMSZsi6q|6OM3{K}JITgQezf&|LVz4MLpIE7e$X_Z)Xo51QfHh4| zPshmvFxb^MUBL!{c&Mr3yx3lS8+PWsnU!lkMP1ap>;eFzF}dMm&CaA8BJs2zmA8R7 zJEUyWels4!70-y2v9MZ`p--D1oUm>06Bs^VSXx>(UzSOQ*a12<>;%Y*G&Svu9-#$f z8%ilJ#a(F=-U}U`=3PlMmOTkSsW}+Sz-kD4kzUQ{eWd;MI1Z} z(#j`S-uCDpHePHmxZ>;mRFxS@o|`eF=k015n&jKI4Byij69&%Os@>zfY)tj5{DV*7 z24D5{y%q~_`Kji-mmo@y;T{rkz=RNIEPeY<#HQYlolwR_6%`HSD_n_h5JbwN%#UGg z!<(m%vW-gK?^4kZw^dut^)B>34MXK9w1TMR(}OW)h-@$Q9Ol|6 z1Ddc0Cl960Hu<00v)+8_Kvoexe-(GYHT^6u3Bibpzb+O-=gvh=<==a04J%`YS9>%+ zgOGenDDK{0WBnQxIcZs0g^> zgq6q*u3*WE-o8C-xRS7R=`Bw3Y_1XhiHD(q!BfG@{3S({V65!A(F=Lf6!O`9^#K6? zK8g1wM>4x(K3z@4LH#Izmi}aYC|qnnzK#x34_)>+esFR_%`o z+kbHBlRGhsx_p;ku8Q-LzSso)xJb@*EcDsE>JQsu9==!EfL^5h%Q5*%af_G&L)lw> zs%y4M_IIzw@900#kyqevUT)a`DX3S7w6d!%6i<)jQ+^jZQ{IR(XI+_c*xGVh{1W5> zC{gjEWfciGE~xz6*n{o*EZ`zTA$G2jMuN_Ll=ZAP%79{pg^tzBnrS7{s zn5>y5+RP57tk(HmXx^p?W7fpup}H5=#wf}furb=**pK(*NCGKe)+PBOhiNeujvnGu zARTj~URau>9zW+J#6f;t1H-G%RMB-zsjQhS|10zq*mdO$2k{NLcPz3Rt0?Cst4VGVj zP-Q}@AZg=aQ+(#QX$4#meew7@zde_vJl1RoKPlqImC%E{nW=Ab^u1M>sZx3mO|)aE zZ<8;jSLs`1y^<+bvI6?Ws8k3b9Lsa#_?cr}w-FJ-ZjEuWzF`4gRA(qIQD<%3|E%+LtNa9#Kn;y`MsxI&l zBN)H=t2CVBWvnN5qMskO(_v-MF1nYR`e`J#NKJ>bo7=;*Kj?A|y576;dYsxqJ-j|P zczX?HyTT*~mDX7w)H9@)HMuMLT%|U)e~R~=-Ut49TDyLqu=4d7C!)^DHaDP{&{gK_ zG6gxPq-b#!n@haUeclX9iB7>c`wMQlI}YGn>-b7+&3em%bY&m@%;yWA6dq<8Js(Pu zwm7uUWpfWE+lTtQ##Lgl9M(G90vtS@RTJ+U?bJpDKcE-k)$wOeUW+P)6_l~cUX(;n znD!&r-Y-S?mLaTjL@&7O_w~uWjI?vBwJt+wml^AKQ0)nc(+y6RMs=R7pmk$U2eNyD z@X?#`%}I@>s8#C9sR+g(j9NDsCmptC(xg3*3fkQ@lvnLsU=w&WKLZCZammV3e?2x9;mo2u2LW>68Ns#SLQ~^)`)9l(Q7HV5 zh;N9{JJ~I95yFs4Rp~eEcYwN&jGb>1C@U-T<76||5`_qC9eZYWdhXlG3U%v@fVc?R zLuEbYPT4Pv9|nQnZ;Nk3zDsH|=S<*j=t}(!HFM2^hz=!kWVcc$rG1NGz>nvKsPUJE z*Jd7NVm~q~B45n9M0`?Gk(0=d@l~ZiPAo1e$MB}~dT5flT**Z$yFUUK*3C78jypGn zPx~~nB+R7LT)I>$kY$ON%i6j#MRlr3)yZXL-=;o8_f3~%N3AzTdOm6x5Dpk z=rJqGvm@^)(>@o@ubeCKp~F1ccd8^uTn(SI=gY(;P=DG)=-5zsLOV>@ z#G1@{HDj>;G`#X!nCD`@J>ya)OJXdvpw3~5dc7MJA@`2;DAdN0z-@Gejn44CEfL4W z3~8@y;8@m_edOTG-rD5M%(`tK(c&-yLZ^2+m1f_TZnQ0k;FDB?8)8hTx!I@h&;#RC zwgY*N%`sBCoUd(J3@=De1p{RC2?5vK=rlhBhjx5F{mPBqU6x$nx{sGcObLC`L>b)i zeQ%v9anMCc$0Z$-9L-s8rK`&*YsjBBB-gz>!C|Gqt!+eeQeXWE*P-zc))dza@kPwo zAav}3J3vqo*46TxzejwXNn7fQm>=>sdH?Js>!fz;vWgASx<8L9x4l`v$g)2b0O zhCSA@$=sd^8rBr~itd8OaF_IWej0+jSkeOzpaPcQN5vvxEoL!a%vkK>!)x^yo=3E~n2xQYNXOd!|BIx|Ed z?#2fKTmsz_D6?(30CBu7wt>#}^DzQ(%Fu%nSrc^c6iPNg{}KNE!6ANr?}Q)xtmqH; zZFFSEdCLPsY!jg#-`_-5&L95zf}c+n<@dB&8xMjgJ;}*IbN#Dc3bGc8nZAvdZl#gr zBKsu#Y9-dlT9G;xN9Qp@A};?>VuEYX`Ay}$!66a@u}~0_Yn6EoLg6~|B@~CLk=#u0 zC}Xd}Qhw$W@wf$qBpZiI8!;mmShnA+`Y)=}*6-F3BOb<0a4CFDFORbNE?r`C1^#2~ zPA={4j&DC!S+AF-QfD27_4#J1SF9l6B^+U8Yh31lp$_q5jk9b$L(?9wOZTW& zYRE9bRO+*(7;%rkq(e|4Yf|dFtNsgiu3vS^dR$`L>Tj(Y6##(~ze~pu#0W^|{c$$@fqo`TBHZ{}-reMt}E*ntJiY`P4@;%K%A8v3J3 z!oZ3z2q&mNEcn@w;x+hqb?eFy%EVSa7|uZ-zkPvj5=No>AL^y35152czTR6Q88)Lb zBomp^mBN8|FX7q^$v=fp-k2@hQ^kCtl=1fG2-r4j&_yFW(?rzFB=JL_Vl+PqI|wJy z;n>#PLp=v`Uev}C1#>@GA<)U=vQA^!9MUoN#R7$B63wdC_uW<9wpP9?Px`5CR2x;) zE$LdUbmn*BOzz%_KbleNxQZumxi};vl2PV$RuUYMgh2Z-blLS3E6>PW%XK~zs;h(e zdzI5JvSRUFc7!%QJ~`FdaX_AV%k|wmxzSmYZ)#_DCy&?|${>GnTIII4S;w66eeq-N z!NDDZ?LLq|afaYx6n!84~QF)v()G0@F9DZG?tNea57x4UdlFxvc3Z*T)zH|1==^Zkk6omL;C zWoQIBzj7KdcHie~s9b*O=0D%wLFNBjZx3q?SC97c^)2^LUDC5@=aB`}Ensr1Qc((> z`SF+(*ngK4DLJ__aNzUh5YFW3keM&vjJ1!8emeh+S^^&-973u4{M?89mCyf69(_X} zm{Yn!?A4!M_^)FB|8fX=-Wia?n01?f?u`F(pT8b*$qICsecNsG&)v+wxouVN`sa&6 z{9Qtd7b+RQ@NJ*jT)MohLa16m`azpP&3suL@}r6pSYl7b-LlHc@3E@JZDr!=p_)RH-;tgePTPZ>sSh*ABn+E^p1JbkA?Fj}xF6tj z5yFusve<|JzWbx@%NO_LDkNg@?CeEH>@dIA(Z_8Ke8mU)Efb2$EEn6rTG3CZVDkB$ zk8kyR3L>eI6Mo9Am-Yv!$Eo@;FlZ!q8Y8^oHZh^-y5@jzOp#9yV8z0}sr)KDrV5wq z=wOn?sVpD4tv!MdP)vkz#LQ%DH|7=Jg`);Mb z@m3WUuhy(0NAMC!;S#HSH2;A@k>8ld>+v-FGtIeLjvmCt-)+sE%WPVPFC!XTg3`{q zGMGcxF5Q0TSUx*5EE^%@H7UUixai{|n!+#0+q`h}-ev-wE(#zFJ{$;zotW;25v@QM&O!!2VEbE4S z@4J?}*FGt&FcG$mlrh1M!l5HP-Ir%$WZx&gO|;YK4S0BlhBszxRvqnlP1upcZSsuN znk}HNs9$Bu#ZZcv6(Beu>#S{0H^wxk>!S(~Au>;?)3F1ex&Cm(@m1K+fe~bGcW`E} z?~Lmhgd9XzGjbiWA@Unhoe|9HjhJnZw!vN>08b=9+z=}(73nAs5WY>&(#A~tC3D9& zje69Aov&Ht(u?n1f>mg|rppjVHtRrVgP%Z}>a`x-71lPnWx9Cpi$W?i$McTKbg}sr zY2;#OqCThET{wI1J6jephU{uf(Bk&9i#;M8n}*oMj&)DBf{e@~GOr7K z(q^hA__}S*dRSFxQaa13X@Fh4cRRRtdOF7q;%JruzNY)-L$Fu2bOb3~(Ta)SNwe=vVB8U|#ipwTlglbF7@Y4reUo;E`gSwZ z)wvOi`6JA8*OjBRkB@o4;Uv>7 z%U&Hon|@sSpw2Ir)xR1P_Wh-2W(C=LayqXm8glWOY=axbkeZ&dN%lO6TyT(K1x0u9 z_6)`mpu--JRR4X1)`e~EJ8~uzMEnl-t{9?<^A1>)Bbgz${xK~#{ zcfMryqx;_US@FzA_X$Q`^4#TvYKP%a>@!~zJ)LOinOC=m1Z=tZCjX?AIv3rXLs(UG z*DSB?%>3A(%#RHs!fV4nUd?6jUdqzJC@X()n6+`fDeuClN5Yo~3FtnO(X0iY>|DL- zM;Bd|FX<2%b@m$mThLubcwVe0gyftz7dYxM(X`u3t6-5{#IJlNe8T#Ya=M8ThW+Ke zB%UxiB#)@WEL3@ZJ z)aF<><2P8ie`b&ImbJ`wZb-L-y}eyeo`R07vZGjY!zzMaL}R~w=&JF)G5Xyx0%b0e zJ8fKE#;4MOQY>>4?k1eYmtrCaNrgyQXG2Hen*8FVLbnFsLV-^OHs&~QW59*}rv}Y= z-+CDa8hrn4!+-I{|L2TB;Qy223O6EuJ$s!I$343KzeEoIgP)`m zAh>W2%KBB|Z{PR1>XP++)BOg&FZ=t^h4wlST_ic}`EcTY@_>Ko+VDM){75R+o>-{X z=fY9V8;f5+PNSw2wg2Zi&A;o5X#1sA0ryOBe?WJ{pL^{9qZ++mvf?!WzLlOuH9XV_ zncIORu;+oWa&|t*Kb}t0V~j(1QiRL&a!bIYK#$Q{L}W2Gh!s=(v^t z6Hw&2J67XFAqRueev0|vAX2YY**rAuX7m62y{NIw^?jU`G5;ni|I5JoPsd$?tUi04 zl!P}SE+m***tFcisi~GVzx@3afvg4K4Ht@NV1Zru7QW}UNBaOep}R?8;h_9KJ>6f1 z`Sd)mho0rc8~$x8J~|IWbh)2d=+X;!rn6xQz<@tyA#eTh;iHgbi*@yG%juApXxOz2 zK8en~Q(N)rPx7VSG!4HiVc047K%if0G~i7JX0umrRoPFRH^9c~H2fZg(!^nV;_Jv{ zpL0Q;_cA%b*j7TnbVBm^)W}_hfUbmFERio4U?T`Av>6zUHpQwdCrQPEee@J zDd@tG3hXj|8A7nGo%+S;Ad>Ob=|n-jB{4s;lv29a8(`>w1)A@Or}jCmA$MIRhVIAo zi;&H%!NvWr|D>sqlx*9!i`nqOY>`KiX6V?gO_phlN=6yk%vN>`S=Wd#L#`ue=nWQ$+C?3& zUhfNn5pdEyN`aIV;t9gD_%0`3#&2E_Qk+pO^?j{m$vcm4%a+k|N-z2Gv#{6g@?IhC)a&KTxx%l4j6#6l8+fj%(> zIh@qk6MR@{U4D=a9|te=M?`h+uvg6I#09Nm=OKa+^DM#iFAJbge;LC6ZJb>)2b0>~ zwVVHq!7Q}c{v}A$EyZ6JEbO_^c>qy(3ar6q%i;gln}6Te`PNhOE@L`t!95}tzQT>Y zAi>W)a%JH;Z@~^f+VFgl9`88hZ=3z1B{u(Iz3n!Zu*N3`+M;jH1?pSAAt|`&-wgxLW)nW{#Q4a&6k2a#WkP-TXZa!dV zXjd8uy4hHa1cyVs_95FaK+Q6PCEpYmTI_vYmDGKj+EmG0{ z+6&7qzavexyWqmM@N<3&S@q@2q4N>xQ9+7C2laWFQ#WIvRG!!#3oBF|d=jPCuJro} z>U}k_%6e{H=!P)nJR8^rt_}WWU`lu(-nAJTR@Gd}t0PFspL4>o9Vo7&_Kpm9KUY6G zJ?9$PU3(}aDkY4#0UK#s+!wOIMmAb*WX2h4@EvJ_K@)hD*M_Ew~KBcLP9&iQr zWzIu8z`v}{`F=NfP-Cs~28oy_1tCFsy_qPcC^7oJdUEPB#uRF=GoUJox!ImBMb(+A z2|h{0*T{B0t=`mWMQP&aoS8~fw*A;iz3xwo57-Ypk)W&#l?HX!;UX9a?P_}79{b19 zsPk+bQ_!ERU6r5|z4(7&)T4-b+-`bG9sTzw~K{VDlP`85A47r3Cajzpdx6g4W%SUN0q*X4|(@z`ldRWyX{TSOo)DfIaoME z9)`@5&p>B!V$53QcO*=UDDjSX%5X2>kUyIiBHT(4=GL3_$Hl0O8=0l)Ihs*iBD_J8vwgg5W8P&LVulS+f@O5 z|KNM3(Y7I+Ly)+AW>0yYLp%C$^hHLECu4dN$WCZQN$t8soP#&;ecrBd;~OO8dbL%( zTO0zk>vwYvl5N|ZP<|ku_&V}#EBZoy@x$qx0^*(>fsrUx%R==I4f4HWc68_~R~q6z zp!;F{gQ(xfcC{)X=ko!&Hc%0CD}ZI~+Bt-$%{0K8%brn}yHC_e z?1|JdsYe{Nn{pY*{s-|-=Ge1KxE`gJMH-3Sk_*I?&KK`YvG|||H}zI*NQ*A6tF+p! zsAHeb01?+U1OHl=4xH}`avxed>Qow>X=cNHP--s78lC;u3v*}>4ciJl`{XC5d1XMU zh1jEL`gS}b-r}lO&O}Mj0fP0b_IFB>90G3k9Pn*>q;*Td5)!p?_`|rM)EF39iTL^- z`Ww8ceReeb0wO*iBvn)zs&bK@=BDL;KW5+dMmV1tqUmWdf8SVFfm8QYxoP|_j8y>` ztH2p~@b6>ndwzeusC-de-v7c_=ZQOVNK@Sc+n6uxAdWsiIuGp2shR|FrI}+s00l4i zN1=K~+XZndh>Fswdx$e)JNq7~L_CkH{&w$pi0pm1a!Y-E)mEc7)OoNN;Py7#x0+nL zgk$CcSO-;3IN*ES;93Ax`M2c=lC^(_L?ZgaD(|N+#!`z!;<7mW@I;-h+Y=N+`i?@W8*Xn@hr++v8DD!-n+cJjd_H0&o2jC?*;OpL4;aJ9t&_s4D5{cZ zCW=BA(K;x-krdrIw$B6_F_WT537#4s^lwMY=~A(G1k1i<@VJ_zt3OCD&2c7#-8xt~ zqwZ&O5jDp?nJ4jG4ZFjJ`0fxxz4WxtE_U)wI@iggPQF1c zcUjaoNeO3=Yc4?yl~U8(g~co8T!H}{Z>|RpDUeU0W|Bweg7cC`J!}j-Fryv~b7d(_ zF2S0~#r^X?&X;sGyt+0dC_!KF{%xo{Ev?Qa`1}ioaMXh|wFO_}60G%A0{TGGTcZh( zss8%^K&Fxl_g1Z`-kg`cqMeG`pM+-y+2dJPSEQl8-!?>jKgEb;y+%Heo(+AXmDm$5 z|r?de95o#{|?F@jC)5;?snJ%Qbkbhd4-#V4uz(Xl_i%wyfWHk9u@`_TC2 z!DtBlO7zWRi(5&oKtDd$cKb}88XV1yf?Vm*qC|WnmW+IV^9i+iUs_qRL6~Phfcp8O zCK9h8H`8b&R@JbltY2>jU=7P$WPsn{e;7c)4<+cn z+zE&scE+kq{6)y)XbU0sTTVHn>ezw)Xc}~ck%wP4GSywJ@$UaC@7v>{OdG$kS)o!n zRg$gUSf!axD8iO>5)wj=5ehR-F=d=ev zTdZbp6pOofsfRk1&S?5ph~~3!s^a1SjEgFpplj-e+xdwTV3J>8Y8hx3Hm5KLzf)Gr z_g4*nwlR&pRKGyH8@Yh7Cbox4EZKX{B>c4Ghb!M(e3toPz!a{(m~m-{ z?>DA+b|O-gLXRhjb?i zHNH%F5_hL0t7vL)-05RMmvTWtkA}w$Mx4F{&lS(LMuPzW@t&tMONTEq<`Nv?*wXRl z5(`r3tx*SYo@?*CQAb>f>l|78+4$LIxq-rk@rhA~)_B!GfXYA25wz%Pfr{yGL#CJy z15o+}T4f-CZ4bw~gGyZFDWR#;{us7i;67V8mf%#Fhfx+J4C@*;y9B;NFO3SLKHSXU zE9`f5@Ivsj73G*m<=o_K3RJ5MrVqTAPkYWskrw1|98{~urzLpEzJ4 zXVWw|^B7*HVRbRc0L(XOJowqARf2@69CNQU#&)uTUyj~V(zB;c&nQtM?trx_ zG?0cGC3cFNkBK+cZ?uPJMh3}5gs>G`%l#FuY2Des%L&_TWO0ra* zI<0}29lYv2=!oa(JWRbLZRsWe;|puH0!$y`E&$EYwFmVbnrfLh7U}e-;ggJ>Fmzx^iSYI0DfU7eI0%U@s)Peb!u$y#janLCrNEGq%yoPLZ20 zzD2gw0Z!YQW*%OW#XtPK+8PfPhBp7I`O2db*Ly#U>*itN%Z6qETNrg*4h|l*sK0>Q zpP=fGjN;#5*ng%P=Lr}qGk*3<8jt=`9UB6Ei8}uaZKJXcq%k z)%R5o%(Ap8)W>#N6V;|QnVXYS2(#t|(sXWSafaY^H#?S1*#7=j+`!0rKw792Pe}Cp zXJ$gv#hb*LrweCz==61%&e3Fa)s zncq0!!tqX&svE;aTQu?I#8y@x>vcyF$#cv{=JLl$WfGTn;D(z`QD-RL&AU=->+)3^ zn}!v|APJ{sWDsTs^XbWAzJMLeq_~mh#oB0Q*F5ln|gG zR(Oa1(H%fdS;uY*MzTen*A;oh;Y5_bE-gU2{q2um5^||~+M1U_cJ~?>gT-qX)6#e}gWO1@w*Oigu9WtYZnA8b zOz$)|hE&mosMyN;kPJIA`Bhi8X)`P`^+v$iQKFZwy~&hUpW@aWyXrC1K3%(g@h)IN zPAdHqklkoSIxMZMrJC??5|V^JZ1-dizJ02$shR+*g4U*}t(li~!EPa^f&A+d1gHBy zpuA3~1#4z!KO|Y!ra4;{SplQ}Zzj z%2e3@86(y|tmyb||E~g_gN0ng?(y61-!keTjrywmxxz%FV4r83 z!b63^4rKxrWT*E&FBnM?Lfgg}kuht}0DeJS7hbFjfC%Xw?!9;STmoP~SSo7eKd583 z!}tJL7-;vRlWanKzNEPuVki6?bSkswq@Q5JQ(px>0MOe$BUmaiW7dD9kW!DIm&lCN z0mY5^`Xe(fjRO-s0R+0lh^sxwY)fa^*&DJmy0R%ue2or=_pu^gusuGl)Fl$iF0G#1!J0(&LGw^BYM-3Uq|E&7qy!`CXE!bIK-EphKv3+df+G6e6@2mLlM}o2)o1iPb*E3xB$l$f?fc_@-4x-SR)r%Is(YAFTU-C5q zhCyd_`h-}ym2gO5k8&m-YDm=kbQMcWQ1#et)OKC*chhi>N_XqPsk>bjb1j*Y_>-_b zQZX)vZQ^tG$M@e@;UiDGL~xQPt#<5ZUIN`_NR4V%KkJIRWbtzM96BcAT=9O)sAc7> zF`+sDhaUnMW#53tlXdvqmI|p#WUT3;Xnkb`@`S9$am~raR8!)~*VwOiQF<*a=H#E| zryar6>>iP3#R%?ojPRnFA=EEhWtnoO92yZcd9#>^5n%S&l&OXR{VS8R-pahdGuse0 z;^#np<^;aZvZFQi+Lc`M!wA(8A^x&RU*(dQCM~}8l1mssK9e`Y>vpS~dT2@_^KD-4 zn@h2*xOvM!K6u~g;XIu@?0^ZNAP?kWFHmds??_zMgPAN?S0uCZp4()ZZg+F$_dv>I zB2Mc@a54f)M}Y`>O(y7p@qiC7VO|8?6<3`;h7hkZ_cWxx(c@;~bOIkoY=MtgU(F4Phor{^#UnP? zVDdiVd(hOgKb^>|P7UvhFng~d#fjjA_v!8XrU7A(8@qNr&$_h{qfv;!+Cn3YGfe)H zHw@w`STy(Wj^3i@X8FK$wfEeq^HNMavEAoYk=Y83>jk6}Bc>E{F0Ew8$cz9TmjqAYguL2W*)-l~M>lLf1P11+=OP#Z`lij~zqK>`V=Ihqy8Rk}K;;t> zG!OploGi|ZXxi~B#zC}Vtgi@i3lpsnr7Se_nRwfOm@@co@0Qvk*_}Oe$6}eB6qtc9 zGLQ+l-U&>EO_R3!&0W=f`H)+>j;W!-!p^M!r&j!Xg~e^X+phuS6uP&R54G@&_S!a8 z@y&WcJQjybN$*xk#Yc-Zz{+GbG*Di%@70wrO&bVpNqqildGb+EUkLMPez&DDTZiZk zrc9GR%(FNA;ztoVo-xE9XVMxJ-e#DojZ06SuS}qAbYTuAzeV}RyJp`a-e2N7(<^r4 zxur3%<*x7@A343>Nd@>ZVAGXY?&m*H$g+IzYfia-FnR){n?Ph{rG0the@n$6r))A@ zbKFE}TMwy-g%N>>s?+k?boMK93lM5p-2BMKv|r@?g-!$A+Klolp<*E$@FCYu&+K+Q#!=&nq7;||3P&a{|Bn0 z?ivkUhp&Hp5v6RyP{D(`tUpkA_>y`T9&yAF*%VZ9I|?k3GM17p zH(yt=k~fvqg(zlV*~~~Lf1ENz8+52wtrQ-GKh1>9De7wRh4ye46USF$8jdu_b1z6w zbJ*fkt*zr5n41Uo^gdaqF<)Y)9$pz&#--u60==yOwKs?etHJpMViM(WZEw5|v{_g_ zpx&#bXL}j46lv76$22=UU|?Nm^H}$wVb^saMS0KWO|E0prvUOcq*8ne{nNyI3%QJF zZ!d!n1U}T%4=r+=dxZ(>Wy$~j6#r>y1UjRY4Va&OWvu%I=pLyPjwNGY#dX+m`tF+x zy4y3{0oc8<_@BDn-*+W$co4kI3aavRpXtCvUZ0&spsTU7%=bIwM8{P!J^dFEMxpB7 zO7{o9WMhyo0@`D}K^dnKpTtMe5=IRzOV=P2L=o7At(AC*ZWs%3{0ml!7Q*MjzDa=* zCFd>!2D#e^qaS59Tnr+`?5tWnQ^ozM3^Zh=bf-#V$$Ep*_0(t)5AFIf!Z#?_gR@uZ zhI;J2U5rV-FWTRQ2}+p-sc+XhS=bY&)IXNuc5`lgMmggwGC)>tq;>pJUTE2zt8P{d zQZ|r`?95v%6}nT_@4p{5m-C%b@#xj8D+e@fDxcL0kgAparh2DZ>%9vzN7Lqm%*I+- zX(d?8MHHNy&#>fPi(%Z5+vsv*w&-XXuLHT=DeH{}fIWk?N!383DG`|A#CK z%ZfMUEC1`M)IZ;)$K%hFhh04@jizoc>9=H4ziR|=Jve2QjxpD#Lx*c>k5Ymd{WaD; z*}BCq&yt2UziC5QH7^{8l+^g6!Dt`sg(u}cj{qoF7lA$Cr^*njc*iQF zH~I~A2k;hJoa#bcNOI&&lkGi52q2&MP>F%h(3G+ch)goZk0eH!WJ$Bhmnj3d!fXPX zN5Ptv!{Nu!ZL&vla}YGuojLW5cg8ql;Y7<~&lW54twN3A7K4NvRnf9YT9b^VZsn3p zA-f3jXY7nWdh30>hF3A7%B?~^sh&mf`c&VvZAf&EAolK<{g5fmC_gPT7Cs)(<2NvFu&Yz$;Y>X+ zbP&~1a<61TADd}!)j7eJ?!{|vtAf_(KNZKgBUeSK{%W*@;x+-7fktrS6?ZO+Z_ozmps zUaK^F{ZSA~6`YLdoqx1gV@m_SmmM~45NV&BSdvxJB2QakbD~EbMA_5|iU>DfFgq+q zaMYoa>Hk4jdsUj#ojh458$r`;tgN=)mmhf_HkBqUzh;B zx>_{AP1N0B_DCaOcSJW_l}X1Ej|L2eA?oN)b^>AESJL5k=H~LTeJB9gk9Co~`Puq| zn+Ja#!IN z=Z|=SyL-r7?dY%8c=5N_HUaJBSp}i?TAw#ZyugP;=HX)bn0@kePw+L1W(jZb5cbkM z52C62u7|6GCsDk?60p?gV|#-Ei7i|ReTY4*Bl}lI+sbnnn);oAp#qw^OHMO`&9|`HH-9h>T&=(cOT^p@!b*Z3j+` zq$v<>%5E)GSr!?GXcwnO-jwhi{^{Mzlm@ZWs`_4XA?Y<-4rj2E#a;^L09uD)H{Mk^ z`)UZEBIE|MA&o)Kz*C+}z{fiDAOMut7C+B!ZnZ#UrR#4W9urrS%hI^fGkm{~vT2!; zti|cC_9#G+17~r%i1V3CVwZ~hs7t^v0+`(*9OpEmcxT&2FFBhY;g-U2&1>4|j;^on zEke)R45o4K3LTZ+720S9_$hV{u@J_%rma3mc8s60ApwJlL7D$-tGpm})J6EcqLE3rW5D!6rWd1Y3C@cTAb#KgG={rxJ@)V=^Xtuej+|01QsgD4#s zdmW&3F2t354JaL}bI}*=FYF<3{G8X}@ruJqZ+|)I#v%fK2VvBq9eMnTEx$ykxDoV;qVihU+x&u)(cvx(9!LXVW7FK5w#yE<%8nIe z(opFy`5!}SI-)aQ(H57U4LS}=?PD_2OS2`J&IUg_^PpItJ(AvH-&278$hz{;pOSK* zq!eJMKs}8hY#6ajB|e`WS>S4(!RvrE`e=YhX)?W{gP1oM6&Aw zf<3ww!jtDdr|~d;@G&D8&MUG_8sDY{UUGSf4Q2V5Rm>(&9u=zSfXo@`7Z;nn!=)xb zm%1FYlV$%UrhBi=?6&EWgoM;TdKFR#^X6cWlp+xVlu)l__5I-BX0_K&A z)uk}dSWcg7tN`!E+5q&MYCI5HL-JFIj7zpWpXK}#3N0F1c+(cD)hhK#?q-}D5?Kc+ z)gg@6?A*M1J&;#=XE$5E_w!!LB3<~m5G1S5g&+YDz=LyK?@hloR9*)VklSryM!aQi z-{=CFR1(f{GSSvt8qkvcDep*nz|PLZB?c0cF{SY;3or0LXReTbDfF~E`&_RMW_;59 zks~cZkkn#eMgP7h`LA~|KPl`t2_p3-2C))@S)t`gG8*sN zw8T&gKhOuO3FVHQ*L}eOKL_f`xqLk#y6TGY3Fz(t4v~k}X3eW7ah`t*2$-k@XHYTP zvDsLK?zSsVpWY?>d4c&~wocE!=03mfUXzj06e6uipvfHLqzt#!p#p zKDHKhqhh(JXIa>wQdU-0W1niBut6PTJ9Yc_OS`kMmkWFXJp{Ij{%9$1qnXlBIClR+ z_`Ps1AXl8!=SU01nUy8b@b&M%S8V~#jgwgiW1DAHcu&FLq|2n#)o1Usi)0@^VBIOi zU9iIIxf+ggEgg%;tgpdB@+6qscH2w_{p$V1^8xQCT<%ynX6NP0@wDmjVb;}2Fxs(S zy#&f>a?8~UyIq(Sfq1eaONtox{&}}c}1y`c&geI#8Lg8 z+Cb`c_%ZepQ)Ll7r)GZ4-kzk6$OPi-@xxp5e*SeugC2IRrl^t#;ls1IRHcq-SD@I$ zQVo%5fl0(4%^ZMU6Tw!drRK#ptmJJ}Z2RK8jWJpp$S2w&S)#&8Si;nAZl8cDZE-$+ z`gAZ(Ln`WvXiIY-qqb_>tNR7Ri3t#OzI;=Y{BH>9XCLq157h42PvS#$$1RhW9rn+a zRBLYE8r3=5*VFncw596lhJeq#E%6@!4coKOg*1!mUS555yrB!}tI1gXng64~CbvS6 zpbb}fo`Rn+!5qafR+vEe!dt~7JqHIamgTb2*n=!Q*1oaCFjmpjv$|wX{ZPP@?3RYL z>^gJIaM35~v+Ie$8$T!Tzz&MH#~1iadDH6in4SA-AMYjhTQA0MC7-8UcUprQ%&NV? zi2ePC#_JTWlor5@U{k`Q4d$fTqOrktukl!inixyZoTY~QHfgL^hwi9*wK)_aYvXE> zE94<+@X`J*bBrQpc8w1+i{Z!c@fszfY7Y*agAq*wo!-J*yffega9y0qBVVn0@Gk58 ze=B%ILOS$ek7`IsDpc4>p#+$1~9yX*u6au3nt4WNZssB=_J%BU$#?2HT-P-b;^yqdTHz zQ=-M@ga+m)(|PW9Kl3Koe_XiLLTj0PYx56Zu$tQSPO4kQ0LL*P#WRHoeG0vo!hX_O zJtDht=s}QTnXD$Pj1xmZ4lPd(5PA?(B5o=RT0QMU-TT)~_Prf@H^Np{TW({8Ep4Pb zP8^EeH04zH9CfDRVSI#Hj`gkphmT}*Uf2p5oy)`{yt1tacG=aJ=*yejif^53^4%>Y z;uVvZ!O^vAjNfY)1}%#Q6J%@}ZbIt=tJ?d84AJ^jDAg&YfA5ZsM9`}~?8ukGTTLE3 zshjDAUDEK6S4zmsW5nZIi6@s2S{063-qi!n9GH9q!YdC!id*Q|tT!|f1ldAg_{K#1 zXhM`?CO5c^hChXjdJ%UTV=if)Fl7#Z7OytEVukbclI3J@lVK zxc zF|FKZ7Si2#ZQ!4I)-AjGd2xsM7CMne1BHJSDQ&Bl-3V#-AT-;cEdgGwrt?ZX0z!}=F?5w1-a2!uOz&CAC8_ByB7m%l z{R-9(&opVXN1yZ|)R*;2EO%)7^;@G^&N9ufznZ5XVj9eHM_K!~ecyZC6w5hPC&`AB z1Bi;F8}{C-<-I9zs?AOjpR7BVq!F7i-}VvA^O^QCi1z^rn=TNnj-J|jj!_^;v?Th_ z7{&fM>xZiqqDc0qH{iyG^sZ+)2kgRFpxC6^6=w$INrBRus@$3>)qx%#j5hN~;mS>9 zJojCRN6%%M<{oV!x{*P`nZz7fjYe#~rM2(aMRYT81@RURIW;H39VpoCB4zrliPzWu+bGs!-?wHn8U%-u!?^7Ha~tZ((5LpLwZ zU$O#L5&FIFvW-aZ=x)u#(z!uN-cZvi(wt~xJSR!YFFxz%TERe|QRlsx;Y<^a*dULm z&v60$T0`}+5&|=q@WvY7z2lsvDmQ;5;l9?_*wYYgAVn_-%R!GisE(J-Sj{CE&jV5* z46Wi}@Ro9AZtZV8L<+=1sQV`l;F=-w0Z!vk;8K6PqNztw(;5E68?wyxGn|m`;=UP6NLIsS%gPAsfsRNdx(YFucMLg<bN#50wE^>QqhB~}85em#w z@o22c5iCvMvP*DRj2`z;w(gS*;0%>su=g6Ss`6{R%75B2h{Opg_8V(6Hhc%dvgp-) zFOq+GNy%V%(WKXw4oASNa*Q+^yfiyO+7LfYH^)ti5t1AOg_1=lsT}a191vY{ahSOf z%}xbIozh!fRW{&}4kw`k3;1~Pr9q13L8RcbmeYcF9tpCOf)pj9c$1PMYvAW42#J$| zcN_%SoP57-(OjF!5Z6A+3Vo3@l%1XfFP`?1p^l7%qbFy*5F|IZ69<+cdMj(A%a6op zU|g_56(YObv_(TOAK8qVJ0i^1bxITR2x2P`4~k|h^QofDu70r83P^kLs49fbBaFb_x) z`s}fS1U=zY_%k~4xDd84UliBsD&k)FP*JO4kU)2D6Zzfg^WpBWxzq6A7C{2zNW3zj=#G^^;smgLP(E0}QP`Ajy`xuL^AmD3Few2OplcLl0(6a9 zF#(GCg7#5w5cB=R1^6*Dt=jsMa6P5b+6Rgd`>Tg=iU)2l2!y)|&%8Ux0-ZmR=Hr-$ zVMJYA0-0g6jT$Qj_G&@TX~t_&wDHE01ClJlyPH19$?CBO^~DH-7AfM_g^ycL&A6n|6lm)i zHEU6WFHQ;R91D9=dYHzO-+mGn?U(h4cpq6ZOL;UY(SL9|@^B&bh>dq+2J5?Va|i6N z4yyj8`SvET-h@YNyMUV?24+B5BW;jUTOmlz&m5gf@ucb{=3J*VVREZ;)^AE8=+~t6 zyXbH=EP#t8apwHhs;6d|#IN_nCI>8+_}EV!Ixvy9u4D1c4I$UQvcb!TgrqA+EV)cw zYQs8Dzg#70nasH*lcm|SmDrJ~#Pfkx;6if>D)XeQneQp#os~~(TEQ)l4NMpv$MUda z*EdDefJmt+pdcJ|sDFvMmNw434tPYPpL!EU zr_p0kE9Y48UYwenN-52zj^irlwY?L+n{NSW76um*qnnpb!b&2PV=~9VW5G#!dhOYG zHN6qgp28g!OefFxSv=D4RE%t<=UM;QuP$9#o=%7;8O@q^6*skkw`7Tfh$}CJh%MmdS5bD(}tS2 z2lLcM^ceSV3)cTj!GO8uX3%E**86$S?3XCMyBs2BGV|JJN_VPLjwAGDa^k5{)Hd03 z(xEDkzD!oP8OZA9cG1!%@VD}ZpYQU0zu`$}INe;3Fqya8bEo90?E(C29D#lZq~yiC z0)to5gvv2Sn^d>H#-fUna^DNWp~kY~Ur=W3nKJ3_Y%zrhq;}HSJ8241iXN2^M56AX zbbeSv-(4hjX7!pvTN!~QHhv#SvVYA<#Q__3i+ee(D!Lre8M@TuGCe`7-o@|`Bd>m& n{Y`G1K+n#?y?ghvmxY9%q=-s{99HE6e`j^{PiCL6z4Lznaubq} literal 0 HcmV?d00001 diff --git a/docs/apm/images/service-maps.png b/docs/apm/images/service-maps.png new file mode 100644 index 0000000000000000000000000000000000000000..454ae9bb720fbd69560ecb3b3cfa90ddad1a06cc GIT binary patch literal 494889 zcmeFZWmH^S(f~>b2?PR!5FmJhgy6y5gIj{T1{!PJ2@ss%?h@R+aS!fp-82OE#@${s z_s%z&neWY8bJu$RzFzBaigQk#UAuPKuBz_upX9{RQ3+5H5D?HMB|a)3AfSQ~5T3wL zp2Dx}>syMzFZ?nU5&0x3BJ$>wt(CE%tIy?hq85QqAen0Ajc<{rI3T!0Xjd=E_-lucnA=q+?(+zu1J?h2nqxjr@cjDVg!42d1CguS~z@+2S zDoDV`$H#b)IO!RGu8lx2QM=b|aC?1xPm{#k5`%^i6Jkvx-#;W)hoj!1Rq^pD!ZwNl zhc*Rv_#v@x!OLtxU*v91ckk8^n{CdlsUCNOOf{6`N8hMyIHT+lBrpO~(*|V4mm|oq z9A6yzlKCEEoh_kq^7=+L>A5#?tb4KASX{?hEO_6wko%1-S~Fhzv#$F~~DE}rKsc>dJtG2A=`QGQJ}_cpk_A_i26 zv__P&%;DHCa_5uTc)mtW_zGDV5#jR~M_rD$ZA!+`g($2`MVBW;4@SzY#R9r%_7M3s z@de~xU<>rs|E!yfrW*>uNIuf1-h1g1Q|Zz2e%6!5Dx&h-VoUc5r!v;f$UEVM(SAz7 z)g{@wl8mW$B|C}08|!{5l`Y1&OIo|{Rb;VuH^q86+DU{Z^Ryxu8)V?*NMvpChj;_sN&57!7$Z?8o-lJ`*V}yM*6gfKmvgeU7M5F> zy-nqOX=S={{xVZLwX&r2QQNhza0Vxr5nA)Jwy{?Tf#{0tMJ@>W=Z~!~U#T+mrIu&( z+$q>f*Ful?SjAVa5&U>cP&@;Blxq`p@)_SZ*B?Tg=qLDM?Gy>9 zgl)J7&l4W8EWyV~L(c2qvL?|&DGL}_qPci6kCN_F*6y@qc|pnRjrbnt6}nMKr3lj} zIwd5UXR-cKKU97MeKyLcQ6esUG8NVkx-EvD!JkoKf|?XoBjT1JGFoB6z>VCD*o>j= z#sAInqpskh*!houvBeKxLioFJSH9~TzWlJ2AeulXgP%(<@vT0vK6tC6smGv#wU~06 zn9y6c(^xOwU`F4`V5g#FR?dRa5h%znW_V4sb&RZX?WRk>B^e)kj9z3 z37a1!-4|~O?ZD{5=Yr)z^TOliy-=#2+yTYM7tX$vzUaR0zPLZpg-P{e@`XSYuGofw z_?^m~wg$w9WQRr7V7~X|ARWL?&P;WY9Q~o~4M*%|z}4AOUT#HnBF@v%DM>SgU3@_Jv8W zz_71ou&TKFtA%LIQFVVsVP%71Xtl8#Kw}@&V)__T2S%}=0b0)ftg);ShNRY{PB2aI zTJ#L-hjKN{q`#d)>>%09O8BeX4q%SEMb-}Yq@KMoLJ6Z zofE^(Un_}G7!t2kB6oKz8s_v+hs&o~rZJBgrg=Kgxfr<;pAaONazzW+Ee`5fVOxcr zlk8iPHpmB!g!4mNx?6}AX%+z2cb{Zs{sAD#J`6lNhh0fr;G4#7Nu_p@hcbFXZ}foWB)5CKVVMev-%ZkrnP(fZU08NeUEdiRN%C~{0wWH4uTUq%T*UZL>vCeH&uJjijg?!%ITpaa((=7$6px*G0?GU)j8|u&8lcoz=jV8=aN|Ho<%E3zun?BtqKWx zE;X~Ja{fzcuL7GJ>Gw)%g@x?i?mBCBAj8kJt zZ9W9sA6rCg-B;Uba=Zpxbu}#)QDRUUQR+_H%xK@X9|jzezS^0XcCxUBl$(<~W|v~1Z_<=7c-Bx<(Q4nr~O+_x~UhpQW_ z_8lF&9HFi8U(2rf_wU+#ijm7m*ZGOuWA0xc*Ij(SimuGNk}vY8zN>D5lw8}(3yz!u z#zsg^ZQXS5-rep=>n_Hlb zY-}F?!1!#Kg;j*}jl8$A7g=x!^IJv5`)iYQ9@$Q^w-c1>S;B|Y2nbqe z2)dN0U7K=#%RBtpv&aabb(z6aLxaGthJ#ZGoZ%Bbd-NXR@!zf^A|M2q zA|U*6EA4mBkAjAKA2|t{FApZSnRPc|-e}|vI;P()O6h$N@;b%od zTO%V&I}s8-p<9+Uf-GC(vJL(m;C)bAC2q`ZB4E1O|2~7JiJ%mz{`A^h8| ze+>Btsi-y%iH+%>#{BKppQyZy4|D&G7k@DN zZ&%@*=11ja{GV0hN7XuN#DXs*k?BWyCHNUGW)C04bNHY4f1Kg)V?SN~A`>kH1VIGJ zk3ve$k9Jd$n^cZTds;;^$ug8)-AYD+qJ>TOg~le|;G^Tb921M2T0qJ1Qc5BKfmqpm zgZyKr;*Rd!N9;W1H+au^N8Dk}BS05VH-{0fRtJxb+hP{}))B_3#UA+^S|p@52#-(% z5fEQ|L-_B&UvDE&GfD!G3IA)%KL@l%c>`Jt{fna`JR(Iz0lNQ)K>BOcBRul0X+r+X za~DC#D8YOc^;hw~jmDk-m+bxrpT5HRcIqYk^1oZIf8f6WACdgGi~V=(ZR+;kzRnW1m8aU?-k__d=#Jy=3h~> z2kf>01Yu3m_Y^{ZmHG_&{lBUvC>JjTO?DppQT!z%0jD0WwmFJNTSMxsTb{j($ZB_Q`J-BYf=_5O~w4+mUWS95;BR(W4$cyE(Q#E+Co zWj$qNx>kRUCV@}hz=wyJu~&aUGba8YX8RCYym;~m2b{}k2yj<{vajcMv2U&$6?B*NYzM zwkQ9>yniu`DdKP!okq-<8)Sh=%>PckwBOm$K2YbMCHfGBLe<3WVpc$*XaleE9zm|= z@K+Rq*ZXH$rYS&y9R)c!bM<4`hGm$1YXJT{ZhrqCfesVZw^8PMEdE!-za)(@xBK;O>cWRYydx<3zz7GY;wCp!$(*k&h;BDy_Ws82`kSe~-^T z$|Ga|Pl^>PDTE<0+0u~Tc@c>2wTcQ%Zo12{n7tFX;1;2Mae;~5>jYh6&h3B#*x)f6 z;B-J_<9E9L7ndw}0%xGu2o0q)8Aw*L0fhdWsCdo3kO&(+TlBn-jgt3d=m|>?lm(bP zLA=*TG@a0T6RcZ8Q=pK;ZBG3L#AgmqX*~T6_kROlio>U~?3|-y>RUrC8t3@-H+o+1 zAogK_(^!QeneuYqwE-s25btdeX%~v$7GQzzdKRC+1@k{og%kZj6rT2e-bKs+zKVE{ z_!|jcEHZBjgf+7&Vm!I#u(#HCFVqgj99B${!8Zat;m^b&RmTn)s=u@O z-xo#j%@};3cLeG|N`fZIWNN0beqTi<$_V?6y;j?!)mDY#$HI_=mN%?t>F>&KPPe1D z9caiwd_1u=D8Ty(D|rl(-x2?9P_N_f2*Qx6l_|KeI5uINApZVzBnpMNiQDq3B=v&6 zM)rE24+7FlA-%bssa5aEZIj?pcC6X=sJ}7be+47d;M*x|X*#2Ra*!;3Dd=|uFSVC~ zCWO*SpeJ6dSnzrBdVHSZw^{bJ-@E`3@wrYa-nF>xNOT3^@S0YDHz&^7E|&sGqvo~z zpW{=QPZzCi)2-i6sZ+R}?M5*!(s$o+Iz&Mxg9te+V>lMKNy|dJLkaq|ouK%PxAs)L zi)*5DwN~kX+O_@#^7BRAk?8KH|9Q2)Kd9j0phD(TxMuv2O8%XDf%INqo&n`wi$lUV z!QE##8P)g9UPiYeS$j`7!MU4mdWXxD^Dov+_3<^TA4blB;3sOb3`Am#?Su=Y=T0*R7Fs^h~H)eN{0>}g_k#i}_c`J`ae<+Dfq3F#0 z&@qwcJe1jOI>dR4;-8Jr@02|VQv~M&(|c%hq~J`at_1yVo4sb?tS01%10i{>!r7m! z<^6fmGglFSFW}*A)pvQ^8nIK>ILyJw^&MWGbvVy+tu7pIbdv8&V9Mg*YCp9W)-2&P zyi)2*=CJYxW-EDFmtn)%LnhbwuSEQ&cn7-V-$u`Nox9-LM_l%}`FDXAq=3^(KK2$9 zF)to2i?7z*FAlKkDRuA4-L^)TBuyc?4zoAe#@V1zmFrj*00us<$&b|mC+SIO2n7f@ zo?UUWJ4U}E(R>-S2e9 z!0AX>&SpZP2!=ynmZa;BVyG2!WFb@?xJnh<-j{Zi%7se$0~C}U@+O*1YE1PPQNh?2 zu!E(JN}H8;T=tuvyp5{cM&J5mE93-yjt!*%O+B41xfNq*J{ivk2N`8xk&8)|EihjG z|3Ip3)jDS1%_SNcZVIbS(<^EPPJ_fw53;L&2iQy>^Wigh9X(@-AII znZd5*g3Ll22Tj*Wd$|0Po&0SEaD)V!BN;7Lb788U#%UuAYpMe6E>!h6dBSre6%i=^ ztE&IG;1aBGxA0vojtu7oI2T2Q;CD|aDD&(MD3n@`z(=qWzJZg)ZRw3Yhe2t(tQhg@ zBl>_~(0BX&X|{IT@6<2QGJu7vW(b?$d<;PIty$`g!1#|85+2?m++ZS~DbJj*CK+jtPb z;Sq;OIG4M2bT)=lv!}@ES8^J$U%mvJ%~g=LFgneD{;5qbI-|)usjxnriswj*0_@0q z`}lXW`>%2f_cCy0_M`1Wg)1`?i1qnzQ}arAP-d1GRwS=44-#$RyF{3;mD6AW2K6Zl zLN$;v2n^vMD9dlLe;@x}34ieryL`@)8uLa0D!yV275OdLee(|Pd%KayLk0hY3~$7)TCS3w zGY?n8HW!+USl!FN-yDw!DE!dFf-8Fjk7kQ{wJ@_$!+dnyWM~X7*sN9Kj|JY?GKhW` znga;8Ok+J40|`UU_8^jtHNbgg!2* zoL7M|+=>Kl#RU6ba9Xd{6@wde*UKQ}Jm;iw+O4E<&{kqc$GE*9`zSs|?)vq9dxdwN zD%4+BVr{o5O%-y<|H;$-E;0|kVI-^;@xkvq{J{I2Gl3uB!4n1ds?e{K2iJhuB%i|h z7OtDr*XR4^pu5xYF5A;7^%PKAvrbebxwy-bu4_R&tHr0qhj~xD1!*^&m=`Smh|CLi zIbM&&pU86^pC|MXh6Iq9VTE_as_IZnhZX^oSgEP5u2v`d##`LQozAmO#>i}M_E##6 z_rQAG!jLyXNUBl-JW%S1{F8fLBLTGopKNC8W8H#fNdR0?B=8Ywa*5dugTK~Th&K_> z$M9u+k%$+=AmL}wbiCc_D^usq<5jqP_Zf@f(QniK4fKk60~bch{C6#~a5Df9L;v0Q zr&vB{+q<+4a7g7PpzQ4Jl19uo!Q}^2z*~i6PN&oKk$~N7ncC?b>eT19ABK@zqSGv9 zHdD`7S3>KDiW4KxpSCF}z1_X_0t|yT&S1T2yiVYEcbzNu2<7Rkf>D8pc}>1OCt_8b zE?fLX&10?SS)jtU=9^e;2HnA$+#YsF@9@Vs&n5?*Hqq&GEjo zgh90v%5f!`3a<7xy}!FIi(ybyaooM2PROM_-tc@oqwADPMNdtbCt^}`+wWxl=s~;k zf)_2-sJ6znmnEwRmwao)!$@K=h|?;&Qj87_x}Nt`q=D3c#oD!UX4Azhro#=J(3t>`>qCEJ`IE*70>ZC>O(IV*u{l}Fd^LS8^0=KE-A z#_tRGT2GG4+?#YTNcb2;E$gJN__XLgpBj29f&O=&XWfD&A(>GUWbEL`MyS|w*Oz#@ zwdH0Nn_Svw63sV2&vPH6I>cAO`|h4vahO>2XP_O_Xn5*W4F!lv!u!6%KRhm)>OK}+ zUDy}Ov0z=g99Xz`eYO|BHlW%MuHG@~s3oKX3==8j>ph~@%Kow1z;82h7DmKHCgL9w zgH0vReeJP37C`BKwFw}Al{L2=Ar8JnAubxNVq< zdMol&{z}v8Jf360c_4Z^qa%8}M%G+jLxEi`estPOAhPo(Tn3E#W8yNqq&l(phEtei zk5>DlUm;=b*t?!_U2bL_rZMk9YNH*25Q+Q=`mh=jnWI9Rfg9LH>uM711pbnR;HOlm z49ntF-Q4v1IK>7wn$40IwNraOQ_Mz}7+aQFKqvgAl5W^ySg+i%i1S2sd`_KP?!xA^ z>Ehct3(KUtx{V)Nsar4YR!*4f-|iUMeomUSY36mpjgE&!V1}BT-tDkRUTa)Z+;-um z@ucSEF;V>>gFG!`_>f-E29SoDOvSQOGYxWn%^wI5V?UlFxwhYWg#&@z9_L#yO>k}k zj-!GZVw$*^lY)l^Rx9nt(0rq9Q#K4!9Uva@t@m8|81z$~XNWfz?%J2b{F=J>S5JPk zZhr#--hxsnK;`%50GFUsCbr4BbYY~riiMs;6GmKN$R5N=!pDCo6?VP{k%rMZ^dxe| zAe|T7-dt{I+g`5WQ|h)PW7F-c>J7w|99>}VtsN{~V4hch4JTogxU@C8DZI)(CH?TR zJB-f=%;M1hv3@y7rp4&?C6(Njl8$F{D^rUkm7THtA+0dM-*;GfiQo9E+z)T9zT7qN z>7Q$Dgr$rZSb9h%uOrGQ3Ihe~Y8rVz3BqV&>mKo@`42CJ3Sg4PGmpqQh3U0rQD(}p+E-3<;-`@% z^{$iIts-&hNsePgOm^Da|I7sZN+B=bFUvYQfCLjGYwmq*zt?_Cd2AdB!pm_?8}X=K zivPv5HsDg<1X*IJe{)K${X$riDXgUe4}5n!B3a+up%mbrZY-K@uw?FC)=^)1r27I~ z=(DF8J`Y2&a5#h3n>!|t4Dnxb4Y#wG_08O~S&eKpStN%>sy3^xbL~)5f|QBnL|A;R zg>8CKfS$8BX+_>gw0_)>(~^A1tIC`$|@zS8KHu~^0QYAb=$2nKl^mv;Uaxg&x_Y+aDY zL;m&9Pd!sQG%XZOy4qldd*|kIA8V7-wjLj+9&%~1Et$uoWKqOqwP(roA__2|ZN@)A z!#;CiF;@_&+fb731gw&|vl!pcxOn^uBx4}bwQuElRuYnU?yjV)YpL<^q$=WNg~^Hz z0QDKL5g4kOJu9o4(`hNEnG9$gRcVEs@GvymeB7TX-ZWi_isD)3;i23bXaBnu{CljO zQifze52Bxkv25^9gDlrp&~Zr%*RhPxa`k~yl4Bnf4+>wO!vn9u=R&G|)^_1wV(xFv z8ns-*e3i#QJr-fjb6R4T+cj04Xllh=9$3YGGly0sV1S_b2S#l;|Fm3<<*krq3s-mu z5!3sGjau8~&Sx%lYuNA|ms6UBZw(2N#h>}3VXlW5Qiwm$?QX95bB6QdHl>4t5eb2W zdmlTCjzJdy6U$mNx-UGLxaaoP-lYW%Xdd57%@?vRYS_DxOhoLZ6L9HA5XiA8Q?~V+nZaMFo6i@nj|^rk)0*DN5=f7b zEU?OZy=RvT7(HwAdK`6MBYfyuwbyenoDu0;10L75_BzA`hB);?iQf^JAdLm{Fw~Iuo zUY4PV7%AT^$aHLO^$V_#ntlZ`;f&W5evN*0wHRyLm18<&lHY2y7v4&k2iZ>rcb9s4}86GQn-53UZ!2$pt@8c_LzlIoipCoYA}5LB$j8b+ag{n zHEKpO2~FXeO&shZ*XH3^jL@>!Lr8QUI@;kl&lzF|)VHgMqmq+paoNzV><>Y_9^`}; z(u$kp4~X};9dqrA<3PH%tM11ys+n!ZYJR~qR2n4vae5h4bv-JGcszt_VEk`ZTCP6h zHi$WFZ&o)RX%iP?7sZaK-q2}x7uzPem54HpQKJs8aYFoRVjG9!nmvgkcPhU`$fq&7 zF=Sz!rS9*(K~?$p)c9xYz?@N)A!33P?O(J}Qy6>f7!o|50?YH*RaM-6j!LA<+s&2I zjP;{4D49n0U178^HI}U8;XC`5&N&JYpX*7&E|f4~{JgNJ)E=p1%zE0j(Qz+ofT2;Q zw2mw~TW+se-s5Oh@^T~Ha}|2dA2ZfHr9uo8xY3K5urE|9pp;EQ%bE*SD)LBQ(SYQh zW{v+4YIb%|DORHdLiqNwJ?}1iY+YWn5YT^sWqm(7gZQLY(vw=g>j<4F6)X0w*{*ck zon`7X?rg);`jr|5o{JnI<+!I)uk7u@%R8mUkx)qMSB9LK>*l%NZlr(vKqi~SnugB{ z-?&)iVI`N2?0VeTB+o5&+3r=(T)^N7f%_=;>$Bh%MrLCf{H#}t#L<6l8YC#Zz|HI2 zU?et9*IRwh$63+vsu)hg;LFs*s?x-Yv&(BMG+39sNzw9r`k?*6_RZ_zUfNl~`Jg$! zi90LgaLL@~cw7y>lNq=Pxx0thRBMaT1|B1dE-4N`H}=I8=1VgyrEnWExnYOT1p8bG zK=SdUe4C|t!{Ld0w)@h7l=hUKoFMR+O1RCvS5{`XIsSw$g)07Sz%(ZM8h{mGtD3hZ zr^3jRZ06@ZmwJjeWOF?=CgU(OZ$9Y5AfGN)+CcZKVM|HsS2#&DceycZuAQp?mLj6; zg>m`_ys|bJ#*C=o9?b4(myxdsG+41m0oKBI7wL3!B)i}z>kZ^R%3GAG)6Z=or>f3c z#t!VuUEK$?(-pg+1h##mUdL{1hRH_8FZfj-X8`+~Z8u^@9Zxo$vfaXUNC;$;*&|`l zhKD@DQfGaU3PUu=v_rSI0dk-zKr9TY-kFvhN^;7K=3Bp^Cnk{A%dc(U|Y_Sm0TA7S55JdqvZiMlx;I z#y~Z(yqx_Tm{eX!P{RU?BI5;AVk(;0L0zkXOK)kR>8quw;>vm;kcyIJS{Raj;>Eo| z`p6-1dPJj0%4Ic@#wF$P?peE8_^iq?K>{`U&BDEg5Gh3n8#z_L@H`PxHkl@^D`{>i z={tFW0aAW#ZnbyRw2h%?j@7U{5AyD$vy;_1#;3_+W{#_|a_P*uD^QQFs966|cJ+&w z+Lx_#AX!#AntxCJ4;vy@yaJ2aW`*Ji(}F@*gLY~eo2}xZ^E(($y2E91*{sdsc|IOl z%^M^I^g}!o@KyW5pwaYEEYy`Tt#K#SY2htqwF!;O(drprNVq^6UG(5RsVDDgIgfUO z{dl(IW7F|Ek5AS`-YPgXSE8)2DvkYL?LOnVdx~<{@(vbMmq%Tm9zWI@P6=7<`kxaY z)vS)BkEmnbR+*oZ6lm5)Mi+ZSA;EaDR1hcInrL!R>fI$3v)->y>L8QvSS0%xu(Jhj zwzV;F(x~V7%t#aSw3;;*v624ws=D;HRMLG>l&ebtBr#1ckIz$}iEFfzFB}ftuePXi zmvGc#h%j#YQOHL@0w7tZ zCq=NaKGl^SfWEl%-3zrw0X$0TrsI`fb7|#-U8RV@}#qp443JJCSll*UZw>6TIRbV z;87$~)Rq2-mtNfT1ozOu;%k*rLb{Z;{!2QLGCA)Q@|2sAjyIX+6wZaV=2Qb;-XwEr zojX-Y@cDuS0W=G6_}@Wl6wZERV`phW(OXPCU7p1Q)_?%sp#!j+H;521{j-3 zEA>T?rQxMN;b5_5cW&RBW?ffxe@xP?Eye0W!c(h)ksRO?hm zGM@jrLr)O}==0v2w#);b9HYMwYG9+IU<;u&&Mr5C8fhrAlL;ORD9A9CCPDdcy2)RM zDDh`Bd2q9J-0Y_s+@4bG8t+RcG~S(e3n_Zmv7th(b3!aM`%{UnZhzEg6l4{#+J2E^ zG@bAz#VO6oKJj0o#h&R0tbbHAG@CiH74-)VUy0)7I?5HFh#%~)P#NXbf7Te`JT#kR z$(jYvpw353j45eM`-i=$BJX4fBdpGJsUg;uH|&RCOG2lU%LBsh$hojLtKu92YU<(L z62me3>LEM%Zj*5&$s}3+jij(EM{TIo=}#dSQ=YBCKFUaYL=}WG%j&DN$_$Qq^Vh1Y zkGuWYlSYb500KVoIw@kg31{2RyrL{C5+2PQe%bhdMpN>#~aHeDPYr5NAdoBwG z3AVT<75XE<&{vPM*R_)(>vgBX6Hw2*M>C|r>pGXk!Z)prHp$b@^`=4`^sef4>{x07ewA!-bbLwpNrTsvu|8GD3Q&m*2; z3p~4K&bL+(E#jDupj8vw7eC*;tQ<@_75zYOpCg;xlPz@HAa|r`g&7sjpY%$jb1qE9 zWJi;W;`5V?5vMI!wp=o|B)p8koBdI*%CKj+^2-)8-1b$4+**T*HEY{dW47TB+bn0x zubs|Z^T1ly`eWm$6%pltZ@Y*pj(V|t2KjmwNAN&{XL~%W83E}isM;bsTW4s{8WwCiCbaioRf(hYJC9FbWgrffR{MRE`v%B3Q$13vO^LT2fWQvbd_5gl-S`{ z>2~LZI9x%YV#0HstbH`NiL;c%UR9-IkQTeRmsqdHwYgg`q3Y{|yQfB#&f2o!U%n?6 zZPS7Zj2&P(UyFa+{mne$l9XEM3(wM=+fUpvd{^4$4+Bj2XqxXM@yAes)#_9D1()gm z+iX(&Y(wgp=i-a(0a;VZ7%?rw6`IIU$w}I$wUveBjm##x) zn*UThop#4<0%}~KSsG`N$Pn3;eAdsf(y)t%&mc)&o5a86q80!wrnGhj0TdXLP&0z7rKh_BIYjsEU(Dh=1AcTq5BG@fjTYVHFU@0IC_Nwg`3aR z&z|{W!}s}2VFYa8`S)9UT=Uygh5g?iS-FkBY|P+5mx`w*ECXLT6!B%bJY=CLj%Q$z zVOeop9FGGC#39y*?9DcHMlSzLkoTNhLzCU(+gmq?=A{V03#pzDSZvvb#=n$I-rCI!B+i@s*0u z@n*?XTAl_n-9(v|pz1joRFl3;P1rEjm9hynm%CUd+{gJRQ!jR29(K4;dcshxY_wy@D43l|G!o@HB~qvfNhV*W-Jm)k%ty zINE2rYr4jz+qj1spcd7>vQCZTuIB!Wm6ml&;ODZKi&37#*`kmfc)y$6dh|NWv0gpl zEn0WZ_T&rCq-ZHVQEG!0#bUuJZPP3+$%*sLlqs)~#-WMxtqvS3TcjP!_WE@JeX(SE zCaTD#Oob(LqNS1{MtG_KP~CQ48ZliYdQ^d+S=~@Okh3a!atVx_j$2Bfg=Q-&_69c*4HgGag}gX< zdI@VRVfOghBlM^gC$O-7;Be)>chjl6H-X8J((TOR=q@2r&K>aSR`kxNI2G~p-IzP8 z)nPvQbLE~Xo0Wyr60VKl%cJFBzSJgv_Q^=7L)ttnt;y*c93DYbN@+M@h(}idC0}N5hO~w>f*m>kU z?r$;0Kk&Lvz7T(HLE9s2QUruLLQ2BSZH7~3xNplD+DJV(7i>1Bm}!z)2I>fP9j26z zhPK(5EoR^M+^XsJFzutqOEWC-$J&zpEer5#_su~CR?is`o-;<_2=!^AOyZ3?-&4*= zS2MpF4YBkt-upJ7LN718rE6I?vE>Nh;-K)$N&8r-cgG{{ywpYIY8~*XMCj6cE?c95 z$e8G6NQMUQKG4=)#8Ml`HXAlF=ca@g#;by^P&Teg2vzMe966i)ycn zA%nbz48Yk1`ynH-7Z=H2^<-A!ES~dTyWbZyiUOpkK4n#9b=yk}rLwxRQSb5^PCDQ` z*}nYI-2iMI@G0|LE5>6TJWbSEA}qE3*xWC#ZOK;ns##3OwLGw@)N?x7gJTOXKaXsY zd%g8cvW%3U)x8pN{!@l+xz~HuVbzS1hB+NGnSe~3-og*(%;d|@(Q%UGbQ;KW$uyzj z2EH{KI;YIj2is>Dia!1ZNdS@1Gkf;sPmdYclnM9^gP*gFI72gBGm&A#YjQ!g{I=7$ zE_SxRj`wlPaZOm}uZ|9AV#>!v4TgJ~#8te>xzad0!`jW7X>2Ut z&F_Eukxbm?hT}7|j4FP7(tg#P-w-%zeO@&=F+sE<=0MrP+leIIYEDAh)XCJ33S5x^ zl7m9AE?df4-uXOz!f*qO20}n_@cJt#Sw9{bgDB#r7AGkFey9*fU%a`SmMAJBN*Llf z6i^`4(Oqf3HIvqyE1#~TQljl?Il(%F9}VcKl)3|;pX~Pq~2FJdv7w5ASMtIXFdqp@FVO;dd(5 zf(4;sYhmB_>v>9VQ&=Q;OU~jaY-g?fQRzq;r3&yxwh)k!XGWwKgYA^Yq{&(sLB&BPr;Qw}yKYL0joWg(@ciQ_S^J(fnbYm93D2(i z$d3@coI0Fa-q0;)CvS|#jMG{Fe~Y#2o@M)vvd1ARIq5ny!}Eld%^iPTnedRHXNPK^$)nnmF`NkNW zRCfiyVRMn9;J2%j=2|Hc^1G^x5xaN-az;W*nS119M_~TjAx)c~I&2-^S&y?zvixOK ztY`X6D7FIvk*8ke$(7X$^=Q9b=>2gXkPGY`J zo%_m$r#O}+_E0d(bm0>gNv|k0EJd}Sa%ON3)ccgK+rq1#swk^1UD5}6lePbv-!6Cs zfnXc8m~4?soGyB|TU1Hg^O!(ppW-M#Sr$?n`XGtB&fSb7>Aczlt>cs@}o_$Y08%V}*k7?*TYCBZ9^hc|J zu;>yw%{9ClSU-pSchTw;hXG~0d25GTu=M*O`pt>TaHU~#`oZ`rIY`>5RFEZC+C=w8LRDNnbzSF)4rI_X z^=Dg{z2fKeu=*J+Q(qs_@A}+t;(w*q7U^YE|{cW8MyR0ivALou4UunN~gM3cc?8=9Eax?s4`g` zX2Tko?^vk>&g*iSK7H2PaJ^hB9FY62r`<(fy4{r;rc;@b9^W_^gFKUrCUQ%+1&|Yv zC)j>BrshCB zwWeVgRYER#-XLZg#)M}IWp@(&{;D3$?-u)+GBWC-l0UV zg`+8q)Im25k1lI*;Cyw&_$<0F(Q=j8?ooC+Vd%QQCn34_yMHeaNm3rbtMoMFwXq8B)Kp!iejS`oEQPst7|Q zu>~S5<|_SR(}4=Qwpt#_v)o?}G}~{kPLun?(mikmyh`a=t$%&E{M8Xobaq8B8|XKB z78~!@3w4UGly!~U1~uBO7z0|dyIUDe$F(;59$F3`+SRRVutx!w9U&|^Zqq^#08TN# z2Bmz{25*v;UyTE-mzt6N0K|0$y*Z?QCx0g8fa$qqQ!(=EBHJgEZ1PSgyhF z5=hZV^Z-2DObx>w179^L`BVon4%(*inL`>dL+=#X`}5~i-!H>|h~kgm0$AkQQEA(? z=)4$#n^I*bFaS2NzbSduIrN;+(4x~;&)fhTGV$Wk3mYu<(yojHtZ=y~eUhild<&*2vkh8XTY*G7-?UTZnnY)fK z36*LEO()_Aj(1kpl_bn8d;F&JCO{(Qk);{SYgu;Kg`(wf;%7?^79|LNzcY>Ds ztdc~mnw&9x(|mTR^mInGR&mGIOO4#-McuvYY@0j+v*NPHJ9%cQaaNa8iQlyVCd~`H z8#NV!gRgEzH30!{2s29Dm7^-Onw-D0T1<9M2ro3b7joPl}p?D5e+8^%G09Uw9uA8p#Zr;-!4vABOYTl{S z?v8Ovv>{Ok!H|_c8NHQgc`E7aGh)6RshB$GeBfnUbS@zZaOLf@clooW9*a-H+#7=q zEYxgtIeRqd0mN3ylZhKiidha14U1}Z;Vg*Sw78(XcTRJsK2|9OV?Z7n-a>WW0P=BUO=oS($WmuAypZ3XC2P^9E*!uV@L1vvdZ_3 zQIW=T@xee>n#<|%7Zd2On>>K4+h0DJXe-HLW~g0hL55wL-607+iM^Qvk51OhX_TaV zAq{(`>~3>+*`@jd$m|(CaL`s^%)mD`fL?`?XA9Z&#+ucW?Ws?^H917b&^1Ft?kJrk3!=dxJ)y3AhCE(pWJ&vC`;17(^ivYIus$jbI`wU z*Y)%uD0n#5J>$u#gLS$SbUi5yXX7;hGq`VtrD0nDGyEzLTk)_cYj6Clt^BMf&=M z@!U#fv4B#Xlp5u0Y?wuQi~_C=HlLuhn-%P=l6yqO0# zQUdb-!^?HCbXT206Qg8DwW=W@F3d)wX<6 zlfGwXPa+EDkd5%SQaM#VfnK7;5Cg^w9oLVW#ukH3QkWC)ImCLaEUp{$V=$Pfh0u-K zCZYHxSQN>*Xd7Ll3fLY915IpzDqlzwfoiHnEb0L)LzUe@5@hVR4+EaEdtZ)Not z%VBqu+)9V&N+dr}2R?VIr{(?Sg9-HgUd{PdvqMpyw6adtshiQhaYqZD4 z&Ehf(a{yr>k?PYYfNq}9_=;)%h@h`U^03QO(XR$De+Uya7K@9A~ z?fcIOnZ2;lG7)CY`E3jrvR;=fHm%cbSkAHWSZLC*?MtOAp9p>;59EGc#l7z&*g~QJ zdMea}3|bXc(+>)jS1fd8g#O;5IhKc67X0FeYr>h#ei=TS-1mGJ`2@7WB7sL~5`HoH zUB~(#u{?xXWdzKVi>z}xc4Y$molL4eVZG9DO-Od2U*BV2As318euw29Yg@;OnB=TC z1MGT5L*+mdImf@3Cpgy6D6Gk`QcHzcYT=p9wZ!I zfAWPiqdBHv2C4a(0#xYjbs4h5!_1Q>NrMyFH_9&!yI!Vi4jXZERpF^7XiH`-KKjxB z)KR%8aZPZDSvdQ6CTh#-NhJbh(c2hFN$Gd`=FbcQ}My3@&k z^b!3sCW>{}A&NRz2=P_pn*zfFjymX5L?L0fWCET#%i@87G#vc>8ndLALc^x_q;I%B z+(fN2zKO@&yfhRcd$gV>HCO^4a%FfI%_448)+F(3Y<99vhUCBgBQe^iRxad7@b!0A z_KG5Kcd9;6s+;Xik#1?k{W@HyTWen&u=JFS0(tUuQd^jYD3G9DxE-LrWCKHJzjY?U*Xlxysbw#M_!lD? zU{42T3j1Tqer@>@N^!;@B)lKg;t=#e`0&3Aa%qxRBsmNkr)3%8Lp+34lkv#qcy> z|HH%=f#3#EBJWA(i=i)k=6+w_m*G)e^=r`^^bS)^8P!g>);PwVu&n;wiZ=EH*zbb8 zkHf7MR&BH49KrExh=7MqBV|$g!yQgLs_IJ5If$jxzzen8 zTT#%JeB~Z&rarXo*l+1BppUSx*9%B1Wp6rmr9E^axjWcp{df7%PRGi1&a!U*?k?Fs$`IW%E zu?Z2E7UwHanoUU-mvQ%BjF&v7?jIjZ>FhsEvs5M3QO3kw;N1 zFJr{@Z_hJg*=5~yhp$Y9Wv;@q#|fY9w~QV{y*YkSTwl#l49-sF!F2LzOOruN1N6pkJ z^9a?1HD+(%3Q=sbLVlrf7;P2SQR>J<3^`9VW~wAK5O!$bZR$Xvy~$7=;|%6D(k$E? zpfRRB*0^=}Ol?3X;{OIU&(>9JRWnf+qqe)Iuc<^aDxNwvPJ0{l|z9_wT-d? z2pdlMo8@)T#2%+3V~ng((+UY@)4BO(M*H3qm+M|^<((HNL; zT^A!2++UXX~`nj=o-yNO@!UwHckU@IlZ3}*PA{tu*V(sgy#17 zIbl zwlroGSZUl!BfclN@jk03j$-(#4OB2zwv;;FUp3++GEbB;3VF~^)lZ&odw*L@JztaV zUO>$?5)`r3Et%tA!r)3I4W5_Zz#zpQK!hF?bVD0H7TO zEkXbQ_wzKwWZHQ(x_6FZ0Cbg$`!iJKj8;-XM^N_AA(SmVtcEVMIi8V;lIDBTl(n! zguT{G5uMU{59>Y89qDAy@gn4!823*+3fljo*K?1!`xCxGJ@H%!vin8Dzh`^3{@qY7 zZWF3*ww6vm?r*ew+rH33d*h4d&^0deCyZ+>Inm*%UcjvG=~_q>eR+6voOwZaZO#`f z;+CYR(j%BrD7iH7!pt?)!{i50g@z!7%3M}Dkf=wDqGeaPBVXJQ6hS54$$i*ANR@BM z{4gp9-l)kUVbJy?ug&J9%V1V_MkXWqspUle&Q9NJHx?Bmmlc!qt}ka~N{6s*g4^$3 z6lxm3nuy9M){A^R$#y7n%Vk1gqPH7pM02rrZ){476hy54KB(h%lzbNh5D8 zqyU5rQW7l*z^92gtW(766eH=7y)3mUo&2U-N41r{RA0j^h`&HJW4o{G|RAHr67wF!?#y}a+9rjGHvy&3S&$TR^xroitiw;{p>yo9G zL&%G%i34;cB*XhF6v4&XIi;pv<6JMB!(7Fl1C*|e0NETkX)O4}w~$xtEyjC_q`ga| zeR^Md^nk0_yz%+BWQK;4BK?+pwJ6z>eMR=b>Wmp}807NJbre1StO))!(yU1#>Vr!o zvC^y2ZRT)u--?f5J7%LBiU>Z2%5fVO6RL6LQ(f*VAAdKIjOsR7w~n^B9U* z$Xt2>Yn0;x_b?HL-q;19eDAd;O%$M)4cyvbsV~n%=`VQ@`*+-^;}a5x&13^buaooE z4L^%9ciw-6PKEE@M6BySD|D0pdNJt%I?FAxW~jA1ph~%)AOk3{tQ4_uXG0}s4y`Ea z_NL|nPo4&}GPY4{I|||E+P(6>`t6Bp!hHn{6T1KyH0eZw8$e>a4|$suVxKeEnT;KLumiu8yA!MEH}7j4P=Ya%u87Q4w@ zf*1%00?4Ch8e7Ya*Zbl35@J%tFb&d$L(vE(7|@f;bI=R@-P66AE7@~7N3=|sQe`VD zCo3#SrTeheLff$m$BZ!e2F{(~vXbo4D(y$aKe?oT9Am*N6z1#~`ub;3$N@dS z)#V*P>*;$(U6+&-;_mM=ZVW+Ev$4G9;||a&7Z_P}w@n%+src*}Bl{5(TSAduUFcF4 z6^6dJ@p0txP5u4ge|an09*!>uTTDJCzBOw+y5;6(XSv!#t;~4cd}1Qrf7d5MEA^>) z1U=WPnz}t_K9HzUNqV;52Ed)F3T7L#50&j<3>Lx18ou?X=d@URQe__DQH_ggG{_vz z6dDG876H;q{-?mgjWb&Q%=9HxZ%JCdWN3f+C@Rvq+9t3{X`4r@@KmGd%T7O@Eo884C2y#zMqvgF` z(9DWuU%J8#)H+#m+StmX zHDW;a^|LjOKjL13NBJeu^}3!CG*Q|)5O>)jyR`lhLS(5JWu--I@2d}fDW*B_`l}qW zhM+RBJeTIsh(Tz4o-%PY>7&FA+&2XHz-=P6VGLCDLgz5Cn8JUBQENSDt?4+Fy7<4T)iw zeqhsO0F7SF2~X`*@#a=VK7yMrAXVF_VIB z{HE?&nW*}!JJr$w``~>2O4cZ_PDMtlh{Jn{PM5H2dvvH+ zoGiv?tUIS<4}FdM{5^}vQI@C`wE`1)w;|-iEDVXeoK@H2(7{&?$Q)E%7VWKKk*KmN z%K7XlOAN9_-4e7F0(eg4!aR3D?Tf;;C$(mtZ8CZ$!{nU;+u|8nA54Zs6t;%R%Z|2$ zGGr12k~Pd}g>F<#H7N}Bs^q}gXS&%LGE)3`yfg0CoBkf|pNXl4kNOC`kd#m?$Dp5a zXC*gi=fIl^h}s*)fgG@n(MC53R&QpEMkDTo-&wmZ)|k_S$^#LTBZlgqwz_?K$No%@`w1@Zl7+AnI&VYFWzF`e#9 z`Gv|%D#V`R2_VAtCQfkW6L|wmLTYPvRzT`um#14EA$}I= za0X?rZJ$7TGu+qz%D||UuCNHFyZ*OQI__#rb#S-vmF4K-^7813%}=UtEzz4_DX12E z_QU3LAEeP;1c)U8*FMSI?2ipw{y^7bHv+28l5b2Y&s9WbH=*d#S2~u$ZCU6T2D75I zlW@xAfy@&Ln$ngk2KNo@C5b75xmOLG)2RV`v9di_;%&cIIURP{^EwOQ3qYj!^uF!! z2h~u??M$vSR}g3M=%IMo^YY|CMc3=}fr7WIF*J!Em7ltB0w4p(ik8QZyeSI5JjILF z`z_#@XHD|6hT+10YG3@LX7eWPZ2n)t$S==_G(^3$6-~>Xzf;K2gWWc8#R!v)9=B4x ziq-hiPf9>ULpY5dr||d%YneG?-Y6*caHGWdeXvAy2GFtFm{DHTDX8@5?(U5+gO0pT=ui`&Tl4f`^b5@DoJMpN90&7j-?+R5+{gNqR1- z7EZi95V{8tuYO1jl-g%y1s(bt+opSnpu7S#xea)eEHQ9!@Mo)F4jQma^I_EHJorLJ z05r+KaOy>hpxUnU^u=Xd>le;y!asl^(yy<&&wh}1-|F#ouIkk#9a|11_WF%i=I0ys z>CKC2$s9yB-vKBun;T!RHfsLG8hK-b^ZdhC@N}abLJSU}o+VQ*>Cz_9IIPhbzZ-G= z%B`oj6Syx<_|Rb`1g-}E6B@^RXZ;iNul&9r!ozORUsm@6?7T5Q%&u;yti|gMELXLX zcPj&t(sH(A*4j!{%P5D8jkz^0h}f7Q7}%m|C!~KH)|WM00Wx!hRF`EMvX}TcCOSwX z*vz7YEPv^fe`H z+cN$xkL(|bV1?iXx}96KqD+X+K;mgY<&;$(%AN$b=%sqKvrluzad`Z0Qa5~6&dvnl zoC$V1X=dD9zXIK9&uLF-rXn_7X9gx(dc!? z1vRt*`W>t>hCMtnsiy!-ghoP1#aQIWE0-Js*_H&7yxEx8RHJ{_&4grT;OEOeF2GM*y_K;w+>9h#0Q9gew#Fr{MXYKWP;gD*RJk(X;8|(Y^WqMPw3j%6Vt4}MZxJd+a!_Pj-`g-hnnlc*v1 zo#guClfA@83yY^=hv9eV|%4{3GItxm$hU6`_aON*)&{r1dQuxLmN|?N~(Kb%I1Lb zb4hI2E@ws7Qan8tyGH1jSw`Sp7jJ(!(Q8T=nEz?2sM5?J%GCBTYE}Y^B7Oe+21BR} zQkmrK)nLI*8Bs$Z{wV#6RvD948?B9-vA$Pv+R+jcPdr*bL9VO+AMYcV`;Xd7gq>j! zQedn+wN*~R%&{=wIBs#LAqr%$`2jT*WJ{Teee{YbU;JqFOv?&F`q-G{vU1;>+376v zk-0}f^B$c9)xmzc=bHJ(awbL7?ADJ`RKCpUfdiNJZL}|?SFH1szBbCM>~~-w_!ag{ z2CSn3=}KQGfb)7r-zS69d7i*~C&?mHM-(!7cc`#05n#lv4zC=(vMbhKiWmP8!2tUT zsV~fsg1&;A)O;}wa5Jgf#X6-|s|I_Dc9xm>cQJV^NVaq)@L9cYg8l@Z>0{{Bz-W2F z2!%}NsSbxOzUQ>KS{_bu1)N#^o@!U3)`#9pDfiWFeaD{CBt6oZsMXC+ysw_r0hFF^ zwSgIiqS;0Mk`j<=ap+F25cFxMDtvg>l8cc&`Cu(v{v%by$)^4Do8)n?p}-es%sJa0 zu(&ZtgRHLm9BR_o`&8V0yJ)ybr_b&F$X-}e^ugAGM+879k#B8~)dZCtwT@>BZ(P_q z5_~CNSsys^uPlp8EgS#MCVEkKFGuJG0_OW^R+Lii3^z(Q#fRU9HAvf7eWN*C)l;ey z{Q|6nhsPTAdA7j|!cdEj6#&)i6y@RkV0?dzLojfzHyg-h0EL}GVw3|Jm|D_eoJKLAbho)-@zM1n?X-?WuB4*5PvV6}o zbGk#TTbY*)l7!Y#@dmqJP->-Qq(sR%y>lpo{#11yE(Q5R$g9+fvuR3Ni( z|E!aK+V)#F1Xi+YOa{vSrwj^=<%5eD!ip~gVX1Tw6C^A z+K@Q#+3*T~Nw_ZF(_#0c$XEBV96*HU7vZngi=-i}w0cePRo0|$&+2nLpnsC}WM#30 z^MN6td?oWt`$?dE(HP=g-G`!=6K+>;dQTVy>_V$&f8?D$%{yn|_w8GerGW0DFd0Yp z=_J=6(pQJe;&FY|2|yMSwA>mQtbL0MHMHyYT1w z3G?4VfVmY$>AYDWP7}9oQ7|Fi^2~VB0NC?Hdzm57x}RC%sNF2R&EkmrYA4f2TR_?pe~a4=Ku($Pl&Xsi0`4^I2Pp15ix8*o;lE*lXM#p z_2nY&m1yjw<@<)NUr1$i*;m3|Az_!mMO2da-y>Y8xKRe@Yc>6I2ZkELcOKCGmnzYv zkh3b$bM#M)nnMnx_PD^)4`_c;?-(kjoVD-iJ!oDWFBiA#DrEzKIiWx!Ex$!EhGalp zz`&)ede|_isDICKW~{=>eJzmo9mLVEDFE5N{_+?S`>l)i4nO=QO{>i?46K4h%FZpb z6gQ;31IM!zNB5{l_k(cS3l`9G(e%yXw2#wWcIkE6rVnXTJ0}~_euIS88(LC#FI>Fh zA&PIKkLm~UXkxxU;2it?Wt*H6SY4>rGh2x&FDu`ZXCD9cOW{q1?5+^uc9$mjM2BeL5iV<0s* z%z*GLT#`qQzl21pKJC5DRSj3g9hwqOk`^xFsQJKCAMAIGi_ho*cfYG>oF=k1=f2K4 zma+b;0l+w!1pWRAkw5+bm!176`BrbxDRr6AueIl`bJu%*4p^!R`;!NTqWS{UnK_t( z`XugxpsKmk@%pRh9(HcW%*1#a`KkCNO!}{Be9LIe%WO;w+?2aa8Tw>80#<~k7| z!(RGXX>#jDGeSLv5qC+LDxfUHp6}Jy*eA5QDkxJ+*%axkOw|}0fyW7^jS0m9Vx;WQ zng&7}lU5b3xO|9lw9w+_Vg~!tYpHjL8yw7!7}N`y40O@M^J%4@eO({kG-j#;t=kHB4fmLpNl zkibxXneL-kb?v5nMTD#c#ACD(=5pPKAj{>`J}V@b@7jpV;8$B_NwnB)80O_p(u5^n z&qU?SPDR((MBm1x@Z`<=$2_n7NCVkO%BFWBYhJ-_t{lZWckVYkPp-S#%7e{bcV9Su z+w`D1VwX8abF==guB_=Z>~-eqs5U1o1w^R+^_|pg_#Wfuy{su+&85#9`+<%!PwR30 zXC*#1rD-&S?JqHG5)-OjJ*ETG% zbRPNZo)-5PzH|RFrp1;$K7DXxIay_xhNHm;I9hdZ%*OCeTHWBMU&Xzqye4<o?pq=7zXp<-{jRWmx3Xk2BBTOx*oY}q8NKb!h3g?^C@_JckU)8Nq4)0>-C2_td; zUaob}YkM9-mcn%5gM_{R2(x=v%ROR&^i1j}>w;~hKs(VauqwXx;ukX@H~j^HC> zbH4-VfQqZr@Z!BXA`12u3S*ocXqp}#hHrLP33Pr{(<3~k74a5iaH|<~O|8St?u<@3 zw#6Lm(r_79zGvG7%s=g5QJ8twAo}P+>P&!1Teax_fO92TczxU^;+tKiwEk(nc78IF zM)HdbX#!CvB8tiSXbvZHSmaTl+yzpg-Y?PmYN zObD7^fX8vLKBCxK=z6SmkF$DtVWwd5Gbnin0lS!SFKMq_fZ%d~jlOdEC%fR(khDWk zlDEMtd}V6A&#$+Mo5a5uL}lGd4x~?lZmiQdX9Xio%#RKYr}n;?xIO(w)n_;_^gal= z3NM8n+lRjDF((hpgQiY~8pP~*YPl%1844bJ7}988zvR*IE^w`2>lxPFqaQ@OEqNH6 zKK|kbxzc1-!_Sk#A2>@5*sqfr*Pej#*ffhQ&N#;W1>3hhSqW~j+=DrFQR;=J_W_Rc(~eq=F?`ADKqQFF2=`e zbTpZgEn$(+fV8xx>w#H=%KamP_hwZPv{;#wzvAY1Mau747b-$gmOrGpzz?LY=^fd{ z&U`C0>x4A5H|@(ZS(1~7<|75fia0Wu#>uyzG=C`_3rwD2d|1>dRohu=gY6N$T!m7z| zDtf_8$IS>)1#pN&tn8?Tpa?nI8Gi*GDs1hKKG4q5un6{RNKCbOGvcCNZjS41;D4TM zCGl5)(V&HD4gU0p0`+B_=+lb$z@X5;AmhvIjkGbWAZ2}N0*ea!0;X?A{ z+h&S7ks@jA5!tfLd;8na_2U^O3jr*<(DAmbfyg&j|DYw`0u2kTyp!=Z*GzGBu`Usn z^4?(q?d_5hOTv#B#!jZHq2^AAhQY7GGW!LgA-QjvZ5&z_OJHHseuQ3ggy2ynf>|NM zWWzhM4v@+@wgC%V?}x45g#d@&-F_(>b+le4nTF2!q*6VoekLr${u;Of2!o z-zQpI162oNCvVrtT)m84e!Awr^k&3h&f>vqLSs~DP}r_hht?In4?9Ojb^FcVKje7HI;gOI0{s|B03mE!vZk)T6z6jM zTWgI4n!g~L7(#J*La^*A(pfV&Qbh^pbJKaM$qaP5QAp3H`^<5;h+iqfx`9f3%+HHB z0Sq{oGsz@%po|j`(rdZp*X97l^`s$HfsiBLXCpE=YqK}aFihlqdMZleNsrSVt0T~(t*bjfWEqXa}OQ#`l|wTH^;niKP<+oi+fKvVSiY6n{@LgF{ z#vxmE5PG5M;+4@X&?qMNmC3cTl7q5}w_MfqJ$uD|-qzAG3>w;xji45MPZ7SPAXfL` z=}w!7=XKYoM=P2Gf*S|u*T%gc_t1y%+{ur&<@rg_x;NzE5BRL={dh*nLCGD*lb4g5 ze1hZT_M@pD&(c8JBfi@@eJM8cuR7Y4kLdTFmwMT#1V3Y`#?)`h%ycwQkfta$=hCf0 z`+EuIZRGZ8IP;x!R11AI&E<{(yTjnz(P zojRB67MTAa@cu10(t}L~x ziJAU9^{D7=&;`GmSjwZ39TG4ox5M6xv=3vC3gw$UqRn-3w|tsk zZj=F%4F0agWqmbuCDkU4qaroKSE;cL^0=B}f19F*M))CpDWXf6Z81dVSrMk&Li9i( z9<^FH&#{QIW#JP&e{8eW@UQ@T)d|~7nBVax@bg32GdPS2$73tKj7h2E4Kr_eMM7R4w+v<&N=%`91T0zJZX>>5vzcNv`0D-X zMh_-LX_Y{*O97|9ARQRpJR10fYyU2K61bRB=+1bBG$iOA2MnC?vUlT=Z~q^@?e7M)TdrSL*Jztub~+81W^w)zhu2av`f>G zgPuU8to_Q-zv9Qk9=EPp+4%@f$YIc6U%;X&m+p6cOxXhI4TnZQsE;InD#2Jg5>#`^ zJ7_E18~!Y>tq1p(0NgFYs{M z%}Ikvmm6y3r}hLMmruFRA48GjGL7v@$mW`)vZZ@$tf1Fg1S`-xL`Zp|kVgLE?)JA2bFG>)XVk33&U<$s}tnqP2A1QKmFI4C%dM6n^_+BIPDt7`Yl4o?TOHzF77X# z+XCbewj_}GNJKA7E$vA4_c4DJ*d%2dd!Jh@B?Ovba<3RWa98i}*rgCR$Rkuw*Z|dF z+|*ytp;OdFBN%V44Ay?>dFb;=-a%9zowtMVp@h^-`D++}T`AR?*A6qb*I2#Oaffr= z!E=N?j0m1UCJs?H@!>g*5Sp6H7LooTf4lK6@OJIjFN|rdg6P?<iY1ATGCVjJh6&tK-lGX{=vIr`5ccM@GvIGcRM5$+GOf!A$aSj1%Io)MS zeeM5k9{!ot8O7>tj6QV7cSHpkTGwqH?oSx1cf+3rZAD*)KP6>3NgPJ`@6Rahf&_v% zV`K(K-%U2nzPfRDB+2kf?m$O9nxFYdzWij6=0fh-8orFM-VuR^48D|)KCVZ4 z#@Wt;#Id>5*yW>?My(}JT89-r+dm5nZ2UBrEBj0b%&{Wv z`>xMGlU4YzZqXm>P8KJ<(zFKvAfrb~@mmNVOdi~LxM#s}^m+Ps-1nWu76z@9y->yn zx3m=hcN!&k8x#Tzx1Cqu#&eBP2jG#F`NYJJ_WbrRrmtE0HTri!Zl;Ib{0xwouHGu$ zKN2wa4|3+0uqee`2E&?1pBXy_3otRkPblz-ewTjL`QF&MsnL%x$Z+4B!l4dC=jL34 z5|W}Bvj<~sBA62Uh{XF0FYeF1)>spUc}vndZ(PATo|dQd^`}NrjWWU~xS3={@St+& zR;Df4z*VzhEbwf#?lb)2!TZAC_@16;{Ud6Bojw6mLR`@^n#@mr3!xhucd@WJ4(|z~ z7(b5|5G!!?fUTwO6u!v3UE_$kgoCs1Z*Ts z1a!fh79{%NPKLf~jowGCp?(VeqVX^0XKH?Df@&HazpJ^=Wyc-adNByrq{0&~YS|9K z_$M>A(`c_!g3H4SHJ7x_$`+@-gNiSU#zYU{Y=dn&>(P=9p%x;VVrUTZ)(El*-n-ID zA;bRE(!FFfCQ*K| z^Tv%7&uk&YO1{l#@itoleELfO1@7mNK163 zbOaV*+>4t=JVRb6=|+jNratM{@;p=AWX*YV&lwZzr!ri5)(&k2FK9T%BSLgd)P?GL5BMEt@q|NAIh9y(nY+sOQ#=x+Upc&OTmm*Pe#v$TxB|B6L9s> z@B0*ff^084O<0joC*A%5k{sBw`Vpb;J2BDu>Hw9|RAKUD5160UuW^pJ+%o_QJ1F&nywoec5jqEwQTA*l6cJ@|$ zgZ)%+FOT1B?VYDx#Y8ecNTu_G(FXD@9qa>9@w=W^Z99$LrP9GW$9p}j_4_@AFTwEA zquuvYe}U^v?FL7mCABiZ6)lx4(3(DP|Bjshu_Z@N2Beb9%iCo7$C6{CdwWs)xm#4C zL%q4d9Bl5VdvZ_TH5wB zu8(?Td#i|_snk{M)X2jd#H2}lMO=k3cr=Uj=$XE33g=JIebij)=RJ0{pp=T`2$SM3 zQhwJv1JjMvbiJ4w!vbmA8+oM_!Z%15{%wzsVU%cCsuADqZ4U{&Pdb<=)I@lXNl(AO z@uhM3!$=b0Ey917m;gwj+l}qJqM7eUv50g&mf_(nt0z)2ANL@G%qHBsG~9=x#P*|T zcJGM+tE}uh!YGfxsS4#4DaLg1<4B>oa1O@9iiV9t*dWrC1MQZR38cFBZv+Lz)Hg8% z@(esroh&#n6Q>hbJP#UbgE_phAKE=eEE5sS7{?bB_QhD*vkJSr;a+cq^>R40|+>W>Y`O~I{f!~j2ZFQvA zHy}b_LiBW8?=9#u2BL}g{hkV$^5{?eP;Of$*O?^Xf6^R>kF*+Rhu=M3Ms`^bH^>U| z5=&g{Yhu2OR-4h*IcmSV95V6!;P;NHg%-|>;~L&vy6+Psw`JcJ%RJP$TKl93lvnN) zXhsx7^A^x^Sz3TuN+S!FL{~-7ydYk)zbI)G`CtnbVGy3wZ@%}+j{%oJ6SEw8Zl&8l zr0Jpk{nvrA?Oc4Y@}+m-(d}8q{;L%wMkV&`d(rk%)rYm2>iIq4=Nh>mCr&|jqzz^N zT9r(;B^8_BQQA}*(2<&~@=k;FpKEY=7xb&-mBQwst6XKOxl!ehhD6b{V4b=xMuQJ_Lo{D@)@VPLCbRYtq6!4wA_nZA2>cOg zwW++xCTzHA4V&!LFFX)Y$JOW4i>6Q=H`Mv;c%?yAhb1_dkY4%M2fz7oak)l>LBz&C z-FHHCMeNkyHP+`&xohNi5!_?pKxx_fMI(s8nREGGc=xk@(asAZj>Dtw%~4_`J_B@+ zG_$Nr6Rc^;6Xl(t=UA!$b8ESI`OTz%T9rimqt`J#6==? zmFC}XLC%HYwtX5nhL@CZgMtdH>^scQ=2ZtkXE3hC^~A$)(?Co@(9G|RSwLue5T)Ti zUS$_!;hhz={|xx@6+w)DUCo6S%P!@kEdeDyC@wAzsxOtdqm??HI>mEx9IsiS9lY_r zz*%+-f@TE$fi+l&tzeEKBnt$I15YM9@p$b*d~=VsCK#DZyc|WQfR#ev1|uAKPZ4Vn zcTu4GD3D8FtRjYr{Kjn{PYiYYUzLb6fBM;w;x}70G}>?AV6a9KKU6D~sb6DV*7!6d z8)B+SCn5iLcyv35j2v>KQ+40T{h;I7{-a z$`3f$WNr;-kp}{e%QIUM-%FzE=OUPFvDt8vA#!F4a(rT>VN`;^-ckP^CW)C zCa$ig)`??kTyHtcXi$0%c%M?hT}t1)eD{x%%Rd*6OeR(Re$l>WWoqE=pFg%$`TNm+ zJ*B!K<4arBG$2prbGp1>9VOUq%=_?!~pi~U^4M)aS&d&?Lh?+mpJ9qAn zIP;%1>viCMcPwwU$-hOk(PbI@vqtleC%%?*P98^%@@%=cIJoz0bU^daBI zTCnWhg$(~_U@psu17J`kue(5CAi;>*lT%+;hM3tx;YhNTko4N{bddxxm9 z>x=d1tG_)=#BH3(Uze){rYuSQcyJvk?Eb86;Qt2MlUKvnSwt{!-A;JHfIB+SY+t#z zD*Nv_{rB~Ot-o#qqlL1XoEMmT=Zic){=HK!9e6#h%<;r)?QhR)zQG>+Tg~@i&hTiS zh%1a~*a!r? z4see*4gHjEGoIa4QBS(KI)Cl@@5>(i#z%4VJdA;#g%nljB7No(4CgA^!bv^jB?jsT z0kc$SH=>$36_$vtQBM_do%0%B+gOH`#h*FVsajQ_Odq8maqve2>^}{q2^h-L{9|fb zHYC@2iRlkR?VlMc>%R1z&jx4rL^T=ImH`M@*#&uI`p!?yc1*{RqSR;OWKWDZ@&4PL z-y*o;9;yN}Krph8Mjnh`BCQ2$Px|hmnRkOb<3H-cY-zoqKm6t2?&Tj_ zxBY;N4W!+FMg11>Q9EDjk2(FD2N+{bncHD(iOcV#-I8y7`^HEkB^nc9`3Ak?7LY7^fCX3@&5cZWDK~c z)_KOYeBd8&{K+3C|9}SG`+nLWCt1ZMz@!GzbARmo^Bn&&e(rT(5;GY7w0&To_Si&1 z`ELu|b^#{(jIx>vm9;VO-V&*o{@(ZBwr*bsj2Zjreh@ogOfg&9Kh`yC1K#|KErGd+W0f zaAoDVnI~aDSf*{4@yAU)dkCCBLSSC`b}Vqt8^!8Vf9(8^F!1bG8Q}3`B4#Ay`gdzL ztK9z>D|gRqNOwc%&S!ey7`2zS_y7OTbmm#bfs6a!x`-hAV-j?eSF%(Syhf4kzxrdl zK|h4auYHiqe*Ggr@VG)AXyM9;1KG!2qq_%H>95!Or_o=~CL|by&xr{ z0eltY<|rXoh>0^-Su4{k7(B?JfU>mkNCM9D(ZAFcNv^Z;b98~NHHWWaZu zsoj54KeX<`Kb`)S(;RHm#b=fGhk5?%EbIqb+FSN&)L--2V$T*R zZi7e6n6fmbZg-X0{^@4-U*GSfRNH4r$@435K zkgNF}C+{xWtn>y7y6>{2)H|n@ssZxrwZl!3M^umP%;_H4^Is}6M|`Mu)mH9ZG&1W< zW#Ksq5rN`mzFpm*-fojce6toQx&t~KAXlAPz9v!DI!zJHrjo{}!|`3Wk;{oSqW zrtWH(gkykbQUBRu{i^l7^L^4oq@=yggrP zxy+20xx#U(3Jvn7b>TBAPMhJ2(4dT4LNJw99EdZucf)r88|_aKpWh|kZ=ZgBG&vGm zgX8mfIojI(+2W6cjhH?$pzX^<7FZqS4s~P=<#TkP2#aeZOf`qL=+#uPA-|oOOY(fs zSie&40tOfh3d>i>J$|Lg6Q4(-;9)_Q*qKmK3W0Uq@r@W6BB z?5*VgazX#ki?1JQA+0!r(|K{@3x5#wmA07Kw!sx%g`$xzA7fF6Iwf^IW|4+tK;PmBk<1Gbyb%7^7 zKl5gPGiBS!M=KoOzqVr*al$bUx^TbvU4jBNkI|g(-&mDo@wk_sbyzgfap#7|{rEfQe?r-8a8 z1v#$KCBAv9&de9_QJ?>VBELV=e||crZiYulW~2uf9tTs=ckykl#pfFc9(Re8iPvgz z8KEz${?{^T3@@$bV|X}6FO+xpK}q(f41QNO_wW_fI<7n?5+d+(AdM%+!p^%PLg*fe1AP9awf8$32PsRes-G!{Gx%asf zw!2Fg=Cc5V!G=4an_5T{H9HqA@a@ONW+PtlM}Ee0|GHt|@?myBoaF>!$`i;eNt&z` z{>U~3jvU^kL`AQU3=EgxckQ``sk2HP&oC5HFV}S_(94@-$V4qB0{!N?0fkZZKATuO zo$T=;W&C_nZN5VjfX#Jvc}bmS8RPGNCum$^os6% zWReK(9jmyz^4%!8YH|Y7re+67G_H}w*+#s0>t~MMHf=~^H7Q@vg(zxN;+kq?!3%@1RIsv8_{*&KZ^^{wnxLQLKS?;!9Yfz>SiHG_2wHktG3l+-x(&b?mDmuUH$5A zeeSz67z3Km*`ZLIkq$(%c=`MMn`!QKqpfOrrB2QCO5-)g?gZQuxpXU)Sblxc=om4f z0%ah!7>>@q0j?LA=YAh_@~qPMC@Sk=MTfHikuAU}LUiK5a>srmJ8!7af5tt9I0#cufc?2csS+U*wC)dOI30nbwuE^I_L&A6+BQep|QHQ)f@@VCAHeipp#J z7PHeaJ-7+iI>Ww2(2SFbAHmHQ+a)=Bm*(iio5ZW$&JRm0l#5y8&!nIda+o^7qX=1$* z;M~A#5UhK_uTI;xTK8TnHuD4#g5x*R%Vym(r+sl+mfNfWAdf$ z<2P#+gV(GwZP18*?i9j2YTc%#Lz>{OCti}VCG+?m7UEjYd}-;D{XM_Y!V`$vl<`sJ zU>B_SaxHk+xnis8;r-OrdS8=?&7a#zd$JOts=@J(k4Ak#U9Ty+_;E>1- z`X**2LtYW+c@i#qmj6Iq6B9%GgE9VEoP@<5=FeyN>Srz(RDC^J`!(pS)b*SsZ+l19 zk|Ae0ML>YGzhmd$cwc6TMGzYHP_N3LH0&8sUc5EQJkNT?7LPLfQ3wFkHy#Iv8ysg< zw(QeuwhE=m!t_~6IK7hsWRF3me^j}{_yc>?y}Jwh*DW$buD7Yi-7t*T1~vF@WxBMu z0O@{nZH#;9@<=sSKTk`}&Ck0$mOo47riFH?eCo?noKCn>weo>n1TQN{Ig8S&tfisV zft`j;ikn?Qt#n+-!AOHiIG42uUZy6U9%gQGc67hSF>AMcM#Lv6L9mePt$IEWuVW&Z z#)KDh&hKphIxOQf-h()BGj^G-_77Dbe-b>u92Gqj7LE#pxkN}Lkc-C#r}{40En+Jn z0DazT0Ekpjmpv#NGcRO69AT5{*CWF7=-6k<(VotWc;Cz&@_VR!b0Eo7!N|thT zmMPMIuC`*g1o}x!Dp0pT@3UP_ibX2A&_KIk*Zw`kFoPnJuH0|t9f#$H$dfG9_yPW< z0*%>aSKb&Xepn?HCpnuQx^;@wyQacmjD3M-id3dYd)nBG+pd;aaIXk;j2lQoZYDfq>%qg!@a-_nih(*G)eZ>cmDfeOb0j{wqShl}1LMp;$(}i?K z^RT+Hk%`h~J7_G7frqJvXeJAyj&u^*i&eaRQ~uROnrh>CHANM1M-GNt=eC<8osgFU zj6;D2lFF`a>ZEM^-QdtYsrPoe7T_BynGeQt#KX34e(0p*zO*|`YySbiyM)biXMM{& z{4QzTU4TD)oE?sJUBD?@p|n%@;v3 zY#JFIW|zLq)rBFd(UW6a(w&CdFG1nWw}ZU5YgU=I9wrKE{GSF)eL7XA|-`N|yRz^BXOg+iwLTbH}ej$?I$z6Ws=V_=kTN&JiKi4p*S zqKU$YL{k)~hHUHiDqr-t>y!e3RkR~upe&0lIJf(swUt|GF?t9A`5=2%%=q1SsDsJ-r#-6!R#^ zxYiwLU!>zNe1e7>&xvR6A&_Tik3C$dnf5wU?lX=<73hCv%t>`ZXUk&Wr3RRXCKvf# zm}dhTE>{F5s5ckIKRIpPU`XZDH-=W%?W~+!TXKM4oS(G$n)ik`8nfFn-}>l!XhsEk zo^pJQl;y2ow$C#yf=g^K9Gja+`(m)pp9&LUwE9yo7#PW{t+;%YH^GX^8; z1&KC}WX7%vS?q0r28Q}*-@0QZFDbuTyDPs*zNg}zU{<)Fu~n&k|D>%);<;sa+L10B zsb7*F-XBL4(Z&AgzU#87m7pAszx1Sh$Arypc6wIxfY%`VL*%YSM6tdR@spp$^ zijUHSe{*@hH#tzKroJ-KUD;JiS723=*NVUYR7`fWqVDvJ`%2$6 zxo1PnI^5bdFLtXutCt0?8lwd#hx5JU@{G&!nd!*RDogJ15|WY9_T z=xy)^|H=NPCIVKlg01Ew{8Lx)!n{@KawSUmg@~Kx*?4m&AtV&5J`sAK@L}|2bfz)> zrvDKs$OPGwo4@Tz_`zzQrey&=wO^Blv32-qReu4e5D#bM6avPiu$&p#ni{)%lS^-Z zaWh>F|%9Wbk;g)gY<&(x5#o2Jf5(7{;FF4a8xU>P2AxQ+RoUZ4H?euSz z(GJU7Ialo=DtBd*5ubCpw)<@eE2-X`ltA)t z8%~}EgM>bxV`u|gI9y>a*l2L;*;;kl;KOY14XB<{XVOXz^G(||`tx|g2@YhR9Qhu9X{^qCU^!Jb6*m$gp6!MUCtT$l&DI}yiYT+6Z}W%J2~J%GzhUt;}1prFHWSBUb#X1@Y}Ojl;v`euV@ z+Zn^dHD0?JaaAr<5io(qmIzN`dy;*3B&?V3c>$x=fhq1cvCd+0$o;)pcN~^&|vLNMaDc6 zxlJ2B?(dMlP-(P{=?m6A1e`X#49-#eIJKa(oa8aCF8T)|UaLi1j^_%j%D($W{X8tw zV>l4fA-Bw$#QA756Gd4;nM0+00-q*_wbuHO5U}l=cRG0A_G5Z{#Z7AbD?KHWFvCr5 zC(a-W3O76|&nc)_>|kKFz)^F!w$S5ofjoHyXQCV}L4VZUFP00`L9tV}?h`8HSb%?( z8BF;kKbGR5aSO)GPoC-4kX68)z}X3Z(q%4J)i&lJWa(5-j9r}&YA!U7(wIlx_2;y90fk{cZtRKbUgx8S<&kh}IK zy>0I0Y#kN!jNDr^!8vf(44XYIIFplto2(GA1tC;#gH8($tu@`puI!?Iu`}xv9>dE9 zg&f;)C!a`=gXy;gi2GZI+(9IoZgw)4qavy)9?1#8)UlN|Cy}2`&}K#JE6E_0tXFMP z8#_F{8!z>GS*5qck-zv%`WlOscRihw;U?O=bA+6xjX*ss6{dddfgcik>S}oq7{tG1 z3$>Nx+qhIqCLDj_#H)CUzMR^_F{mDGhn$LeJqMi9F`o!t{UMz>a)=?cMtD31kT$RN zr{kQ8aA0g|3j_^jl8^sLYz*qIIvO{mnpWm8zoT1HlX@`tkB|MCd!*+t( z!brc!&WqEuGi0n&MQ=q%eu!R0FwneO2SPZm2Ad0AlJM%#0r`=qLfImFAHFHxJHE3D zcxH+_WP)Fmk*%JB8(|d1&_n7rqhJ!Uzs~0S?Ol;!kw-j&F#36Oec-i{SL_ygZ?p5* z9MX&+H>f{-Q_VN(g4Y?h8`Yw=KI`2F5!LH+iN#OVwkG!~eY0atongCcomzIdy1crz zHP?n!r)O!fsLAhr7gumcnIh`EZQpvF_AJk=TAeAgu*HC^YZFX15pqnW5d%&7P0vLp51@BlQcX~gL|TJSLmwYAeyfrHB*+06)yyA#L1pC5+$c2B5^yKQUK>MFHtNNo!2KN=hLZY;aQ$N`ID(7caVc*( zPo}v6%~%AKS-7(cLq#YK;e<+;M^3kP=OJnes3yIeVeWJ1q>b9U)rPNR0A_9{$=Y~= zZ@0yNVQ>)`xf^SrZ2@;+QXX1rH6&?=hf=^vaSO$ISYuL~*hGmIAN7vipmLL4wtX&z zRmEa8HqFF4y6P;u|QPAv6p9OTUhsf#o~EBGm`@V!^4S{_mPDB(lFdQ2nKXi z+%0MrLL?y62ba28yG0ih(7J7l!XhF>6|2tof=AZswNQ>eRph<1D!x75D+@J3<+XFY z)WXk-bVH!Ep=TDH;CIxKLh6OUp?4z2oz6BStVoipybDk@e*Ld1y_Jq0&$Cj1IQfI%ha%MUB^wAuv>NM2CV&Qvd0$3 zvR%U!_5hh^tEmkz40Fj{n%yp_642ZpKy7}gp2 z3k5!e4BEel=8CQiRDrap5hcV5qaB4c1f&0T|>l}O(877HmHWFR1$NXQ7CsFOqeq-euXuH`RIdwM78@elWzPnH~l=iCK`goBwhjf)rb#W{=l^Th*>1tC^Qnm`N= zR3QwUXGxFex?Uvsg!r<_S*FL5Pi)zU*Fkw+W0}O|dw$ZQUNR!JNL>8G@I+p~{;T{@ zUQ@0YIXnkNfmtnLP-f18-MWIq=;8*wdbNUK^;A+&HJ!R0Gu*A{;PFK7wQ=0+O_qkf z7oRE?MGNNPm7?K|oLyq!RBtKt%Asw-qnl!tMiRZJiC&qqE9wN$H+Ky_y>GjCC2~a} zdwr9aNR+ts?YZYvFnhcqH}QN;p}^pjS#;Dfu37tNZ&-@jpV0vRko*knI#KG=M?Tmm z@|vcRS89pCq;k==N;x8OGlehCYrVU&J*zonOSc@w$mad+JfoOfuCaA<2sQsxnShBk zNCOE`Za3JfL$@d2BQ8>JO6{qhB#7~6a0l8s7BL@c`Qo-o3lP;yr3uDTk!geqv@wUi z(W=LU$CGV8J2Y>y-=5^!!UvbN&vK3dVuS<-cnoGDD}ZBjldI@G9$t%6Uk|a?5GCn& z0bM-Ho;A zAV|A=U*o>Zpc;DAiniG6YVCDf=E$3V_cNX&R${*5o>|AKy|i8H5`C@u)g`Ll*wcDy z_*b#lE;p%P`5~XaX&T% z(GtftHG)c+#5$Mhmj;obE6lARn=m$yLZpuwNCmpr-A?73GXlnFQt{9Uw;53FUe zR!CTkyfk0gYp>0IZ1`nq$*@sDO*q}V3NK?Q$SpAgY#Nqg!AZVcI$uC>OXv&>yn6lS zq4!#;Z_1S#Ac+yfw;c06ALxLazUa8eE4U=dSJ(Mq-DKXFH)a0CrerRpmqvJOiLAkv z(`{%L4x@3ese z#i65aw{@3BHd_t-+=1RWFdNedY7$<#=)Op{bHKur>sDJ6-A9-c{75Ktrd->TU^^49 zSu3yE*;s@ExZPGBRWQsz3OWe z#!=8SE>HT%W3GJfq=$EJx4fc@awrnji^pu$zCzG(=|#Lt^|Nd^D;YBdMDyQ!J~)&+ zisg;XXQi)BgfZG2D+`y}epc>;y0*ZXqmg(!eAlN6W?66*>qFdA=-av=8JPyYH1*&F zxS}Qn=TcKvT>;f~eU0}N((l&fnxz+v<_K39Oq+TY9Wbg~;LQw$4EB9#Y)A$dKWbyU z_f)fC+dV%yOC6T4m0lMxt5#VULMddMXyB>5qb#I*(<6S%4M$?G9NDi340fNEa_F4LS8pm9`)orT`+D_^PpwMXz^c7Iz*r+}U%^X5=#_r^be&)P! z?vqRQzLVa9nl)goI>w5uv~m~QY@wo8#- z%c0tG7ULP6<9vvB@m?9agL+c&DxbnAs9w0PD9CoAHv@yS6PWL8?FJEqb6@)e3}}{y zL;>JpH&0THwr-om=DL2|x$HJ6Fsd!y%#}NIc)eJtn$f zB9gwZ=8T{Fi+1&YXT1kbl)Co0cgA!NRQ8r+$i}ml0mz2&qIhv+8u%D3@7|{us`Z4x z9b#;+G@G4*R}cbHPs)}!7;|;s6+)YE0TI!PGi>`We82j8>!N*#wHiGV0`=RuJr@D& z8$j?Zdt(n{H!fmu52DoChCr_;M<fW~x0bAf}6{8pYLK1)ylSZ6!<0V@}b75W~oIJ~HC zH%SnJ8xmmy&~r~5`yRYfI``BZWQ+p5;j2K5_$vr6GVw+T1qsDEw+UDlFw67}6Z$ZqR8`Zw2#g zt(Ww}3Mfu>Rk%F2^Ao#m0Vp8p+nUIodHm%_aRVEbDzON%Fv5 z$r9mawXcJNXOD6P5zX((;ml0Pocpo08Tt=8F^k!}L^?tdQQ_c~!|RF1;E zx7eD2iKJKlmQ>ICX#PRf=9NlZBf1oe>FUXOjAKtSD6z;cg&y=p!;D9;JH$ln&C5S2 z1-tS=#+_!==`j+glO##M*2h^KF9bVR>x-z^RXSBn-_(fbwCZ@j3X_USBgEZ(G6NSM*S;g4;?RokdtYT zgZ(a^`5s2St~5EVAw|2lsgfw-h^NNjJg0?RdN2Vh1N0|Msb#T~ybUEU=c{sG|AqxX zIl4q?L^7amvA-u=0Pc80v|5h=XV7tw5L1{uyDB%pDE_2d1=Y0>`X&fzvZ&2tvM1pp zuZ)oA#jmEG5vr_4ZK*=p;+oJU#=^zB%uk$J;4tXxhgy~H z+o1!1iBhp$tT(qIJU)>j|0<4)OS>zyc|3#8JScd54F52k#3<*3^?G>d#!NNccP&Zr zNPqr5y|u`|;bZ6eKy#-PQt*vo)zhoDA4#-?4Omrp1(o7nAy`KRqnS_zBVI=XJa>pF zSTbxNfBiVsXb*o;XvG}MApK{r%r?`VHe$ubqeE|2$a$+axt;na#`H>}5 zZ@q&MB@O5sOG&3TFJE-%6CU0?WkWA)EAIV@MZ&F}ct7$C2NnBocE(>AAdMUm$w7#k zclAD`jbP(8jksHMoH}2@KE;8LfrdnMR;}BU1p!p{Nyy@3yPSVgdL~#(N8H zm|Bk_AkHp-Ibd1VhdXGm>L5_TYOLy|R^j8jTi!#bZd<(CvIX)|s;_@wcf6$k8e)I) ztTJ+PF%i->it=u*e2EL|+6J%_;=|%&+5t^vWp}GQ_4GSBLDZ!u;7V5-l&2jh;@;fwn6Q2dY~r#`1mQ00d<^~z2l{MqqFT#t1itZOEe>eoeX zx{l~~dOS?Zd66x9F;CN*fWFKgZE@FhGh~>6*O%c%>Pasfbf2>X*Qoc-usJmrZc>KR zxv;Mt#-dboZLC<9$8NaFf3lDgB6;FyzgQ2y9a=Q}+BNBx26=hwcvm7Q4iXUv~Z35Thg&kw!%NRxt#491@ zkRblO+7o22Hbi%(cSQ%BdFK+|i-A*-(Y}rJ}(41Q>BsAUuvJM_zk@pVQ)w>Q$Q7g9qDZV)VQ%BFdgqT{{tL5c*PJ(qLrSSpc(qhnp<1XI6@2N zp50_X-4|jn&11rg7pw?zof3n6^?H@(!aO3J z;}ms!5Lx-*17P|U$SnykB2Ea`!*)kWi@H)=Ku{jO!D(T0nqFsv7f|6@fAjS5A_lEo2c9RlU8qG3R)OG^*ZtA|17^D~odwS@a6~q<0>C-0A3>)S0 z-}wrdm%?D64kljHE|YMU7MJWQSck>wJcTi4J}1Gmuoznc%nID);HW7?~LF#MusNkR+9Q6$|)r431};>*_<0l%p;Do z3pZO{Wg}bb)|W-D5+5nZ;SMWu0PnagDyZ5!_O;vNqU|Bj^l@QGU-ez_G-}975zQ;h#KOV2%LxB81ex0yN z<@GrpOVX0=S}VS&Gc_Q40=%B_nl}dPgp>rD|G`*JIc2C?S!1vpf!a$W0?anR$yao7Zlu=F;MS!2h{#Kl(sDp@UDop#H;c5>|TuzDA6KUb@QkZi`(O0(wY`g zkXm=bbq$IA;$$$UbfT-l)GAck^FS>R7;(aSc@@L3wlT;zLRm%I8eTg6?MJDTOx+20 z!YB_g9;tlX9!kD&WB0XFtB+s*22hyl(3{}#beB&?>C@WoVr zBtrLJMQrBeTl-PQjaqVVg0`XW-dpS=m+?%SE8~1mIJzUt%bO7vxfGX-T?3JtoemKz ziK_z3d?iAv(0(9Mg_W;x$<&J&;zaEEc({yjT{iyJK;Z$9L$fNspB|z^b+Mffu<;Ybl`&nGtqvz7_NYh zeUnB2OcsJyA=k=i2~aM#Y?|yDb^3#vB-2A}E+JR7V+l-}L)mRrL3!7i?FNh23q@Zq zFW1*p(8BDOz=l&EUxup5k3)XcApuaO>gepYdT*5SK#6hdGlxRJ!MkEryov)5#Y%)C z2w-njB%??(F5jdr6fn00{WSVEDIkYM5&QvDeC|3oXn9v~vm@2COS{mblhkuGLPaNS zX19%z=A8#+9t=VM@cGM&BQob6OMCb2SY~d)cljB^bf0_cIyK@ zJsQ!hh%X`Ik>fY3Gd^unK zc9zjRF;6@9T$xm;!rNralrqDcV~!ua-<$tg)$Y?PfcA10U|Gf7-`k|BCC}#>RTeTvBZX!kzTLgA9L;$fFt{KSbGuIzrjg{fBqYq#pkdTVvDpf0uP-35O;_^V z8H*rBl9)w0pUZcudOo7^I`(GeN@h=ocY=`k6I2IX;g!_5czNhtPrcrVUTgx2OQo5D zBOXdkX>X>npe=`no?kbd&Y0>gwNj3AHmq~Y z;;yvTLbWjea)v=iFc`+hNC%AdT24!b7x++jrkMr$0u{g32A18I3(aMXmr$_V9B7#N zF#FzDz&NTVFBjwd@p}d7iqv^a_fj4g zZJshxn-bjZBj!o6my0b*<^?d`XP|cKF)jY&#haH-u@6-u9v%qPe7+QZSsv+;Zf%YT z$EH7m^aQpfgYt2 zt(P1zrScTi+o|#6=oHvDSmgu_|7qLDXAaL|*v=G(*IfL(TETXGzkY(?=>zPqgzST@ zdEe^2u$?aJ-juT{p=5>=$HAfg`*}LB1SVmGO*zk_jH);LD_pgdQa?=9c446C*e^s( z;5lOSxL-+<6dpo*W(b@dSXxEm%6|=-f_-Uu6&K(ZP&Mlr3LYA=PCxW?CS3Y}mnnm?VgX=HvmD+<01es;s7Rf% z;4-`9)bFssoxftrahW&Q7X1#W8Lz;@3?2j|g7sO~%4GI^Z>q+NKvE*w#>MyUI~fWa z_34FYS+Vq%v`)})FNu;fWYwsj)i6*eJ9v&kN}3a;sxGR2|M|x>|mN#nMymp3DKID~A;n%Hp!i;6xmRZG~ zxYiEaoRrZ2SUozQIV-@khtl*YE7Lfe%gZxy>^sv#rB%w0M03SNm-X77>!aTcVLfy& zDpb8wpx!2iZ!)Smc2i^l`q+yTc2v=FJmk&KJ8z1+1&taG8jo&-$R z3!%IK7qCr0E**8G-Naa+2{*q9i>k=bLJSys1}bjUMVohc>^ zfNTpUGdg&`I`k7F4k11LTKUU@5bmymg0-WR7&}jw-V{IU%AS?QN|xSY*f;{1g3{@Z z*S8~sd0wL|3=-Bd6o-Kn@HVV-%Lhw=3>wKaM2K-lB?(Z=|GicKNGH$b_fiKt`uJ)@xn z=kj8qFgxRNwqc{};SmP@z?$-uoLK~T!j6R!G_6zjxL+{z&4=m`V`1E8vLEZ7x@{c4 zM#`Ah022t3JH*SdqD`E5n}~?>`S2^^gl&;wQg2mx7kx^Ky9>?#t_c0i4KyvqE5tTz0qr~_+AsHh z{MA4MDB0?bV<}35X_Q^N+(T)O{gry=%8wsUUpdEVoA^t2_RHTLxIcfg^g8k!Vc`F( ztr-ho&9$D7&Hte|evSGCi1Lp-I5TP=J7$g@6)H$Dr6msP()>$CJyQX0OckX2FH!RE zOvmp5Jbq1pPbe(3bUy-5tX6gPL(`9YKSq+o9oT2?J^lLC8ElaOpkY5I6a%$BKC=U_ zdpk$j)$l*oXtw}3t8C<1AItx`M_}e55RjmplET1Y10kzz(ho$SMrV2;Qz!7tOO|pJ zoVDcPByHm|C_CTU-{8@MB3LGN{48Oiy`lSba`7I1K2|f=oTM7`D^p&-G{Fl4J?(e_ zpqc(3;`~FLzh=UJIOnhF^4*~P{}XWvWw9)x4}j@Ei`tQYOY~fsE0+U ze|fpfrby>d(!r{$;>y@=z;1-h^7qn>@2aZ(T%cU&Mm_1*_gvb7a!arEZ-~;cNI2G; zup#Ax5Zpf@;qQidM9I+-prHV9W9Sb(;WD0pz?=f#`+L}Q2C6bP&5{7zH_-9D9S+aQ zWO?_V{kFPFIR1@^I@jah0gKz0j*1#lcg3^k%yh-e0YtIdBfl65a2wyYqBQUpT@e_y zwqs=q{i#g-@#HeX7yC@7d;mhx6;~XHTKL2Gj$j=<1^TRhQ?pl&9T!wdY*rq!?-RCB zryiRtKUyi;-EbyX3a$&Z5_9oI|3qc}`w1dEj{pi(%2lYSg0%!sjX^Y2=!2 z{Fa>wynarRdMJC&o|eP1;47d%CdnVD{?3+ul56a;?36&Pre&%Bn;OhinG|5!6M!+3 z@#Z4ocNY2!ljnEi=MSISbpVct@91v%!*_r4+6#w}ga6$1x2^asHu`5m{zKuP1d@Lz z)<4|ze=*Vz)$q@G{X2B}hnxNmmCpSmoBokazl-4SpZ+;H|D2pZ8GzrVghDk?2V{xL zN38*=yBXwcXOo#HySl3vmcXGq2 z0W~_@28x{TxhID{Q~sT}(hs})S71yRj6y^D+vJli$FF_Gn{uyR6P0>X!WH{7%;CNa8@>nYHIW7l75tV*3Ev3T+`P)el=ed@AC`6jW# zaNB<`))7-JZOP%F&&}Bjb-Gni*!#fr=3ce><=v+>gKy0x4PTM@9?`QFm>fHJny|By zY}07~?YxJzGcYK1&vEl!waHlsV%3Q0f!T{<3;z(C``yX=%TF@GXGfi|2(=X7{P5k? zHpdB{bVm&Tz~=0HrXDPz!K%z9&})4^Qk+;bVfUpt{U8b`s|IdhX?z%K^>DmUZ$(~) z2l<;sX2a{AK4G^*-ziCDb}fuIswE{ZZFqd5g=Hx(-tTeOGhL+s_lj3Muk&_|%1wZ! zFZFWpKzpv*;x&u^o`VTc{~3D(*aq;#9E*_YiG@bh9cH!>2)tTymTb_rR;lG_OoLzO zuFwHw%dv01bQw8IGx94WR0Wt(orDIY5-2hNA~M)3t~^)6yz z1oijB)SSxIU$(3cnwm>T61LnH-dpiQ_q}sek=UO1bEFPY?8~aP@i)=@KC9MtkC1gq zKFV7!mY$2)7QAKKQ3c%w)yX7mm)IO!wHx+Rl`(jZIKtxix3|vhcqtfw{rZ+Vo0qe5 z=>?}QXJ_a!+`Es#R42#jfj;Zll=_qiMggs3VZgc418OB=(p;8hCOs*A#lMIzVmG0K zFD{R>MbfbHN~Ls9jh?<_a+W;KV{2T{r}Y)kh?3lJB!UtnO^9dddc>P;olTj zej3Q?%yf+%dJ60D+*uKayx=J~d051RM?>ydaq7cw0SI8PAMZ~#$z=#EFFp9MQra0? z6mf_WS7EQ4rTFd|Fh%4@zk!41WZr))bo5w{Fw}!}Wmb*hi4_2%bRO=Lq}!%_Ls0^||OI zQ5bWtp)dsJ*!{K6kW;VlideI2u6*x!m2;FMrbhRb;ihFgf7Y=TjOM)OCT8;mu8qm1 zH<~N9QgMX9KK!;8jCIEpJAb&y`B;-v=N21k%diA@0K7o?Xfk@EOeV0r`xhp}qtpIo zUsCZi>1T5iP29lRpcQa{*2ra6M2a+zw?Cg4b3QM!-lb%wlh%KihDG%q6ie<{@jIF2 zvUp!B^I5NJr?)k$l<#$t!9xBfl2mKClX6U}-st>o!#m+Dr5&uL9gC6DkZ*XrGkCp8 zF0c1vUA3#&X6@xcj5o<3cjAa7yDz#Q9~9BJS;Z(?e0iKQ*tkGM?dQ*Pl`Cw&-F!g2$g;tSIKoo9Vx)=9W1QW2B2u9uh)S13o?~_O@q+hi z50uW9V3ZknjjpHq@+)TVuO%9P+Hwr|9PBa<)la;FC=>Yf3O5}@L4A7L-_~<)AdJ8s zme<2AX))t5=eyH@;7h-{eiu+B~0dS+Z}+a&e$W?-P!v^kY1BljY)D8OPEn zI-o_-r`fw(6MAJ1kHcfMYAwF~vLBV&%@4JmY8X#Y#8c2M=Vwmsv3Gk1G2NJr+DR1M z8Ruepxc99sAZR-SJycUu0pof19JW~TwDRhZcWxRi#)l9ikZHBImagth-mCB}aPtDc z!tloNRnjJfT`V6j_DempYgghcb^GhihiJh9eRVkGkz7w9ElVGplvRA)H>)LAU)#+X ztt+Oyivo`Du5bSjd*2z>)V8j>ETDpj4Un!PAX1_tAYDK}MS8DMDWN2Q^p1dlQbn3{ zP>Ph$6MC@#QbG@qgd)9!gdR!=+{s#d?X%B%&fUkgpZoLv%FL`|e4~8*{UEUe9H!#i zaqCX_T}00K8Sdkxihl$o_tAQMlN=12t6=&hm}4zMat zt;~@pIxws(Y7KbesV=K;1M0C=<6dYP3mHlvlBJ-2H=*u$_nN)+{c`se-V?{`jd=8E zr4K3eGIz5ct%!`_ya;;p2*;I4R$kh(M_wd=!L=(a{PY4v%~SEOv_v-hz5M(a1V#SAy5IjA)t z#@;&3E4q%M@8iAc*%ET2quh{rjXp8frGsYsKsrRp2#;931V)HseFKp1W@b}ZRPsLt z2#4BD8VJanbs+#E>joX0KDeXYQ~tGhW!x26Xt8R$(lh@|Aa#5$GY#w8l>0iW6+Bq;#ke?QuJ(eVJ{*@xAP?(2mWoic0RD{_BuGl6e5cuBut zqTlhMY*o#4mNbfxIsEHGO+3Er9&6*Gf(^rsK~;O#2_zpKFvtZ z%e4TM6HXoSEbaIOylnM|>^=8RZ+wXl2eQga?s$BKD z!-Z^lQOW7%!COnzsG@w!`p!QjJLA+bhlbsPGsh$(i{kwc3&@knq?cspiAG9)Ao#wh0Q%fqs-D(Rev=5IMtr5aDd7An8+UN$T z^TVC#r@k3J`;Dm{F9heYwd+7Cbh~hmj04HkTb0+2dQkFs6l6FO$h!hEqccsgYwzE= zh>iB5YB=w`@goz&PQ?u{zo~PrQ(y!=rns(~Hy!GQUFMsLGi>w;HgWgWhmc#C(i!MJ z)+J&p<~yXfWh~rm-nn%xl)zWaI4XeBd)A(dv%_7rAq7XW4J6mJ?py*We*C9#Wj!Z(Z+otA^FAI%B2K7b%I%s)0bmKWtDCdMkvS+EhP1omnXv5U z*)d99y92G*2WOF)g6H}xQ^hMm-rX^+2$fTp&oEV@8%+*7EDUSy^Z5L6RIW3kc0(hn z;?X%kDSL^lgbenTlNzCJ4t%_Nw`@BguN5CCC_sVX!@++eTml$8w}Y*z3K8$<1kBSA zH8UQN|5l#38<-qBvs`OAi*1bUas#vp{)v5V1)f~LCK2d9DGl;?e6;Q0Y44>m%X^!+ zE|EgGm^E(Zd;j{ADxPE8aa$ts92wo0>6GwVRZe%9*KZ0Zu%7k%Rn3XbJpjsHiGH@I z%t;>y2t~ncZy4uAV>gTt@8*|lK#Vt*)L)zMlk70Lu4DajZ!>BAr-F3X8Z8!quxgeTWzEOfP);*dy7urC3i~x; zRv5@}uX@&|{S)%iiRPrSQGyb`HKwHq^18(`5zNIZ3ca^Qx##EdX!~(&?jt%o(%`Ll zeyU1-Nr&o{l7A>^=Q`KW!(20n;qiNI#t2)!h78~9P(!-@13+oNl-)45q;^bBfqY{d zG2w?75vOcYld@i6EF9|KDWfB^Uh^NkTYSNI-@NS%A+d3f!b?-^qMQC&;$0tP*DM^8 zZa@DhKL3e+BEHsD8-hSHCzn*OOH_a%1YbN{A5}{ZrT*!E=$nfsYUg;YO%W9^wv;+% z{@L~(tI*|&5E#xVz<_Q%fsb*|@cwRz>w5F6#kqa{6y4Z1i8Pk-;ubr%AG#pbdu{a< z*xI17LwDU1H6ItxT*LRK5i=LJ1noM$C8B9>;?rujLLoi$wf+E0=KbCDaT@_*IqQ2! z?47i8XC+qm(o7o#n3&%EdOcJ4n&{~8kYi!U8=RC(_ep=+xlX}pa%Jqkr!!S*(hF`Q zNmBaNLa`N5vj2i_BXqn>_C>EAt&kDIG`9;3(ibTaQlzC0ElxBDm{9}mLzn6YoT|4z z2N74PVQn%4dM=DFRz6OL4W8?~VbWDXy?>6n6oL9W@)>WE4>k9;omhRKFVLBPOvm9N4s`1h(m~ z&Z-J4l{4Nx+eDcl@aCm^J?X89akF^c;=3*TA~4O1Jxy+_mDQp2D>9&hq-3k$COvnq zPU%vm@A_M_{$kUV4moY&hk={OW?X$v%~@&c1fVzA!^@PhGJ7Dj!>TuanhXbIEL=pcaI$< zkxHzB$(nkWdX6$t^1Lah)h)GXaqaW zJfdt(0>DM_qA<{%P!Vfy0M&9tQNa&e@h08q@bcnBQ-*dcdu7_{z?JqykWcA7?%6jc zzN!$z3M;tyVH>AX(z_D-g|iKCqr4DL5jLqQ+~l>Orb(;HhS{Myi!XtSx#MqTqvNGK z10h29PATmFxJgTQ#?D~GY;bG6Q{n@&8Xy*m7i8v|D!c7Gb?8Ncn;QG8H65==#wCq| z0b@nnEWh3dvN|N3;(c%&(rPF@KN-4G(OURPe9Twha3hnXa0wtj|6wYL?TkCK{i&z4W*woMD8xDH9F>Gd3wgUA+N|Tg(phb! z9NKa7#tA|>on(L=Xv{Z>w8Z^h%w26hwX&$XN4+F?!d0FMmgq3TohU8#CDo|O=nV7D zvyE4_UOp1qeyI(u%L8k6I)yqqa>flHJs4K7b7Y zic(!^%INb9(9GjSJ&;sU!Axn3XCjb z#B}9=XMhoQ4^j2c|+nDd4H1j2jS7lxg(d9>Odto;>DOt2y9Fo`&-VHVR zM)P>MKtpGoZL3P04H%$WhDz9lYu0sNXik6~@0|sLfD2Kgzi5VRUIUU#Qm8%CEVsh= zOXBHRwIFBqZT7FUXUJwO19^r*)wf;UaC4}Xj&P7vN(eSE{GsG0_>kl982yjY8vo>u z)`$Zor}=Kd`6@dHq`E|Yl+XR2rWG7Z%GH^$Dtq@IAN{o;MX5U*)t}{ym@Ow^D?lM& z%l7w{>%;rI>tml+(nvNnID0&gm|M-b_Y>r3lya}zkxEpHQjCIpQp)Re9X8|UP1Dg2 zV^E<}TKd8)3~4_>FJ;>yy}n8TAaB^a_KHpGvd5^{QC@$Tke<*Lrm)-Wtl>)rX8MSS zkSF8*hht8xPV zP)qT##gyER(H!Hh#>%+@+K<`Z1^V;%yxIW*x(j~QYPBNtSS#>7dTWNHAuZeF9KTPZDHR8+s`~uPm z-+aN2)X`_&+CdAd2QWIQ!nn}!&^90yH%%ClKI+>O6!Ii!1|)SDu~j%1^evWXR|h!A zE)l%tA=KJCV&XA(M8>vGIjGP*2;b)>7*1alalA;M zowiho2G|HICCpcMWC%9^w?c%frLw<(VU@N-!)gU)J()hE{HfXg-7Qe?!j6=;g2HzG zF}wmVC^oU_iC|&CcnWs#-2LufcRjQzTs5YK0a@<+Fs#{>2R-xt+f+w+T?nqO{6))? z8d7aa>X6<|_ z9r1gGcvKX0?;E=tp^tKHv3GK+^di_-THef?pz2)zhd5VS!Qm2G<4y7~z*fnM*1_w5 za!BcMeA<3@>gwfiiC{ldB|vpyt0NO}sEBH!GhquTf%M@#!XCf902u5(JlmSpXG?j! z7e1Ns7_hl5Yaf?^ppvzAOdo{%0cRiWfX%WNwnvma3^lh}W8kD0KN%Z24yFJ_1Wx^dzpKLiK zX;=}nw49U0nD)}Ox!OP52=lccFbinaTKnZ0cm*Q8%IoOe%?x<0LyYH-ryntrGXEk* zx~us9&6)D`Ap*p+`{`Kf<}i@>>r#xV&a$NAy^?%^@fv6W%gkq8_na(K)6BwaY8wZ- z&hUis9r$4U8B*52GI%iGXSpX7NHBJPvm2-sKeHrsEo1h9*G4C3{)%w%8CRE2m{zk zZ<-w%T_I3G^~MBSrXa9SC|W zY!RLpYY_r@)En7}Gcek&iw+(-Q?T!=nt zRgbhB{P(Au)&T+HDJS5%&O5&e)T>)s55AdWaZSD+qjnT1YMweoKypGLZ28m8{l&t z!Uj@V9PCrwwVAry*IeA-0ht4IMz??1#g=VR^C}=xf)%R!%*gy0U>8F>sU!%*0*0um z)Q`fOfGb@mj0t2F*e<)j6MN}9+>CH?ce!Hle73K=0HcI4fkEGFeh@tW9orAMB%C_< zwk!x(*SqF(oa>bB{EB-^TO7Wday6CHWl3)dq84pEfHWL!aIKESUhE=|X3>$(TQt;a z@Deesc@f{0Dz38W=LiDek2%OdKnPHeK}D?$0Jb$^Nd?fmBwQXH1tZC-ewcY};TkeS zCN>Q4c>{bB?^my@S8QTQvN>O6H{5*`)FbY(3KTt)9)67?{B)1M6>nMUs*bH-vwP4u zpeuHNYq4Q;GqoZ+*>&Z>+?O{G@QL_QT$7#mE95wn4#XwPzl4Q6k!%uGOmG;P-9!== z8D=Y&xZzi!a+qr0CIO=gQ=TqU{Oc!(pR{74@7?H51XU7~Ob|~~s2Q?#gTl0mJ^Xgv zQRjADCzX<*sN;4Z35A00I9t$>pRW{QSu&W^La4RBUy>{3Vk7M>JOcp)3`R33V!I%b zM`GUQ)n@(PY|g_;pS#l&k$1i3YiMp z_BiJUjr+5*kXBP^nV;jidLwml#pS zs8;keUXA79OhJP__x7=81(pI7;E?e#kO1)LFTEZVjbf%CX4+$UM`uw7zy>au2?*Dm zGNN`4pF042?24cS5LoD^V-chOVZ#Ia215EP2?dzTvg2E+)#kDHVh-aPp%r6|z>H#e z*%1fMhLrGf0om|F%sjUXgE>5R{A!lV&&kaKaK+lYGXrvRP^qu#( zB;)sUx``o56V+Q!^EJvJ^aB3Rz*`&3t3Xu-XeGP1`a5)rdy24Y$i$j2mJ0O<4=lsq zNWkFEy$+K`-A++e7s8*k1iXbScK+q{;!7(Uy7$SoU`=qbcvWo$>emD0+KjInpMo*? z59FfmTKu@pEV^I#&OB=pedG%|(qOt=Sj*obv?1o~(q2VpkxS)}37154lA+{;BYd!c zflbXDz=}vqlH=XKrv#**&dZ2Q?Rl^G-VBl+qw7&O3uLpw(?e9mdxwCXMPwb6^R-n|4NQyw7TgZQDkBGY=M(^m6fkB;iuMGa}c6{SotNHYX7*>`mUn^GC9ZY{s1)H34E0 zrM5>^js*Q2_a-_5*72_}#Kk7&kaYCc@k0MLP>e5`(5PBoK4yCf794{JxV{~NM9Z*;5Z#ots`l&^p zbg07Z9*1jpoHG5!oTE@NaU1qfn0m70*@G`BNy131D3QC?K z#%4&MekI!YhBF*vJf_lqeK#AO&oC1Z#Ty=C@J(;)xeC}-{IlyrQ_{^)z8%@Tf?$6X(4*Pl9u0naA;)|z=;rOFK zku>IDV1`Z9k=gik?`24duF?yCE2~TQ(hX1fxn<}YM4l9CllVoo{I}ytg6{}HNYU!< zb9FDLc?_%U8=ycWV;H00EtVTaMu@Nty9Gjdj7+pa#cA7j8iz+d%$d*;f6HiFK^(}%R@M>hKaU(&XL0O_mrT@wYjGE>v;t10qK)CsR@Iankf_u- z$%2Yod9GH|0Jy>rC45~CjC?NNVk=9lg+`ClNeLZl0VLZZaFLYlH{JEd zSr&564iBlGJpW})`0isMpNmJ%nfZ?=%2OTyDxRBjX48L*iTO8@?^}MreEG61D&dbj zx_3E1&c4;+WY!<}lfUp58z6x?h5AO=KUm3w&7#QU&8Z$;qP4oU>vD~wAg=n)&1F_2Tnkmy=v6U zY^FcY{F~AK%Pq`D5D-Cf`RD#u^XOmWYOabO4O83we%ilJrn3N+Ldus+onOf<{qKEw z$99yvZ_c(z_4mm{O$*GEXBq|nrsl){g$j?(0bZi^J5igzm-+ga0sp_;|1Y$<8g#Ur zZr?=zN&@P?sGvZ%Z-fH#aOR4#*DpuD{gYPjz5rwrz7n_e3lr}zx4c&X=AlyrSHr(_ z;um}T;~79E=Ce;+|1!yb;cxqq4@JB+#_X5n(SOqF|1Z~H8L9tQ%k?3D@9IHJU%I>} zP+~r|xyX-wN=F#|@5|c$*O=b;2u$gRY$8|y;NiJwfozn86NQcV)b0);#>4Hqwoh8Y0vupjJQE$H~qzRUY_3k z7TpPHP^vL{*gF*b@!JR1z?{x99SQ%nwtWX6Y+!(F@<&1V|9yM- zmz5Q8pN4Il8Sr*WI?cTC7AE4wfnTyn^{;*SzsPg-)q@u_7Dm0IbLU}R3T2uh?q?== z<|3aK{<0_RAM+_7g7J-aujtKZDdWw{ed&3w=dhpWTer^4Tx>=y7)S5@W#jl?{{|EZ zo=?n#gR4d1&oN!uw9H*}mm0ZUQj)m7A^z8g|3b=uX|D6mK-+W*DXU#ZDGWgfn@JMw z#KmgW@avX;`(@uRp9bQPl1!wZW15NVF`4aV(Fqgfuqr675yxkiYw?`VC_A%)y>hBn z??-Pj-lMmsmMdi1o5bKMLifqn zGwQs?^e|P2ncB5aTHe1GQ@4jmTDO$I{o2eII&%djEy>*tYCsB*(5+zFS$AZR-ahtX z+q9$`AwDw29RQ^>tIUkMl{Hb~s50|1Y_`t6_)1m@nV#*vu3goAI{pu`B|10tyRcEK zzHU!Kjn)>!C#273!MzaNonrTyQ1SeEfb;xTr(cs^G3NTIa~w`sZ~0lR_mcWTN3F

<(f!^u*&emsmU#V*3A1CYVPjj)&n-00gQo)rD zHriL%-?(G05HY8Fo&!%iMy?9{G##2Jb8PxJuDtOPS}9+v`SW$Q#L?3|$ECaLpg;u& z@UPGu>%4H_DUqOQ0 zxz=ldYxC)|rlNtsh0itKTvD`~_gBjAjCgU<7sJLaxvKX@V`Ii^JQ7{UEaVDf4t>IA z3Ut?mSieczNrx(&f(218j+~Q}T3mifB~i(jf+Sw{y?|t*JI=TPR0v-xrG>2LQ5Osu ze4+Q|vqw}Ep~v4`V<;>gFSqIo{o2>E!d7SEB};Dv)EVLzlgOK|3PkGi8%@><)b5if zyzq4?OP@p$h4Gyq1sM!$+$xsG+y$(S8=P#~FY#G>vw4?4-#FLzDy>21rm;yF5Oj;B zivBiFO7ngQzO}3v^eRW?a+z4g;JhEdb%PJ8?5g)QeiOrdpSJ>NC3o`!Lu5B*FcXF< zuuLNqAwT**ssk|k^Mf$jMdrv5qA+fT)(<*7)eKqYmn0g3tpF%{%{c z2u#4}!Xe-WDAERq7S4J+@09)u-Y`MASTz3{Af{!suUG%qbd>pQe~p^}J*$SC?fvJ4 z6+P#$N722H0vPhJPfw4oUtH#hk1(C*zHcr~zH=%hVbw+7U|0&4fMpF~sombbRPowWab0W>|EBTgD8{=hkRx zAJj3>7rmyZy~wx&2|Lr&E3l=xzKpEEDz(S@{_^p(pKo^11tK*A6*W^cVV4awFLPV7 zQt8Dhp1~@eNobuq2^%=gV0q`i-;sKrO7F5FFeb@6ONs;7)t z)Fw?u=^icK{8|T<=c| z3X0-{CE<<6k;&TE*@oA>#@=Mc%gK;p!9s?|6S{UEI%yJk>z^qHg{L z<$x+}#heL!pUM@zWS8xqu~y^OTfG}czm!rXeIbKEX8Piq30^)ONrf20F{*p6Ja_Pw zYolN<`2^ZU=at++a?dp?p_$ZirVUR_x5SA9!ym{Ob(++@1F<`J@}E09!>N>k8qhE_Ktc}%&;=eyh{lygWriZ)&O6RRLnLXqKm=! zuGN`oOw^0PvI!%5OYBT5ZoTmpT3{dSMQ5oraP*_FcSbh}ds=^)tk=%{A^} zs7-nYNUzLmC!I%u&TVsl_RAohL`*b%n;*@ztLZ@-zjwzxxGvQnn)fcOr?ay!aTw;Mb~fh9$mhX1t4Imi49>dO&$id)q&);$Oy5|CyLo+=BZ6P zT?-H_Th%**OuL5XJqSPHBYRT~r#=x=s^so$iF7pXnDURe!B_MbG6|ZOTU-)8f!wni z<&Vv7s#q~OWvuA9K)Gk0lSe;2gxi8e)@nQCV_c zn#02q`FDlbV<*cC9*h8cpoi$wAEKEN?4@)`>8f&M#_ERrq=AkXT=^5h)>-_2GxU-y+xBfN|)m@dV7QLcZSC?4JrIVBCE|j{u)dV8i zmd>5c!?GXvlg3X({0Q2#TBGAiIk zHa}Z`%!>LOD|BNNR*L(HzeF z#akOnR-t1&|wMyHrrMZamzy-BKbbqAY-1Rje?x zDUQwgB&cR|acqyPute|M)D^`#SmA`Tk^FDR&%gTZjTq{*3!h~#Kx*W4F zjGRq$1`=`$O6_2eLkgcljq@*^`cIm1k2|0}pBb%SrAwa_pOln3vrdIpOfJcFsaj0C z+uxaxp!Yb>C_zVHNXGkNf4_|Zb6oFGvorm(k87kvbG~9d zrL+4^sN|^*WRe;5?|0+aX#v4wv2ao#4=X!!+9ul_FWFC_ z%f#h(-Q5v1542VAKN&>5^;(dzv4&_{HBSjua3OXW$45zKLt8YMF2Qe9Zl!IYKcN+o z&KIFz!@}_tg->@x0KZ0h?bTrUFDet>sDyx=D0tQer_3Dz9*VP_UE%Uby^*<4dj0J( z_{&Ta9sFa*3pmlu`rB9j_H2ESdEul`el=+{SX2E}QhT-~x$Cy8z~yt{vzu6 z`%h*Z8FAr>JU3EMo?a*sN<+DpVwFmbr#vq6$Iv7Ba4p<>RGg|VT@0b6^OBjPQcVMF zU@0epudF6IO=5*F7ZnachY3BlNqzygHc1`)9HslpSZB~ncUInbz+2QTvZ{G?YT z|0&wm3#C07dC#V+MWV`1G#YGR-0GkrAbEZ>=VP(@ldE}Nc@lQ;GSkLZgg4V8gCf^j zQzj;UQSXJ^uoky&A&{Fu)Gl=UdOW+ivNWieMAtC4{D7-l zVQjmNM1RZfrfKsuS|8R=dp?Nnx=@H`amJh|V%tE^I>VKsfX-ln?|m5h%lGJ0^O}D% z(j;y4i-sl;43^8$m{~iMI$^!ejNTU&EmNz!Y63#`nmyr#4R(#a1|~|UcyVHNQ2Lc} zkd=TCcnZtP5ASM5oG;M3lcmn zCAf<(?7qEZJNE|d8dG_R5IX#5@+PWms`cW+$_G#wJ^=Ygvqp}Z<=)s+TO8Z$p?Ryw;Ap&o$2zwkjGXh< zZn@|ub6zM8Kc%F_Gugejo83OYmz0 zArqFw=M2&*D2pmn$+?i{)MWnePp&)PUAO||f-UP?g zFCnfS-0Nm`&M39?Mx|iqS6hL`<|>Vw3opZGXg$S?F=ml(Huut4i%0IYE9va-XUVMy z*BFb~ITVQG9LE`gq|17;AE`CfeMg>#seHcwA2G&bU<=$BT8MRM)3j`_E$12Tjd-NJ z^XllE2=%9(T5nEzp-yE;{%zEd2 zM1)${1R19BIp~0~-(@&hqH7wXwE^-C5^A4e+C-w@}?zxVy$0 zF)&SQ@2M`up0z?n>pDxyEp_XZC;83D99<)k3Y3Cp4}`vSM_MSp$b?@AR% z?Ryl_%*`;8uA2q(Ha0>+4ODq>-yextJ&VPVzW?-0N^ftMV89mZd?CDm2@V+Qb}Z@X zTHDctqRG4DQg8QLh*O* zS%>vwoiyS43VOyXwUexWpQSvzb9zQ++hcR4^fC<hsiKqWLGw@Jyr-`3xbNAljzPJ$}m`$Tx) zU$R-UY`=dp;=`2y+Qe4Nov)uaZIp0`WQ^M#Bvu}G_vPouwM$Hql|xXT6u72yic39! ztrLt)Y}hO0`9#1nB%?$LIpLy93kgFXHHIvZTZT!LeJdJ~???+oTHE&vf4_ZKuN}vj zs70k-NqEX5D0z?n7H*x(@nOXUNQF42%<{qAMVF~#I;UZ(dP7s9Aeya$`j2G{6_`D5 z^oXq}u6~AAoLNe2$+ZC(ZD7@T$>UrkxRuQ9$}x<=2t_xZ=@O6zso7%*7ueQ2vX9~- z(!x|NlTZ%AO`!B3?5wBCx-t?(ia?GD)nRd@8=Xg+V{+ZpcO%h~g#|FYGZ1g$%nbvV zPSY-Ya1kh8WBR!sSXb>+MsV}|a*4OMkAxD!X}2P9(=B{$Tio`C_ZyW7ti$^Hho29= z+pMf}7mT50qDo$pv5go@Z=b|5`wR=rtcr>E`$lDUNqd3f15L`?f$>R|8Ikwq_4kV< z$hC7wfU~AITUO!3%Aq~5M0m~h4BkS2h46FW2Krmwhs4XN6848b-?XE@Z;99+&RnOB zVngfelYgEK*Ec6yCBoFFu!Oa#xaqx%RsL)fpGcAT!a{!?|EWs%-HT|VEoa+swJ&U9 zxm>!j)4oc*e0iO_So-nArzmzY#(y+>m3y6~{f-%%ewweTGaxQN)qj@b2&{(4d1U91 zNlZ^Hx+zOBw4}(g)4I)4S5#*zRMXcLp*}kK?hF)o@t8>Q7zapAycqP7+_oldJ5k+O zyQjRxtLB{u(j*jr%T9+8GQ!P7&r*Tg@5&JgzO$c8YCd|g z>Gc0df{#^V7!6guLBxrMWCjs|6nLjT&OR}`k<#jLfRsAe(bi=r5Qz!W-flo>(Sg>k z*x?+aKcQWx(tA?{9N*(hq-AhL(D?6^O(YsSG_(lIZZ7uxnAk^&*^0o84%4^yKkk$L zw_C-H?<8!@gMOr}czP?66C0M*b}18N5QA$wW1xw$60e2zPI+RaM`n|9Ui5~$V%4^w zFs6R(EAENBvHE4BB9i}jN<;e(+q)yl%kYWlVIzs-!k48cXw;yln?env+9SN&N)saUpNmY z{bTj_e{|OK&`Yg8-d!3#;3@KKCKbCkD2(rhJHS65?hQ9x<0OAO#lQ4)a;0&1xPQ3n zu11pqgHoHVF^&QU!gjS}e+Rli(j37GqP|Jp*xt zYSwkR%Kd^ikE?QY)o~vUVXD+PObyd`edZ9;EvBBC)Zg@JX9JC*-89=xG&6QEkmG+# z#r=a>>dHTJvQ<($YxZuOcn(vFbkO`*tZ!|Xx*P0&$g_(EHhY#>Sp@Rh{K}OL6 z;f?GwcCI*DSV_}?(eCm$de4TC(4J1&g8}pPx9UCx_c{^;Q)c^`_T=-Sw6LaKREe%d zy`aco&{LjIZ{>{}3hHeoooh^L3?r;bEtFFYwfg%DowM7r`x*Spi{sh2#`U^6u0}|adM09c(?|K|JPt?COq4!vfDV@6 zw!V*13hFF+(oNGjANy_uBklCvRg5LL1o;@S$>G`;Jg*z4Ro^U1GtZ}T)`4v(A{3{v z$FpD}PY3_Dl=a)m7nknC4K>>C(Jn;^+TDmHU4pi9h`PKok~eM|ket{ZfBze@uu$dT zz<6R+^#v^qz{O}X)V4NW(wY7_zI{->jN7hv?;7qwWq zx+%mapAww|T#3ISHML%1N4PIwWtjc(*17)^=B*e{YTC#pY&Q!P9Mf^PxSJLhxv59k z@G?dR*+%-!0&}Qm?nWUw>-AkMizWdgyZy#zW96XfV|3Jt`}oTgpP!U%Zl3BiCM@ZZ z5*0E(qM+J!<*ilZ=b_W~^RL^-V-kE56o=46IM{NCaj(f)mdY{UBlUg*ePO4^}0ir*p zq=|dQXa3M|oe;#iuj@I$>R+s578Z0uxyLJTk&trgVp=1zcj&3z<&VxEHCK8IZ-qf4 z#q%&wh)Bz7MD7)i+TNWAq>>5wCojkQzP>xcrrCsavBP@a>d3+Ts8;SQSW~-o%1{K7 z@3Ebpv4eIztWXoXq&LbCT*V-7Z2lq0P^duB8vlIyKUiZ|FC0G=P51c8mY?KBMymu# zuuvrc+!s{8J?`!~H_fZoQPsFb?d{b@0DuD`g)mWmLk66vku_OA+7EpR zv)3qKaad78W>$ydaJY(hL|rnl9SGklhoLNPj7jhoqZ<-Ydf`?McaM29G7K{sFT6Vq zD|E`a`1dEnyBh((06t2QY4OA5S_o$*v}p)c3YLIm8{K+@cE{)sqoCuJ`SlW4E8({j z7>Lyrz1?Zq0}n&h)!SjcB--fx9G^Mi41T)x;2wV^0IiBI<6!gKdP|c>rOshI$X_$U z!y_MQo)==tlQM9&1%JsktDtwNr`eXIBw%~st*qz^=dlp9LTtT8CM$_2IzW|hN^hXP zw(b*@C%X%r`^DghhHYTSxc3Rh6Q7_X!Oh22DstS2vJNaFU3mFj-Sio~ZJ7b5Q-RDd zS}a6J(%w@ciYe(;O>aZ2zPVXqgOXUmwcn0$H{&6mX4I)wvoFW*t9MRInYNob(TTQU zT+>b^Hi&<0ragU+_n4V1%G1om?B%%0>*R0Up0-gNjw0S)L`K*k6RsR4q`5c8L05ZI zPkK-Q+`*TgEuPL7Y|lx~=ZklLLoZVeKXXp?9rkp@q;S#Hzk1+&@#oe+>U_(ru5(5e zMY;QtGN4z9CiM0_^+_G2aygpwovv0X!!Eg-+!ZG^n|UacsXr>`Ya3?@bR z1pR#*_Jho8ClidU>wL+gyWfL2H(oHav&XOOcOE7*d2RCFb$Xe7d1Atk(s}oGDV856 zj|1RXL3>t*CJzZFN*+}RrGxr2a0X8dC0b!r;RSZX6$T{a5lMl`Kg>!upt8$ z*qUG9oSE7hYVXVAfZfUSTgv!#s}=0i1gs>nTGekU?+{*?5Ak2n=1i1C_>RKNtZ{;{ z#mY)+C0wOdrHHYLU7=OwR#g4#&&~*=tX>@rV}Txw9Uv3pQ+I~gD*gjjcJ+KlbHFD^ zwqR@mOeL<5w1+Q=?~&QpP`nC0#5r`d$&eo86WtH-4xQ=;Gtu6b#@6I*|3lTqrDXv` zq?1NTFKM#J&rIfUSGL4^p=m$-P#+1y>A91YM5S_>VUTihOoQ}f1X4E`$#YS6kfi}0 z6Y8aGbUO*!;D4)B#Mo@xlL2G3AujHIt+96~HM7T$c)fht2*1yBo-=M#XV5u&>XyFk)FE z7g)zVqEjW^i)W(oKTTJ>LhH4K2|_JyGc%<#8&nts4EAxLYLFjD$hkDk;y|P1X!j7A zj2W`1LRnQL_qly_zNe;y%h=aHRBCMv3pCXq)C@*i)yp1!g;+%A-ifM+e~m1xt-svG z$AuJ;H;yeE@4YX-l2D~LQ2~)AAiab11PFo911LR&DhWv_ zO7FebyYbA-f6l$*ob}JTYq7G}Bs=W=mA5?a^SrxvG_A6hU_MK<0WBSgKt^0M{`;%%y zg3rDMS@)OS!!D13wlft5*zdS$3Qc{2scPSm1{Eis>7aj0=a|Bi&7UhA>8h$C&9x|YV z^|b>7MS&0({cX*)7P0+x-tJuLhjVi~L*9Dx2jBf4_u9D6Kt`(*os-D zDfe&XKw-oF+Y%kR8mATQDd-t2Nsp@Mj8XO`y4sNVfaHIEdbdFlMYW8-m=;`tnidJLC1@D>7uJ+jU51xUQ7+Bg3JPSle~lHQQ>I5tQO6>WtAUtll% z;5+d3HsgJ;Aw5*t?7EAR&S4b*l(Fz^0%L;0J!^urtqU0HuQ#lM=k@9@MH>n2=}$D6 zsW#^M23ze|MbnE;53ky9F%hwMo_!O;MP3QyHP%Ap?*ml@;B@?G-drGX`vYtRu{fY2 zwQl|a4^%M*l~DkS2E3oYuk_OSkN?LNm0eFq_WC{PHo(8BsEa+(>u8|2o)%rR4z0O0 zv^O+VFm11;72WT#LSrD>N30spGHnW(qn+Cy2G!g+FRgB9{|t~P3x1rI9ooQd;Ceb{ zS90^riU&#;#LIzw_k4PN#m4PzzxM$sx^?W7j!OGBnOJ>~i|a#0S1_|!vle!@VVR3Y zD!<+JDf)7#mD4ak^L7S0o!=BYy(cemT=^mpBepnUzE9Z&cM?3tG+sf~+jQ_&%vzQ^ z+hYA3Z!OwSvLG~2PgCb)J!Wc@Y;07KFA~=P$UmsXJpM7QFxf2@#-ECuRt|jLlLn+! zc1qo9Jzh@=X9KP9Q^hk0=eqv4p#EX><5Teyw-*Q;b$6xFmWec zTt3GfEen&QoUb~NDWAa0F5sEhC_qbzF{Dk6SSRwC9K{DK&|-@(C;L|GtXlqkX)nJb^`AaCYjz3C8vwOqUq#R~r`bHC$r= z00@qScfHGbWCQlaC@zxH4sxmCXW~RjH|17%%J35oNnh=JF$LaVrG;F^VFOFsZ%9_L zwqH+fZ5tkB01u{?K|IRFcUVG!xOkeZsUkm%v%+8H=c!s_bOQ!oo@D&)e;*v*_@hYV zb_kcMW5(obO*uq$0(RUa!MsbY3U*ZjsmKpe_wBDh83HB3=>=sRC&yuluu0W$F+9zh2&flN3i`;2p4o&>0wr%`OYcb$%>}Z| zdSB_7e9e-iV^j47AaV2lp<;h<$}4AHJQsYH3f=<*O&YJBsZp*Y74J%x(w-0Gq0qsf znF~$9HR|+^Lz1cqd0pGf65dkl|NE7Fgi6G(_Ty>z19jWOx@SBAY1Nhz6i(%%W&vv5 ztS?^8sdYl0hSNLbT_C$vsHR^|vD(Pi7y1Ir$ZE z7WXdC>Q(a>QypNwTalBx8MZ zB%;TDse5;(ytGnYR-sd)p~)@JszZaN?#1~4aNfiL!r;_Cp(`rP$7^N#v6aK-boCa& zt2#l-A$2rn>joYO)^zg+u$$&=<{%p4;<1$+_LUcBy(xv69Xqyf4A0HVx2vI$f%-=E z6}$pLK`r&)lymlKbJ?0qj<8^FFyMe%yB<^G&8>=}EH$?^=nsfJO1Z;ytlzgQ9Gb`q zFRCcWQn%i%`(h$E6W1e8uOyJ6c1x$m+&3zEd~L*S?%cWHhX(8~e%P4T*%YvQK8_*)#! z2%EJDKl2xGV}~xG=m$~147^+YrUcduW?o*ol~7(7MRVecmx|lQOKATB@WIofQDG&p zgpD_3q6m~!h$|8;H7>A~1b&5z2Dz67m%ymBfbXGKH6|=>93>Q8Bl1B>@A6w0q2VR4 zK5%U3t*#e3I6pgQJ@mB&T7=oxe3GvNIKAlbqP~{-Q?zk@w)%chQqT6rhG4HT0}9!N z`6NW~tAEp2yEb@bpXoH3%=Gq1Z)}1VYurWBdiF_Vb|eq;wNWWrNI4MlX^5x2e5JCj zuDbeie5LrtpijXuq`YOkR_a_s+V=?n>A+oo@3gsSAqz_0>*sKETvkAXyc_anth}4% zN?Wto-BR)~FM`vk;ej?c8{CT(>floe?Sf(sk%7i-w{8diSe8&TduR3FNrJHdAfYQM z49Tpu(~wC4awLqhCFMGhfrdo1bmpVf5$HJdoa}c&RuamI{0Ho4;C!!Q< z$wBcKk0h}s(HAg1vn?9#^;L_}Tq2@+CX|jbq;_Yn;diJb0bJ;l2bi(M*;*gMBSxv~ ziug(^=QNVHRL&^2^1`nRl@kt)Ut^-8FN%&6*!H=IiVoB|rMdRl+c12%!q@+fpt#yn zV7zOG(1Jd`j8?taZL#lZO9@8#F~-I~?eGhKjL3)goFCqd-_n5s%Z~DVVNW%3%PR&P zq=OR~F{hiQR~(nUS!BI-S|`VtV&2~davP_Y@fK#c)DbhP|A8+>MXAgu6h^7|@k2?b zWpU4Ra9m%bN?<~Ihrj$>UW^!oS;P-uoiXN{s}qV^3eEWA&uR(t0H5zG0#4-p`xC7c z4?hn9PPEl;EkS@Va2q9eZ|6Bnn=>?*g74i-(r$blT!+XS!DReu8Gn}Yx>FPVmPycE*jlNaDx{U8jOs~Vr_Rj!pop#-LGyjC)Sg?T2>b${3a-W#9)>Zv1^?pticUwOf5ZS4g=ggq-8sf|4y@C~c;!EX zL=lR(I$l0&D>eCBVZy|eueV_qTd?-_<9?Z{DL^)%TbkgD2Y(_(Os)E~}n z{Prsf+9Dc=fCi!LTIh;dY^Rf>VODX5aQNe_D)la;Vqco!;9!vH z2Zzu&0V@MU5XKCBt(gBU>bO4@Ji;fW^XIaur*0`!NcebG>m8=W7My;)Sj7*1)#0cd z#qTwjgPiQdXcReJ5RYi zz^Qd3);HEH-!vsPsuaBrv!a6IP2NMsg~@R~^p7l|nQq_fR9n&wx8uZvs^g&jCw{?FzKW zN0VY7=(>LxT&`nsf;}l4vux=5v7R#p(>aUo&bN`kF3^7cbo$2#EvWXk_v2#b0ZplNx&(*$(0Ti`NjK-?XxZmq1MpH(} z{D3!HfQ%=0)SPSEiQ3!O6m$xL<{KxRxYD*}l@A#rDpzRGKe|=`iY^dvXN;bnZ+Ae? zjeFKsv2S8C)%dp!F060oN^9D|{0C^2-VgA-Zrec|U`e?PCmM*+tQzU9OU8nLRKXLu zV1YEjYQOLetxhm7T<;)fczgEB2)cU0$9TL5jUJx9RWec_z4eb9r&j{w%b!ix(DP*_ zm#kG|t&+J*Id|7abRkg(2ryg+7j@Yg#cu;~ZPOJsg-^MGs8GP_sA^A({8BJ6wu(M9 zeFY#wQJ2B9NMu0*kseB7I6RI71y(5iC;)bFi(W*2&sSa1lg@;qd>qtgeR1RTp@)Pu zcVrE>WaFcDie5xR;noHPA2*Jg0GqrI%-ks5->574E^j36EX2XiP;|D!p^E;_;M;N# zvprs-&o_}4_y#@wg%j7-$D9lay9oXR$?7bz(>>MoW#eD+o6`7qtJBJ&)(*Ba$iZeQ zf{T|0GoyVPYd65XvrKRG+HcNQDK%P_Mah{M?VEf27`D7siFBn|dsU+3Y~laP$^5a5 zMius(S!ohz7yR9e#IYTPyzZqEp(KmPj3KM8;DbA8n4TFAgf*t^241g`1YQE^m(sZXg0 zG^O3Rv)rlWc`E&BF96eDe_$AGmGT+f)&C*soKAU~+6jD|N8uxk#5>IRimswrWtkl0 z>qG(DUar(;fIr>4X~zQ3;Qj+2L#ym&!kssrPWQ6j{(}qjF?)1KVc^Ov5|WNsOH#He z8fv6^lH~+a zy3)7c%oG4vd_w#nOsMPD~yV6Eo%yp(XN8`ujObn&| z`Ng;C)z0@Ko9JwDKU7mZU47FF=Hm4Q*dK=;L+PwkMD)Q>4EAJxUCapoxVu8_hGOzW=Zdkac{Fl`E&@8M&Cy`IW$i!Cgu4hF9383L zr8)jo^T#A}OdcXnJjlwq#2HnRS->YM8r7Jb_1Na?5byQI;o-Pq>2B9R2FP#m>*paO z^}*l^N-;GrL>;9vL16{=h#o$Du(B6pE~t~nc89>CIo~)zL)Gi^pMX8Gfx z`574h#!J6t(O#=@=Xc|ygHi@M`&c|p8ZVWdGzp>i!k;)=%9GZ>v^c=TKfhxsZxYY~ zc0!~QwSP;{d{^bAXCiJK%&KJM(d202ul3Anm8MOjO9ymuj@?ZEht+~HRK-vS2IC8s zRgE03$G@ zr}QwGzQp@#)NSvtFbO;5`LH2gy_FNj=pXMQM;e&kACl3rF{nEp)b-{juU4H85Huz> zBs~ZI5@34J#(}LRKTs08)WP^JvCIM==ZAvVy_E&PumwE>SfP_( zI$$OcX3{)@9gy!#uY&2Pq!grV^2_<%XQAy(9qXdI)z``H_gW9AkTM_LpYuF<>O>afg<|NW}lw_??g6rQ2`Fv9XAtVAbZa zF2Oyf=q}Ww*tn!HJ%Iv4@s??syd6Ewnq}98TUN2Jbi21dVE~TpzFj<?V zR2oDxe{!ichd}V#ZZrDD9ckwuzd%-$a`>-StN!}!yjER~lNWz(r~x+`j<$Lq=K&KY@~ z0tXxXg4v}P`}1}S{_E|2Q@I+CZ}AO`9-9ofCvG>5_yFaeo{xX^Rat`nSl*854k5V6 zZtwN0mzk7L<`rhYz&2|ml@F&I4diXtZ^!*|O1K8Tp~u7?frBX$y`KjJ5R^8^KA>uVi)e}0G%E6X0~@_>vd>*|X*v_W_j-pk$hnKvfm+>7wcnS>X>+ z+E}fVnVkO8`33p=K3lB&$9F*mwyTc+Vr0KZ_G=MQ9CXBgsj&vlobeW+^f|DGX@HwO zz!*5DYRQ+6Ip^N5t+$tm@;hn4NH0m(C}CA2E*01I=e? zEXL!A6K|Ig=yZ7uTn9viQEudIyKzQ5>JVoMiUAZ8QmZV_omT1uIfIHKE0VKpF6J_bpG6sEZvu z@_SZbcXaG&xD()>DTHTtr{xE8w-k3I0ul$mf03#N@L5_eE-PkJ(~C zU)0N4sFKx_6yrEjaYUyEW2l)wyL7);u|KYx4}E5!ZErt;tGBa;-bGH2W0O@%lFy<; z{}akC!t`sUgT8}{;cBImQRFPCTtgJW{;_ya(&Crq>h4c-#gNoR2RNvNzj08u8W&?? zTUvAK9G1WMqzj2irMc3#T^`T18K<_=*Jmwy=9@qNGc3(z;707H z+r-7amJtaxE;{Ds=DCuRT9j0sSI*W$H;D6OF6jaN?%V*LzF#u0Fu3iKy&}(9!fWPrf%t^&$#;MLCKF zDqIu$?QkVU72duvL4~*%@h#?K&0Y6Ml?y3)Ossi7>;qR{It?-xP=1(|s$@L}lb_N2 zb)e-le&cng=&_!^;f)9{KKCM z`ptjwzh$jd*^QbZi432(lU<()=;tR*l~f~DoEG}|#0;H-S65&0yUUg989Yf~S}vlT zOJ)z#*|V^@g*UIVogZ&Z ztbVvXPE|=qMI~E}zYZl9>byx|XGH$9x@BM;%Wn<#}($_8$L5prcfIzZqN#^xwhj zjBqlgnB?=`q9g8T&T3zlen$8nEMpV0gdj0PUbVrK=_^@m8~^XC051_kpobif9Fd2bs)o8p>wEW2rH}9#h&me zRkS7P%U(wO7^dYPI`&q4R)ton)-~^q_P9?U-|VsnZZuTS0kYmlOaL3C9g!HX2sgH? zwrL0fcU?B48Jt`hXXuElMkzG)ue+jfM=V%IPLRclz9dluAP!&+AfLVLy;n9~+SkBS zG5(m$hI7qxP&Pb9G-_MoTVR3|dz{&{?l3PY#pgpMI%S?HC>t6#F*R*ud$OVodQo@! z?klk7R70(CY&%jqBMQr4E0ZR@zza$=sYtuF9(THpah0ZBv2(5fe?V))@iCy0$a(en zIZ{z7&scHKYE7d!^A7h1eofjFnBMl6<=F%d1dvuqP5vDX*C&(fwm6u-L(2JSlKav_ z4O!vXAi&osSXaM{e&y_>4tK~}*=Ep)d zUOBhWxMOf7m8Fj#xI=2aGBf~rCnMJOk#Cd#SYLqf_PZ*NtM%B(YWtaB;Hmb6;2X(Q zovBCv@~TpFs1Dr_*MDJAe{FyDo_N9tXENBvjkHH!JjJIuun2EfeMTAur>PyBRN-%oQH z36)}97R#iz+Pq?8W2x^;bPi2WKPt60;0E%+*Lzmk4Dm6aJV7j7K{XG+6dQpH%M~Sg zW9#u7&29s~q7tW&e%`m@f4%RUJ|5Vsr_LvL1|d(G8r$byZ;gtgBb9mGoi7{HrTw_B z)tBG+1;}@}A9{^%eHD6%veG!R45o;=A}S;#^A)A)&;I4Db=Lp%xZ?lK}%4n^F+b9^xdJ1`!Pdc!_{z_|&w4y&0hv`DGLkVh6x&Dqn`a za=wNc16tJnm5a4xI|}^kq%*)2_;j)S<}ihXOp-tWp=K}P}{ zY}F_MYUX(G7^m2UJL)m|d3P~~9(-oe^u))Ib*FMCqGl~ZKtTi)~HDAlf}zI+{HSOl><=f*h!OMb|}ib6_t035EHGCHlROI zXQukC{N(v3d^9J?DL?W*uNZUaJVBLv1Vc+nA`T>4sPK;UjuU57QNm9SB4wf^7N@1g zr=^C#ZN-g9fhR~KRe&e~RjvDEqUA6N!e<_G{^Ci_l+sC*UYX0IB)9bx7Fk!tQ^I=_ zrFdpSYa&mPzHq1WiT;Vi(7dn*J;FM!^9>wqU-bmE1YdDQgv~hHL_n5 z030g8zu{07@=-H{O#<7u6-$3kNi-h${sn$ogQsYK10ssd%g(xRKXbei5DW2_5cWpZ^AX`~s7xPHJ2uO?` zQSmXS&VB#R=sKHR!vWL)v>FwgMwhsgmS4}2&`NIZZlmiIo5)H-$LJXQaArBmjVU3~ zzuFQ%*Qw7q=WY9!%1N&CDJu@t zSpJ6I8QaXc7Rzr!&QP`~bMn_KWzPI@1@${8IWD;tvEP{-mvnLET6|X*^};bFlaUA^ zXyqoPCyN=r&|WKxtgSDlnX=iMtL ziUq!&N{l-Ys+Iq9HVP3x%M(;E_RV_vQD$zFgot|igAUsG!*I~Xu;oQm#$ zp7H+xin!$3;t%pkp8JJTJ70dBzL(vCt+1G&b8Uf}8tPB#$hf*a^xFJ(#(sYHA?X5t zk+n)qztajEsnFU{N80}n7*0g;2nQk&$e?0V&uojlRvSD8<>KPLY*$%QqS1iSFM6@} zdbSU9kARrJtY$&5{13#(@`_I;9a(0V)PVy;e$8);t9RzLT5S%p&OfrT>3FkEoPO7d zp<|r>o8UY4c#!t!W((S2yf=^|TIn9sk*28Nnb8o)dUKo)_PO+_E-K}`3l>9X9+)nm zPXT#Iv_zJO>HY#O{>dI-fK_otp%{d2~SGxmUs8S|TQx;Ziz-aY&3&w&*=e`H12-A#g5{ww|1$NjTnM=3A? zqR2T+X=%$klG(Hg0Q@SvGfcauGM8u`{98^KMemb&h3qv+^oFqQOe~1J`+Sikv)U3W z#)pO%$w5|JWjx>c?#mg=wq7^9+3Xv(bSVPpW00r$DzX*tblb!3+q-9E!sLd8(nxp* z{bLT~{ERhORw6h=rR9^k>QZTBbz*l^fWueLaw2i`TTqaS@=m^$VzkrLG>kWr*}HI2 zyNFa36x3dWJ?sXPmW5st5H-5*AaA=lto`!F3c7X|nDe>a=9rkXNA^VvbGZw>7U4?O zH6jwXgh^ZRd7c%1Et9&LjHOF0FJog8Zj}?#Wh*7tEVPBKdxXV-CRzt&B_ZoUt4<&@ zzbx`0sVk!LjW&)8EnvYP-w(zC^dEo+^tFtzzjcLx>(jpK0I{o)4jzS2jE zdc6v6LrE{H=^chg8A;xgF)~M8_cu;BgxW@%Lp)pNh>r@)pO^%yexF>rw^gSGYHrTh z+A-wkNAi5s0XbW0QWRzD@(n`EK@d=m+*x5Br&xX(kU@EpwsjQX zv8$e>rGQ7Y#H4V5gBrN?^f{J~*Hhgv0zNc65Xv^W5CMHPhjCnSdr5T9IWtfOs(flc z?`3(mKZvgT4M5AuF5f9Uq~%xwv>b$4IjFKzE3}e*!)zevi>^rG@1m-m@&{i$LSU6E zA(YWnRZl7V8Y|XtT5@h9L0MP968bI$V2|;Zo4&gO5z7~djGy~n+l9_R98(mja^I;i zcR-DH1k|n24)+4GS>q2gkLAU7jV5=^1dUGvj6{r0zzHyxyKaw@mXOGrd%bUJCF5#^dU2WSUhea9(z$hZaW(rEsw4l-ARCq#ftG#roVv~+C3amg<-1M% zD%0(w1oM7@+}GuLpN)@4?WypTiN0xwun_oko9SYT>w;AyGR0d;+69(98h3HPW~eGt z-5T@uYm@(~UEGSC(+ZlfpYjB~=`lU4zzDkRZ!^#bVvT#0!YJmzQLy_}Wk$2$W2DOV zk4(Y6ySS;;uuF<7*TNi+@jf0imoNg>2MKuj7su<61^7Fe?C_U7#z=rs0sBcNLzpE~ zya7>vmf7a+?n0@eY2~49w!^WJs!*=p&dPp|?bDx3`m-my?thfp*?qBRJGHw|RV_Vm z=*i4Bz>ug>XTy0MmqU9w=qCeh!z|(juqI5)>9`QCT+X*6Br;SUK$i=}8gbX-E|>6JO<1PxoT53lmu_4T6Qi}^kA0f=>$6GuKGB1(Ool6QM z)-3U_41yOYOTB00mjO9&Y#+zX3tam?e8($=fSR1Of(Oidk~jrbvAxesXo0@@c1=MhF)@;(qpkJShCY`@ss zIzM?>5>g>9EY>GWy(zO!a0E+MYgFX@|TDmje$c5xWrP+_3wiX-rE4tJ$9mjx<4BE+m-ar=A9x%BljP}X81*Ky(ctDYN$LN z`to`tzrlE4$+5iEV~_Jp@zXL>Q}drfLY!1#%o^WyL%v8k)>6Tog#ahk^ZkRFSdf0G^UavYbkwNfva2&S{God*&P=qBhC9rni0DJ@ zps}p(=~Va$Lfi?ux}Q`ws*pn}+s^~hLaLBMDjVOMpH#N%cMhp+A|uz!qR{UzTZIK^ zsVY)jcE7k$7yD+HjcSSZhTGO z4eT?j1cppOeE0eQy9{@hYCN|KtuVqZP1SRBF|pKucP}q)CFfGFTvBh7IDKZ8sr}-o zAgLNvt|u&!v&{-E!J&`5jP>ldBa;(4MSG0NZgXIVh5Ei2^I+x(T6gP@_=D+^qWuR3 zw|Glo5mD;7WD(R%+rk9k_m_{ibD1R7AoaR9O8X0O?xPMYFG6GuK1pwwrFZ7m@NbyS zSkRVm0!Nqf3V=V(j9e+9{drX5$uW;>pN`Px&deO^Te{~uUM^3|E|ohDw3g!J)mm@n z!f)275S8*Ak;U57A>TAqJ>1v(Pl)HU_ldi1Cj^D6`k7aPp&ufvD;mq}qG6<}C(~QM z0je7-3#_1{HwZA0knnas_wi?hakbEWLV75NU?@#ab*!p|U&C+_k&R>) z8`s*ZETCmY$O#>2pG?QoV-Fe6&<+?|k5JD3b~af=$+n1eMjuPS#IMN8$mlPFkp%@A zcvD@9mi%rJ7Q4G~bj6^H0x!z<(~l_WQ0u01K&Kkb!`k50+mp#rgxiK+O*Wby8O!D* zyNSx(_MVxx1R|cM2>u`ruopYZ-ejE?YAH3dJ97t z&`~+nKkp-SwkYO7uu4bU0bb! zYaWIf`9}QA6LH8r10#Sh%_9VuI{g(!Ubh^5n zXseRhE$4%K);kUE8R#0>u&1CPy(sQvnXCSxi9Er{Pcp`I&Acf5?pE)O^d`zh)JKoa z?N@I2O%@3GL_c{=+Ci?bV@q?(F-8Lf$6~< zvSG)4#;@d<{REsCuw|>-*XT*QEwKc%JR82X)c{BYDiC`sIemGU#FC%a1JD?&=mFp4 zpil4u0VD4Zbr~vylDu$Lu{@h{)^o$V<+~X6dV0rvBpq#k<~Qe+tqIM6_>my5vf_pL;%AV5Y_Y6h&PXKRR+*&Hj5QHOYIkOnEXcn{0lGehn!7 zyU`Nn0XUUVFlWy#40nOL0k$XIx;>i2c?jol?f{QBj0Rfg#82i-_BP4vel6X1M~Gh_H-33w@i)oto7$K7*XyIg zJK$sFhVYtLWku_6%J9!ZV;IHZy;P{2EX~W0K0({tn$WE2i`jm7 zR!vmZZmAyQ*5NS#s*)G2S@X1?CuNPrs>)uqz;3X%n4?#K))IC|?xNn;cyyhzOr^4O zX}?_uWo+JXE9Di!vTD-hq3`Wb*}b#`DX{t%L`PtRJ`olcJ?JGp9DRxQ-0yij2Yeyy*r{`z=QaV=Ta&f}0RH-h zw*QgI|LiCAA9!KZ2_K;3(0tk5@MBBPRCo@$&4Vqv)C z{tCUmSa4&2nuQqv1xP=$E1AVqSUnGem-f5PIGT1F3UJfO{s}YO{ql329coN3OwSnX zFu4xQ7+lUS$TB|If4dAci{4$u9*dis z)xPx`$BlBY4p9JRAu73FmVWGF4pTSS4eV%HN#6Tx+SGU-Tw;LH<;Vs%AqTO5w41&! z3by@zw70;mWY*=t<`FT9Rj6#^(boQ3@0(57J=L^ZvyV~n8~_T_^_G!#fN9E3vndg- z(xPwUUAo)vy$#as>BF0LN~Renv&(F~0ji+9G=n_@oMJw3>DK zi)g(p=v~qO*?m5F@pskEz-1TrcSeEEMZ0g>KVBqb*XA}(ZeK5^x%!KG#J_A_D;0~R z;7wJjYD0FAly0tmiM_A+^8tP$Y)Cy9(t3>JKC9cb|MIN-L1@C(&`^{P-WV#{OR%D& zr1fEL79~n1;jEz3ALJ;;nUr4VgU_&<4X+l2_ATEWYDTYl9oKcJVVKF#0oIh88~<@| zJP@uFYh5CmXGpAGpBObfAb5vG&WK%M7G2yK>$1b=Iv2_bdw!*SZ{?znQ0I+eDtLy80 zE^I<%0R~pqKbPu%?AJphA|maBka@BhJ8`~6IBuYg9ufn?NNO0lPauh{9|q?+LsL^i zon%&>4I{D+COL$hwu{Z3_$$7pkuQwoabtRIZb|1}pyc9lE_p-B)fWR1djZ7eICk$6 zWi}G`R)F9w5wV^tJP7=)^EL|sa1F~m zM@jG5rZF(}X}G^1sCC5M@KZ#V|6`&`*0yKQ8nHQ;sIQhg@<&MEvrTx_`tu%tQ6zH}XX(?J^<4_wh^Hj(|7SKKZj z8Kl3mdF;H`W466+BHg#r!6(3z6T8jf4?wF35jy5sjVpnH z(9xA)Ba3uvOOjwIYoPwQ&0z*mCpL_h&<`}2a3Z=ok<;tVx7a493oDK7NX$%!HFIN> ziCvq8D?M_OiSnYf132r>2yhnAsT&Hz%>(IzO(wK`>Bwe@re%)tUo&=h8}NZ_L|RYXQ``0 zkC!&iQ`=0mChp~ZcHSrnPiBe8sZ&epbRxWmYj~KfkMqP@&4i~;z0tcP#;1ea5F+si zN8kyg?i9Bsr7>{LdVJB$gN5$rBVsFepd21v^9|_|WlPy*bNyHy1GgQT?yfFTt&y@! zeWH)7t^Q7ogAP&8=y7y)D(bj-DGv*(0!Yq|0c=KeRiNgp;JHEys&DMIaLCfpxpZ}a z5IK9;zN6Ol!!Yz42H>>KpOZv=y68~I17$qu6pWs!IzAh+bg7z))qw)EBl%6a$t92p zR|Oh>t03z!?J91^vstgRvN68~-5H|=RX*C@(L8>=qMNtfuj;GYF4V8PJln7)#R)EfnP`2pqee z_-p@gH^mxg@R#t3dmVfAa>Pn(+sSQkI)$Iuis7G`Vaw{G0s2`Vi)&fWk=;H9ia;_B zJ+#2jSvV}{tVp@UJL^gDk)%;bCf(`+SJd1z5T@lLB}e<6_aE7hm<;aCbPpYAV{q`M zZ^o41Y_D<3^GLww*iW06~LFZXZDjD^3`%K6^aHfIRB$_bO$WL>#Bt8d=W=LMDTx#^H7tc8X& zw61$bT_gwku~VutAo&S_<8tlUeNIi7;N|7${?F{@aY|okEfxOV*hMNHhQlXkyM-2N(XQ`>yt8KN}w174f)6+JT zQtOY=gHDMuTxG-p-EW>=ZjTLi<3TNI=RK9V{QMp}xL=1D!X&k3&e*7Qy|ekRPFgj31$vjG~iuCq(!PmC(WKJP--AQ`neOJ~vnXKOg3h5Cb6M&*Mks~Q{e>8)^p}XSu%V5_XLe0-ol}(*eyTkC?_Bj=BWwU?>YFy zF16@x|KcDp$&zrnhv}5`HKdhUwYNg3XFMq$&)X3I$J;#)Raq}70eP06t(uJ#+N{BH za&#;R%OAF~d64<^3MFn~{1Lp-pc9)8*SF{5wx8;LujNhYsCwcxf3V$AWVPc24{LK8 z?Mv}6M7Qd*C3?R@Uz8ql8?gqZ>j|NSc>d)ozqejDB8UTokWX1j10WszQ$wty)2nRT zSC#$tBLa`In!By~V%9niItJrkH=*>`uu9X9kg4EM3@4>Xss-&iF8=Z3yK8rssruiY z8NF!m#r2VZiNNu)AK|q$*TjONLysT*QH9%l9s1z)h3_9D61G^*FT-?-q?*IQ9rCK( z5U7@xqhrbEfw}o`$g($Onq0DxUrpTC$kV8vHiY6%pNiIr0SXVak^=4Y&$81#g|PIg zNS4~zeS1NF{O)gm{1^#ex_L7d`P)7z^x%5+VsP|wYejiZSkj0khIaRzS3b2IMUQ&e z<-%`Ae);o|^R`&c!(+~hFP*G?6wa8bYh6xTF1qR}mGsR|U?EslIgiRlZ2J^4>Rigx3Tvh1_48+YUWRCkiVB*MG}TzsO#Ih7LkQ-1uxcT+{M%R4 zfi)`h2gA5xmSC=T=<69~U9b-yMPEKcHQOl|<-IGaQh5*W71YyeI{~*jctTz~CabIk zEcNV#gB@mhW!{1SllunH_tux6L(q?V9asb5^ihG95|`4yF1X58j}T?#2k%~ec|XZv zd4ICvBhyRm`}eMU$=IiGbfl+B{=P7P0T^DoGf*Xczo5!1Qfp?b&be-%vNc)Bv)Yg*f#Fe#BJPR=%4jm@IMl*0H! z#-`FSA81&!7BRrK2mLQe*2mV%8ffQd#)@R%=i%mdWVf@S3K*dO>n7p`jspb_b_s%O z(&=XS`NlN57-(Lx5f>`W`i;3ahnVgs3-Q*#oEFbwn#iH0BP^~WbU#OS0?r>a9o4A~ zx7AQa?SW*Bb%wo@KZe?@$jVl0yJ$+kg7iePXs6aYR>u@oHQbD1t#!%!CzkndXRWml z`lmj3JY~%;nKo_*3S(>%;20#0B_7(VrK6(`o9k9+OW5v@EK!|tiR~X|;Xw>lbiEx$ zSRK;~t=YUB5OBWHFgkQm4*4Rr?n18XUrP&oq(n^~rs27(B0TP%k~@A#wJQ@leh0qS zDx)UqlH8-H)MsixNlkqzC&#$H$(f~t@35_+^pU~M>4pQ*iF=zS@DItfSH)n(0iTDt z>#OxNP9$37jNQomIN)xWYRm30h6{>N(N!`?>o z+qc{_?XG5>?!}s(n`FKPXR~wKbSPOC(?_Z9d$^d!AN1S=(L2UbDiyz0QY?BXZIq}u z*TYR{qwp2kn}J@(a_W9?l~)5QmTb0$I+r@wTQ#}P3+0s=&%L*sUfSZcFmWw)wMY3Y znl#4Q`5B{PS7r{xNGKvoR}HLP0S}vb3ang2N3(osqttV!aO$T>{YB}3rUA+@`rIm5 zkVfaym#1NTx&$(aGITSmGs+q_~bR@AKMIS?hu zfYy6&8}gnQ92zh$3F=ryAdeAs2-L5NSz`vTTJZRB7C%X3lPX&Cgs*eMz8h{lDGqjE z?y&Xv$7e5&(<25F4L1*klSH!^Q4OX>sDDm0;jf8iv7g!_3#V8_$b3c+NF3fyVf)sa z(#VXDknKoK)uJ|3$q83SY5neZZ5qHH-4 zTVn#YsST>zD}EqRrim@zHzv0rvtdjL)&`3SxAw6kl&_vu8rLQo$TUJ`J)_9hZQet= zZSQq(ev5m#n8-Y<*mG{hL)_y66jGa4NWD1=5u%N zV*znl&jF>12-*`c;}?82c;mZYOIWvL3C+3cFp^pXed?Q19`LIYt?b_uLkY6frETu( z_ty-q=2S8&*aWBV=&AU@XR5$imX#fu)h8zy{gscAPV9DOs5fR11#>=o&BsGE<71ol z-8JIdRgz|EJu~Sdsb;P<<6e!f^ERr8nGv#5^=MSxn*I2=9V(~NGcu*;xNrLhzV~te zA#;GlN>6ru{Rc|H`YbxcM7iI*W#sj4CyUoF)J4BY-w_78i(3FsnB3Rw%<>3I(Kg)R zgp_tt2R@YEDP<2JCC2DXLpuYn%!mOUqbu(LSu3ToW3LRQ%)z)r_R2C>_Ubz8EoYeG z^dtqOcreiizO8AWKoKcsv%P&c)rVT+)q>P?D3sSPw zzP@(lkuB)7xtLH9zFOf_-#xr3co=70cR&{=?Of3{5o*esW8gy%(zM@PlIuV2KldK^7bmA#*-WxOP?Akq@hD2lid3#}E@&^rh zFbvRsOQ>!zOJa?&(s9R|WOW!0?AaM-NgufOTQM!EmuK0YRbL~5>U$o*!af3$JxP+<~;j*-D zD<)Zm5jQ7|wvZ2!PHL9sNJ07e*Xs6lQnZNY?Qp~IH%fY;$ZBW?tcH*6b zg~OwVqiKblqibh*d@?H9p^vGiRKUm?oaVQW{zk0!)EKn)wws*OR5R;jUKnRjC@|M--*&8Vb5N32Y;7<5xX;2>Z9lRWM_l zGgK##D$#=ut$>7eVuJOAAUJ`nq%4f6v)~;c!*oVkNmnS@_cOfV3F;u-{~Jbljk%*^ zZMR6+Qi|=6Cit@$n|#NzovU);GT*q~<@g?sa-0;hsR5y9-4LRvh_UKa25vu{yK*$i z4?rKAWFwO}E20x+Yf1~WF+iEQ%xiD?>@qub|Z|Vv8 zSNWSw#-c0mdV=EKw)V$pZAc4 zcPu-T@(`(m-9sq@&hYrgw9|s8=I#axn#coKSDCZXH#KLN-b~->D;yr4>AT!jU-rp~ zMDsh%zxVkThCTt1J*M=gUYtGJpRD9>s3G}5vP=p@ zm>2E@qBO@>V9<670(~jc;!!3@*_vsm1TNmh2mCZ4VN-55nG{F2;TCx*& zSAEjVQs_T)=Cd@(dq9O0i?@r2q0g4AAf6m>d{PQoMzSuwun17i3P17~4`F*No9thF z_rEBL@9r3|%gu}!XEM?ZbE=H4g=k=gTbSlVFg$q?aA|n~Y$W!x%;QlW*D?3(5O4HF z9cwF%v7uI<)If&Y;+k<3TUwp=Y++a3%ZTXm5!D z{%rU+ohv6}8Mr(8WORTrvtY6EcIvL#ZEW;WlD-k^2mRxpDSGx{J2RxYx36OcV;MN& z)SgJ2+l7Lc42exRG=}Z-zYvHw$JcV}Aam75OumQ5cGVxJ5S4Upf_iF03ZhI*%T?th7F6qBt{i!odKyDAnrL5B! zxOo3m)qk?#E|J^#n2+}k)~j4`ymp^aeE4ojOHGSR><}(_m|#=L$0r5}f=`x307bxQ ztHs8qRT%|ypfa`YA}Ys*1v?TKM)l`ZCb>4m2vwk!ZA4fXoZzdjObv4kSl=E(iwyss z_~^*xNe%Rim;#uQvY?Kqe0b)VGRhb-R@0Fv3xhFc+a{eQcb{X=l2R0MMR@0vDmkBb z;!U#*LsdjVOwL@8zw)NTpw8!SIc4508>|A@7bW z%3+;EDoqX@XY+$Eij6N^-l^9eHimkuUe(GA#oVs$R9mko2*Mq}U1 zNFLp6N(}klsH`{=w^R!j#(`GCbUq-3qHIODMbsi`D$%bWLw*nuNrli z#3Gu*G-h+Bwk0C-Vz)(#sDG#2O+fsGO5uRJ=6vMsP2RIcV_Sz3s~F>^zw9*MFYrPS zQOBnACHD@|jT;8^qcIG^9&BWVPP~c?w0XsyXHg?zU#9kMsyxw+B z%CrzfTY*|K!^dN&vb6zFJ_qt|9Q*@SGqwv@bsZ0C5}YF$aPRQ#f0R^{@c(@2YZQ+8 z$F^4N-!EmWPFPu;QYcJ!a1pXL#4VXl?NzGej7(I{W|vTr5Ed%m5D}U2ESgo?(vd-y zXdHNnZ5bZNcG^7vxS@ZP)7RMS@|DsUbt#a$4H(;D+qJ^s1J~M05ZNS4l|Vcp&9SA+ zPTI_6Z%`tiigq4!}_jsk5HbtZ$z1 z;}G_N@-$1yx!O0QayHdEJ%UN;BmT+5(pO{C$9sf24c+12e$ze*xCrCgZ*nvW5Qa&c zfS%@6y$ts0iA_XdKYP1gziK8br%GG5B@^IQ0I&v_ChBn6S9fi-BqO4uIewoP><(XU z`g5wNSg=oF9pW(A<2{tRq3)N#L{!xD^c5kTg%0vIZNwNLa#@=`uRMMK0O{^2l}CJIuR#j!jhCs2`PvFIKX6V>?`{sYl{EwzX=h`?dvLR>7}O2RmN1nv9-x>)O117iw8p2`Y$33PyJCoYuzRn^a*^tdRKJ`_zOebRk}q1Z>Gp-^)#fgPPX%aD>NZm zFd!hSl!kzm=IyDP$SK7(kME#Rl;X}tl;`C&Jua^+8M@EX7GeXbV%R+<^U<*P+*ykn zAF~okvPX*ak7ssP-?6_t-QON*H_aSX7I1jNCEsJ5({W*YU0gX`>%l+J3EUCG?ALy( zgoxE1zR9I3Vb0XUubZs8AotF~$nq*r=wX47j+GMpxc@H?X(zLGuHysMb&TT`=uUhhdP*Vth zR|k96*nH|f^cfLKJrrA;@q`bqi>3U7S(XEa2>7x=)@0rCxv0>*bbXyIz%@B7L{&f; z>|W)QQ*ovZuJWFx1>(p$bL5;&*@{A3|>M% z!j`l?nLOMfqe-29`oCG(0@1O6nG$3Is^J*s-&LAQKB~t{PBY016v?Ik3AK+qGnakC zszf_E5fpFDiWJXlnsU0D;U=$2Z?BWhJd*0j3i$DX%=+NFb_t&ysq!fsj2w_C6zC{;+Y`>{ViYw7SIO|7BvsD}E z(1P%hmZ=j@5SEDh2*A3QhYy4kW$Vt1s!7wC>0~5*lmk103m7TIWsD!w1}{Ip?e%8! zSTku25s93*MKBJ}FOHHO2r+7js=g= z{Y7--DxfP2oqk*8+W7XnE;=|7Z-qOhkiD~$>{Q>5YVA7t8LHViapo)rQz(ctmP4DZ zj0;nmDGh$DWTMcHLph<~5LtWH-)N@csYN9?h}cy9M3!Xugb;T`lj@2T0lT3-zM3@| zCL*4ev$7)azh3@UOzEF1ijO6gKE>Pns6*(1@#l}Wp%ps*V@>bdbYz+q@0}hreYmCD zgVDvnkYByqB=HLOs;`szwSG6lP63Eq=w6EpBN= zbPDBc19g9iI-yqV+3Y@)D_Jp5pNg>ci*?iGfH5BN|H+*G9P8r)EQ;08y74x)IUPWC z;Qmo>Kt}qiv=!{#nt9Xh?bsPDGfE`oNBS5<`)fNhb5a0j$nSZb0-?8R7#z)Lx#EWC z-_e5IJncX7sG2%?&i?ph^m6Yj4IF5$LW|B*^4Kcyn?Lk(`;{@TAYT53YXa4@owJwXBNkwoiBxHyS!@Q?!w6TO&Oo4uoeL;OHi!i{)+oYf4*}r^~f!&3|0-B^^K5Kn1 z`3ZB`^I&Y6)$MBay?fB)W_|{^|7e*`-o^WA_Xb`H-~CrI3na$ktq@FQz3oeJs%=DF zB&8^Po<;gk!F^*!z!d~nyter^KE^82XU?iBgALYH+X{wsB*oR2Xb{o-SlV}zL7E22 z$~LZ~E3&wJh*t1ry_8g^NQJIPEQCY2B0y$>Zb;4z3~YLFeWOidup^tV3HpsU3))5Q^jMjA9lf;m?iDG5xr?x~_i4EKCU#Xj=DM9te~GQl3$mM05u3bNACDt>MT?tOT%4U4 zMTy8wgbMUl+`WzGl=a@1Mbdgx-0Jf!j1+?Cacis)Iib`I{cDjrYYH7>9YuLukD<9J ze#k@8Q|x4Qu*u@#o0ioQXjz_Brl6`rdDO4Dz9F7Jw(&jQD-uLct=Wnq4`vSQeQ=Uc zEL60K5*6X$EGU<&PL^R9eW$p}%$0LE{t4oqKA>tt;k4BjLhK^M7Tatw&qW}m1b5`Em z1*5a63JVHbA`_=?C~-MQT-bW9mj&Bbt(f_R595^Qc3s@v z?Cq<|$KPjgA|-=#vzk1v_?w(Ba<<>nEZQZpcwbbSX|+RcQP-(Sa@2NoFs@4&3#-Iw z@=Uz9$bTv9@b{_)|u?Vf0 z#x8wceO!sFgIRX$u1)VHFiL>7EI*mc8?_SpU@u6@SCd~E6-6;8-5*&~_J~soDPn^5 zslRR?9PR589B;bvv6;t`0P1U6$`p1!db#NNvqMA~%HGbBSZ2~Er=h8$=L{aL#MaVda5)S%*4iDoz$ z)W5|4IuR&3{RIZLx#AnZ99chLlAqZOnxHxG3{dl774yv*Ws&ai!*EgYS)I|YpPIFL z^n9`ci8MGfBaf!+3?M^8^vDH#X!GUc@hyk#DgS=2WeWFFe9*<%b$C>qFf3v+AkSjC^_Zt?j_^fProhBLG)~;1n$pwu?l~}n|wp}d8(bc zf>0q_^;T_C+VQ_kfB!|(0gvzT-VYJ)e(aa~&QVSD#pZqPgyIn*wdBDh?UXQS_&j=I zn}$J)G%Xoc0%4JM+j@;v<2Y}cup&YiW9N7^n>Ad+>6`hSQOFit5$n->l~H|_!pOwW z^ET8j;k(C&MIOy3Cds)B#$?|9-Z2*qj-y?_xZ0-!sLU#%2TMFM9#(~+UksBQ;dCkKc~1|%tnb12Dc3d#I)sI)u0+tWPdff zQ(UUydK6bN5~6@9W2GlauMX~CMlsdHo}6S4JboO$@FJoT&~tiN7zfjUN*8|Lfkz!p z6Bsjm-+N(Ylvl(Gvm>^(1R`~`b_c5{znG)dc!-S(Gl$&h+v&wEz_P)k<9XopT2uOw z*!i0JgG9_ymwy@f{=!cD#DUs?90{6zNpbm_LP+3AmQ)d^BGxo;{uGt;P6+ynSCMdQ zD2^fD0AyQ~Q`#nKtqHbTC0<|s{>^)&R9H)Dv5S>B8_LXPY2NOeZI5jqoOPhq!+L`) zHZ9Q84_g+mttd|2UfGa5ru9qiR0?!8;WH>C>7U{z0ji~!m`U_2ssz|l3bKNf z8T%NMFRkzr8JVPd&lk)*N=GRT6 zdO5&wO zf;4wUIR~zI&3J!*ut0LMHrE(fX>;_Pt1#$+El0iUhM?NOs?eb9Xp3uO`U#(z&}!`S zYG|<*ZV;o&&{2~8nv^OJ+>E0R9mxyqjkMJ~FlE$0oluEu7Nn}x@C3(>gSMK2oGkY| zm}`6@Nb3n`zr`|<*R^}kRqe9MY)Ny>eW8S4Ce85WT+T#oU8$&&Vt;p`=7^<0(WyXPR|MaHAa6uYMD$o|=-u z5N5$j3o;H-Z5pR%TtqOO97CWzX%?TbleBBK77sOo$=mt+Dh4G6#H~kH*v(f4-ZNCM zTq#ENO#D>dKzL|$hKS2S=a0nwfOWsM~$jh&pKq81z6)RvJM?3r~|a z=NNS+NzL8-Y&Q1w-d zO*hAE&cJb89|~*t>(w8|>Xff@mcvCvMn7*?kJs&P4eX=ibf8c*iJ!)_KL;|K{k^xB zy+F?RIQDky$V@M6+}x?6QhA-Z$I`yD2WmIhCG~Lb&Qd1M+}|-qaP~)*F<^+-;QAb$ zehZfS(zJ4~kIp}2h1ch=+5LZ&mG#xX*24&L$Fl42Ky1vYZ5oee?TBSenDE~nsLVh| zHM;>~X~mTUyyc%bH0p-h@-_9i_-75k|_$XO3 zo9ztuMk394MW_ni4@zglZgI-5yp_oN;%NF*$&#p2Q=|LMc{|gKngTg`UcaX%E})27l3N z%R6K{6Z5GIDLa~}_)H8EKHd6?6}984Qc5d@Y;N(68t`B6w05(PO(Y>MP7Nrp_1O9P z+9JBW2LJj+TTR=CR0}}R5>}tLy4hK$5|fa`cO@=O!;oGI?UHZ$*>)?PJOGC*O&gIK zpZfj5svsix3lF1C!YW-_&;T+RzC!M6YNv1?JnQq`1R(jUPtD%wTW3x(UZXrop_ zOn>|RG`~<*_C)JTU;udLC{nlH+S+`EY;5;by>kHUD^~a4r~!W0Yio!({8Mcts7N2i4uo&SlV%bcp}MvyMh073jB`8ioF#C*T;}{ z#p{ZGkL}NCyq{_9xl{3A73%v%b5K-*R$bvv*Le!u7p56yM0!;vM1F9Zv%063q{~duz zPjO4vyLSp@c?}737>ANt}RCwwt8jF z+!x_NNz8f%%G!_ScyZ_=lz4@|$6WHfq7-jz3@^7}5q)B;mlO8ZpG$$mV~6%!DZHqR zVKjkg1S=Y=b|8H>8%MWHKcU?>a(qTh-qCO4CBQ@e-~fS=iW+%3${2QJ#K3q`ivVtlgM;oP=Gkeq`9jf1`5B{^m1>rY%FB5JL< zaXoMGN=mg%5gIKazL#SuU$X8!!7_d!LY>f+m=SX@{v#Al-8eyjAQO#*-=m0YXtJks z`Ply_ZU1w;12{q_jGEW3t{LzaURCP)px1w{7^k9&V3q`d+m+Hj*79~$`tg(71n4QX zfOXupn?3Itifszg_umftaO-Ww#m*7e^K|a3&7-Hr_`DeKTI$j~sHhgOarca@k zfPaX-+LRJ~GQD1kS<_euACX(>ueW%ROba@3^=a$um%y1B#6;h;+PaIR4JGapolVWp z8yF~JQ3a%W_%9bSk9obi=gQ9RlDG8R2e}nYNlcPf=@FJnX1mUm71wb=HVG7!0+z%| z7>(A)LzMO1%Rj{p3~uLA>F;yiEA~0{d_@@)Q&h~^?2))@GpN7U+pBn9Zy~TfJ#Gu& zLY_fdq~qoG6R}ff>0i%E_J=_8CNJl&miT;k4LRXWvxEf_*UL=D9>MEvNX7N(LB9Ny zcl$M77e{EU(H>ovBAbJ~Dea>%AC~nk0jqV-n_g@jhe-53YmEt{bjkX?__;1<(iUc! zAxb~?+vf1@yxLo@+nx>ge$(+fRx$lAfr#JC_V2fHN)j_x3gnT=T>k8t;{$OE)}$XD z%`aH#QlV^u?JHa6gdxUklq*;pOHUReI_l2v8kl3{RU?&)lh5P#G%qaj8J4XAp_3?@ z^3Kj-`|16zDA{B8K-t>GP_40dbWyMInIQxmB=mB8N%UvQIR+mqfAp~-l`pyeSE_pX z+r$&VHcW^;bw89VC*Y0VeXxATb0|y8pnM3BBZsLS_9}6gUJ5DTe^a|wGk^W)zzJo% z0$PO@CX-3MEWu4E`bwg-^(9I2X=8Tx`P0aL4p@MA2f7i1LdiN|2=EQwSF1Wug-DXk z6t<0UwZS`dM5kVQ=;?Ziu_!_@6ZQ_8)RhRIn+q18GT^mLBFY}H~X6P_aj zU;NS)Yj^tuqT;V*`aD-JwTZ?jO7W=bLo>fnO?Qf;zv_Qx$A14^7(aUODK>cWKL00X zJ&Xg9AwOsq26=jMWpiqY)XFmI()+o--^s}@Y=F@U8R#jCQ)?NK=EzeCO0xI6m!&K{ zK^$aR+Rma1aW7pcwuN(Ukm->_Iu|D{ZHBvK?;y{_jwmDyWWO}A%8(eRD)mSA1qXblZ-ZWysJLNDC9n#r=Sq)OE`E*rnM^LaR+@m)A^>)Xw#lAZ_N zm)Ue$x*(ebnmd2+)Cy;8!11MREa-(FRwN2_P<|z}Oh0({AShkN*N8ZK+a*1x(Of$| zX*|5+UDjd5f-La@S(Mn)TI4xPudCNoiar68`l3Nrt)6UE0;eLSX&^fen8CE1If~ts zG4C>tp5*Ge^z;iwutiCvx-B&-!h4C@Cg@Mk+kX;eRzPET$g(kE2BzN+9rQ7ENgXh$ zmzxwKNIC0d@DfC9Hb-rfQ~nkB{!4D^-jUKhKJj1hE4YS4)MF+g~A5zkY4g!BFfvE z)~t!$S4QVPS|Gxl#14czj}9eX{cl^W&taoM-~{=%?6TCkgEr@qUkO&TimKVr&xB0u zIr7a-pT*B07j_@*gW%Z)xMGKMF5b%-D-hMr*5MoJ8en2?|u z1DYRX*ni$Hw{@{gS*lld@7xar*AMCBWpA8wdaSjZe!9cip*AD0_XaR0`aYj=2^Yd9pPTHMbsv1NAGsbkSc%Qg=sKbG$9^6fLHQmQd) zi2q&_YNrK~W@A;`jwlw_=Z*+yyfkl-fgPg-bJ#_wWrH>?7TA3#^j++x7_Xk1yPHoP&3b$P$287ik80SqpE;wavX3#B(3J?rF3$_8A2p!^Z(F4ET!lFRtIqkT=S^O# z+`)vVCUtQYV5K|qBs*UfqbS$R0>ps$j_(%)|4=(gLUOF47#`Ws*?MY;=uthBT$!@K z_YJroWdyM&#_ej?B1cKU&z}qvN13Ce9KEK#-GCw8Rudf6>`QOMO%_8`B8+2aq0 znvVEgJI>|_*^igsqfXyIm9#w|rOvN{>rt0`1 z;YzCJg*|+XXv3oG$`G~8^d!zvB^DQU9D99hky^ZkeCDZz4vWQKaSUbQg0!XXqO}6Y z1sVkxiGc)WdhR8kBl2tXnHs{XrD95AGE2?3>4T~b-+nf)*0WSIOTPP4(WIA%w%{1; zm4VGiFG3`w*#}pulc_ll>q=~gQ+mvVEmbD>wm;Tq`Ru8UvYqB)UcL^>cC&=>oyLVA*Pd6LQqlDlNtXUSWhu!%g zbA{$Nw{QIW_jZ#~mU(g;OWS7HzipETICS?@@q|Gkegi4sopBH67eCc}5AV>1X?3-j z9K4C}rA$`vuU+;m#f$T8?m?BNEN2tF1%)b3|qTulxYgML<;F*k}VAGi?re#7eKj);Fbg;?Q>Gf-xA$-O96L1 z1soWKK#s!g^gX8*f#wtHZeM}r%5E9WInhu(2-%iy3^_w z6AaHKkL*(>TCs3DdV}>F2@$V=S?71XuUDwn#|N*-RE~`_=Xc^?C$_A%Pv2;EPhRj{ zW_X9SV1?@O@9d9aH1LuTuRaW9_c2R)w^AoK8CDo4V9V;IY0uh`SjpKSmos(X$-VE4 z%$-Wj0ZH5Uy3_tt!FF!ll4#%;kQYFq@}D7ebmYF=>|xpLs$F3O5V`N7X9eX+#QjcK zj2fIlk*u7wqH{H7kZ^0(4@CQX-!gtBxrcCF!gibzjAu`J!#f2`q(J-NiM=}yX|6vf zV78S0j6PJ#Ht9t$epA1K9r#R02-;_bCnTY%#jnxyyW7zIV;!$%oZuHUBUV`S3))ISGOv?zP?qQd-{(;8VgOSMivPxpg&F&iDE-YJB&uy+`);QJ-j& z$H9kiLHkTB{TH=nD1KpQbIy5I*WHV5ay9r~FT!S70Jp{7-z&B02d75YoLBKij*IS^Wes^x6<6$6I>bd*^hDF1bRLNNpcBt*e4KX_ zw2(3Tq{d~6={{_^7M;dIBImNom3^Jv!Q>`J*QzeYCH~m906)qaCMxEOQeCAmz{no2yJcG@p||6xcX#9SAyd-^+${X zu|K_RA}F<_*k0vF&F@I{StMJ4)ygh3Wuv6GxS*$L?L~)4am}0=WY9g6>ic>Nk3*^= z5gXjWp=-O?6;jpEQ|bVjnOU!kar=C6emiX&H0%0dF5w*hv22#SAbI;`Ow@KH^CU66 zAZ%;HRn0MNJ{BoW$c)Qd4IitZc5`R6GANz!S1WU$RbK;s4Tz*+TRmkP@Z()zGEVH91M>)}mc)d#1|Z6B ztUpGp{AlL2xbsp*tG_DoyG+6QBr4y5cE;KRwA0$9zW4EAR(2YvXt{W1+aU!?v!d-< zdtW7F>SoEzr14vlS-Wv~g@h1UB%Ti{A(DVtItYHy&3NslY2MJ*3qPMqV#l{%kv}MS zuLFm{(k6|cH#_4`9ek0gBYIJG_S2$qv+8h6L`<5G$l_=jD=UBC25qIAsZ6Q3;^V!0 zj3nD!seu>Y6v)8+Ee@+GG%wjSJe&XXohqlBSQf`)-!n1dCXrz(SZd+2O5%3hf?qY%kaw z7dhH;vU>^p2O#Y&>UfV5_S*f>kHd^n^0*4|O87P1ao4h2(NE-a>2sld9c#LlrpiC2 zO6o{eBJbUI@bJ-+=YKZdylt^$f+>Ko)YQ{Q$?iQSMiARB*Yk#OM2yQ+>x43I(|!vN zhL1Zu0Pkjg7|mu~RCHb?vQ=!sCZ_RuTi_PrApJwG(#;staphDpTkf$MAp#a^)V39z z{9rJ?;teMbcvDB>7v-d2FuXzEI_=x7y3WLW+$;{&BKD~+h-x<2%qWzF)de3> zaM-0ArkVb_-GjfPDL5Gr`#Jp|HKii<&g`3yb=Qd|VLKJ=z_TIFm4OG4%~fV`cwF|q z#=iMg!HFjD-VitokcYjVk9=A0v_b~da1&1k5tV$+4G{*4UytdpG?SoSsQK@ot{=~z zKMJp!@(lCqA?Vlf57!IT>FAk$!>f1=Q#4pDD&rxf>%n!DspQj1CUk~=%X$>Uj&3{8 zO7cUBU*E5gKn^y8B^>W;%|EW#MGh{K5KZ&b6lr4^?uQ*FTN=;&T4dz3d}f;7!p|p7 zclir-2S}cy@H;7V%{pTd>k6kM;V?0~t&ZEC6bs4Y1v30la~}RhEhFDf-v}=0t}{rq z@Aa;RUguj~6$uW--SXFMDtU}Mg{gZ3DTxkItKS7x6fg`~R3Hz={)8*$Ad%Rl5~*O(>d zY(nR1A1$Ajkw1M?1u#d%I^dahi=um+rtrZFJU`J#yY_L@qx_-2ew_bxEikLB;v?)9 zVEglR&n#x&;`|=|^JK_A&P)|N0IC&fHB&MMmHUo6KCo-2v3j7vAPfyvXn)IiOt7L; zU81yQ_$-4r=e+_*zoR5PSR(%=6_(w~Nhw@g9lT=g;ZK@_Xw$P*-f43SS3ofqOFw=pEAsu*o zV?y?4ZwJUHJ_N+&ZR<@?%2>Bn-@>D3kC4>WHCcl`Nu9D4B3sV*Tfc>h)8bg{v}DOH)QNrCV$LvQU3>^(JV9FeCpBb;cH zrLHW`jf|q)`uaVU)m<;dJRybj7j{{|o{!sg`Het1!4qv-5W_c%Y`gmn3B9z=2k1L( zoYh<+43+lNHT^O6gdm2B6%T^Dy1v7`TZ60pB?={tGdi@0i+7u5+EAIs1ZdXXm;M9j zrpCd;lin|9JzfE+erxXYS66N`vf10;Gt?O<$;cGS;+HJaJRIhw(100!WP||TS-UZF zpnp3XEN=504Rp5Yrkw{`A{?rWt>NCrn_2Ldzy_#8PPrZ4*d1@5mA^m3sZ1s+oRv0R0UIn*gA9ulM(!|2?c3 zx`LhPJC51uyFSKVwTSJq2V&Vrw8D%NI{WbgSu!Ao+l)MNI^kzo7lZB{&SCjQQ@4c# zs1_`^iKn5RQlKaoP>%_*FFAf9M6aorzD>!)ZZ96@kgvIYr64oA za6R_id~gmYbKJ!%URBpi-W0Y-hC5hO%(^rr`fb zY&M@Dh@Gny^}`eh0G)oC3F!1|J%kSedlE)_D?KwKw^!Hkwc|W{!}-{VmKx*Z-RzD} zsqqKC+n-O5M_5~~gzC?}1PlV_ZQGlpi$8FILC%yDnxva$^3|G6`GrTl65hjeE14Ri zA5fX^L;>!!L%|kWi@mvLrP|!5nx5^GT0fgn)B!C_?5w%49u^h|q%eGy_yO21w}(Qc zxWrE&!F5h^0HV8Z_2n7!&w0-Q^iKn+LDyZX^4aD|*|}|(d;jxp|I+kn z3sVgNMlNrJJ3Y#0c!uKoy&%nJv^!lk4Pro})zXi_?$D$~B zwW{I8>Zj8;Z_^oPy@tj~I@sRa{hdJa_unxb3$$`ngH0<<{J;qe)hggR{1g6NF9i0{ z+g!X?0l49}UOODjk#grCqSRFNixlpqTcJ~XSAQr!4*{*?Psr1DVlKO)k(rE@kEd67*N z$niU!4l+;R_kj3Aeu}`O!8*eNrlu7DJ?ES!b{Lct59oeRyd2;oQLO`7qp!w_L`rSG z^v9|%KSr4+&P2wySUqwdXIYbmFZM3{4m!!#B*(V<0h9Jm%6xZLu`$ZxMpKnKr1QaH z_FLntK|k-$94*bSRFF+aAG3<`>C_7E)pW^OgVc?bzxc|NQuy@tyewLV<-_KbKq7)0 zH)J-pY;q=72lRd`IGWX)6Y7;gMjmnXzOyBVi&F?2L2Kg zQV_GR_9v4(ZlpOOtVEj7k4c@Kq{x;umFH8ieb8l6ws|i}ePiWTY!US*#~7}RMpdi#M1BhW`# z5`*WJ7E;#OsN~eU#o$7K5|toKP+SMZnYn5qEs2%BWhCaPr;?I?%|0~Zb%RH&ehMin zElwd5#?@e#PlC?CBYnyJJgV}ZmdAUpY^VTvl)*pojb~Y7Sfq&*%^Pa+jb*EjiPjWl z3Yw;Xyszifo^8t6;Lo~W;)|*+&97=!*|VUq&tB;PgA6Tg5-up^yFV0W1e8QFvEtwd zoJ;hb<}*(pz5L3B-F1iIU@u*!@6>6iPb_YH7O=CkB<3{plTVfv(n%X%>T?Q=D!t46a=@g@l9FbgvOf3%_MM3 zC$lIK^}@7h6B9UpD!%LuQGjkmlqK55uT6*=*PtktdMoztzFb+^YkTL5x7*d#Z9dKr z5i7KA80*zoStwH$R*GQi1^cn8v+hP*$;EOW+CMv`Q;RD$74O340`iPGVlArjq#m`0 z8%~p;^P5~SUQyh{`R5f^^Ym9e$isqgy%-PLJ~;?dpZc%)qJKw5NRr*g29HL6y@h$8 zDw%jm1hmB&Vlvv;$psAhb`SAew~$R4QRHjCUb%_?PW-z+Q!l3M=wVa zqx8meXI5b)pS&_D#YgZ1=WqLR6CJe_5=8Fq9Vo#V1K4p7q$M3_k`m)zD``?_e>%b) z?&9ld@xOAnYX{mi#{{Q4`mDY@ey!+VYEYL{69ji@8?*j=y&@DwDWXCUbAk-0j-5LX zw1rgtro6}-823-z>thDHfgB#Z7ssG1|L9A9LkYxpY9ONUUoN3%AAo2dBD=T`I{5M7 zyyJKg2YguxFuaATgw`}WbC$}sVj zq8lr%_ME^$*aPMYjh-kA*OFHWSloTJ6b!U_3ZL*Mx}1%t&5|t;&+om$1WCK~Vt}Fy zSWk!#M?aSIVS^!HH z3u7ZEa#-t^YX9Y3;X-&K437>C19gF%{5*=<)}|w2Ar?zBNevS;%=$dVe0pCF7qV+t zv7JsEqiPXsSeiLOUcohq0kL?zuvCwE0?H-I123xD+MG|I-Fd&+_Z|;x$c!F`wMGY zpGX0g!(BiOagMy!ng<_0;CRLDQcefZG}pd_7)W#8{bYHOSlZ|lhqpLX^_>dP=CKTz zgv*5Ugqvuj@5o#w;HWy~OOIuAi zVb3f&_^C^Xiu@d3N-$G4;oA2_V!g}pSzJWJs~^@e>Nn(p_EH{Nnz}jg5!1B3Hp&-r z-@&S+g~cIyN0;!sTV9I&m{M{vib+S?QrTU?$K-L?D9+B9E{WCHPKtE_ww}85+`RDL zJZVm>y0hoMw@}-E|D?|V%iJwimOY&S1TgcZQr z%@__T`W}}f*IufctgnUf{zZf)!AxBjTm@c-uG!n<6T}~etXQ=GJ?~@6f zR2(F?HiN{Y$3Y+W_Z8Us(cwm*P|1A95!>x%f#M!Au%)5RyV${*Fe%y#@^))fMZ#$k zWMFmE96merVKt9X0Hd^EN0OUX+yQo{)4@|QMTVEXYD`AY0eGnmo=i+3Ha|w`6rCFE zaDT#JHKJopuy+tsrw}j4XQf?yt_xPX@csrr)dwh-g@3 zKn{uvCJtr24rf?0)|RO`!@F*}3$6j-nR?x|A)Xg`&}V|eFAJ)DK4f*AEj*jy@!Vb{ ztH`JAC`owY)pIhCOH#B{#g^>>rWd+yF6I(o?ch<)_4`8(=?#P78sg`*Hsu<69%pg0 zVr(@QHT&myozRiKt}7+~3lKmYDysSp??q9GwXCMxQ;28kaH{4@@I;3b=Bd$IUa?Bb z>4zO+vbM&?6}lknK5Z5;gpt}`myhGoo9o$7jr7p z%bpf!WxY?}ge07Wn2qAJXRL4NSiS_WKByJ5Ekx5TrlJ3m%t1}K!GOCU$B^K~ZPl1b zG%#2}ppRDax%*M|za7H=x=6o=k8mnkKfYf~Rfv?m00$2M{f;@}NjJy%!NBij%`58y zE^GxH*#};9pL^Dam*@-fK%00;{)!0s z9L1fnVI4WmAl@ozhn;fae3eP_(-qe#=Dj(X^V=f^5SGh(stX<<9)T2#Ba1FL47|*8 z?tWN-tZ$UEVD4Ajft?6ZLo$eM9#nFz!=orx$<3hlLO$sZdehbQB9`PW>*l>r{r3+5 zp61Gfra4AHl7*+IlQNFguBE5pL6y_Rl=u&K6Y%oo$fSi*srl8w!iH{J99#`AAN zhqdL3rs&*lJFN7D+*jO8nj>&fU-)%dJAsW$bqu7d?Z03i8FJSTGsc5TCQKBb?% z*&KJ~x+w-=qXG7BK=T&*VkQ7so|suCuFxi(v8izWxL)wIK*P$e>NJ>r_bBpb3f!eD`!RQb^BP3m*bOdITbU^nL* zD;dm{l)|0ki+&|g%hE}J=TcHWX#j0YG;rxFb7eSBu~f#gnq)htbjIcjvAH%fnvxd*W^54KrI-c5cqy$k@L&7DDch23GkAK}KAezEf)l z{359qU~TbouWV^G%!cuwA5_hr^2y!r%9SpWIM`-DiLuptC`^M9zmFt2nHNK~)INz# zYd;caCN4yeLQktwZhq~%ATyIB-RtQ3FiklgLk3G4;oQ&wF%eD8BnDwAxwrO&14C^J z?9jJgxUI_bAJqTWNx;2?m)2Ud5w>2yOZyoAqCfpRJpI>2r6Re3H8^=Qv(YX#RuAV( zE_ztCJ_SPBj9pJZYWyCjfH?Jwpw$X|L10*&dgj_thVDd7l8r^riSiW|`}hM8uPWir z4^04V<%ZUFP3CJBY&=w|45;O|i|^7>jDQ?~x0vy55R8+l;msTX8T0;7%w}1PdQVwv z{{aY8f;t>OCx|-W+GoSUpVMACZbgFwwUToSy4@QbivTc|b#in3Hvspr8hZlTcJ#A~ zGQ4T!v$a2-Ts>eY!K`LcbJR{#YJ(=_-0G`mq!SutmMC|Aj4KDwSykBD6X0d-WH?P` zKv^x3@9A*jNiwU#L{*R9)wmULS?x^rE^NN}vDfi;3)e+!#MbI=AJ8#AVap|s)#IM6 z?EV`jVN8ib7a_TNvzStp%aaG)tKdjUabl1b!-lKTre4s`JFk)#@r_* zLEM1PZ!<@kw6Pk~VgELam6wv7dSXmQaNHv((VTIe=e9=Yit%@q;e~Lfjhs+c8AZ^oO1} zxY>~fdqv|tc}Yfj9H2G)wyE>o^UM?*gzPkN-J?HKAqFYlrqITMEga12@DcqK z!!Ezp`K}6#h>F7V-X(`blzqrdbvT#iEgIKaBD62zo-6=SXM)`aeK4 zRM}j5V~Go^z+sbwEn>t&SHP*oKY1M;DhqDg_FThK=Tdw-mxlwuMqgPweZT}DMV#eHg(3{2bALuX$^0mPqWFt|`cya|VAhP3tPc)n*4Ww}G$6&H=+Xuyi zC|A`X+qr){5^nq{u6|inl(lqQVTsK@g{*h|{)*RrHpY2^Mn=YcwF2InJhzOp7GUR- zSoUd*T=N=Gp!R>Tzq*?#aqWKC%r1Y=F8UAFlnym%Tq`P>^^21fEpl208WJd9p6Cxr zw2#Hy|l z%+y~DOqah1C8wrN=K1cEL^mcE%zN%>4$`6zTItLNSF~jvLEKX769!U-QAb|0a!;{bQF`?Zj`RL0r2U4sfJ)$7;}bBJqOnYMxX?4_!W6#L_0?M{Nyc0OM6+ zAK6qneBJY!=x=D%(7^8 z()sR@mghbaH*q5|a2mg^{!C9aPiuPYhq6hxyh=uL;dQL0%OKKsqTtNk1Fs|jUW${{ zT;hV+Kb|=#-4tFw_KQyZjU0Zo9r9i}1jA~#II{1qNNzXkC7k$*f?D~334@7ogI_>7 zSd(ZU8{_397>#%xo(~m<-f#s(a_=?Y#!nMtBGSbH@w63~2O1 zaXyaZ>izh~u3Un_X|MeP?1;_}+Dhgf1*B|n-)b?jvN9G?qVZb;G>ThEEgRfuCUwVI z6rn${V{%o}Zcj!zj?nGJho_oJd`vwoe?>N3(&TXz4fu}9 zJ`BXJDy$;7{sx_>+u75z1Z9jiD_4Ae0ISwf2s7@$DH z_NIPw!7Vki}yd=a5k zwf#(tInv>UvuskiP(hhworV8?UBe2qh^L?Pd+`}}w+5;hL{=uIHrjNrUS>sET5b)Y zA>Mbbp!%=HI&K91{nxO#m+{3L?& z5pH%Ac$$n*4>vDPHCx-ewmq6sTwksC8sqaGk3O)^9qw>oQuGyTN8^TB`Yt)`v8GPt z3&Bk?e+h2wxY{?InNM|@cq8&Mt^zXTGY(@=n(kSjCW;QN8MSr7tQmJsoLbHe4)!2l zxU)0X!Pb~=_N?!SPNoe@%NR6kGh_Be!8X(Krs7m?f5t*NKn@*?bQXcU|Gx>TB*^9i zqKeOeu+q%wGTGtB$KUj87$eF11cmK+e4D}XCqh+Uz9Qtiz;L-b~?%$c)ok7VEzAX+17Fe&irm!I7gN&%!wYEgC{*HI z7Mw!Ufwb8_-4@xls(cboa5-=Az& z8k!mTRj+xA&0abHkos}k?NbjM5ExVFb`H1VS^6m@c`gLdatx7{etsJiwYQ0WyN?8K z4R*Khyrvbf<2s11Tn@~*tK(!DhG*1fJAe395?#E_3iTDn%rXOHn9T5}^|@d>cUl{Q zg#X#jO~Ki$D0h;|TJGKB6tj<5yGO0N|Ffz5Jf7T3Cf<6>{~yoSE?a8hIL})cXJg428+He97k#dk;`x&~1O#gQReNxtp6A1ucs;7@xjh%Ew`c|AIM= zVNvHNI?*3rx8JM=VlScwGo#z1prm6$5)%z{ty_U%lf7%tFd=Ag90biZ2n&^m|KVl3 z-ZRiN_h6TOsbD-z}u5Ygx~Z9-;g>IjAm2tNYHruJ`+5 zrMnOUnq*`+Xhf}A0-+LcW1?as~V7P)f4VyR~Et z>-#x97VkG^xR(L($0f&DgKmhigzh(9o4pSDC;ZOsdtTlB$GV`U?e_6vlr-MA?hLeofF z5t|gLoa|%R<{>(18u)kgL4_i}ElO%E^= z*6$wOx3D%S0G)#k{@gUh6`Z(FI(XkMpBj0e{O%F9Oeie_qTq2e>^BPyv&0+vm^K2O zO`^18`o$Hq_L~7@o};5(IF616?yZDwY-oQ zDw2g1b=+sY-F*}G%?eo|YJ{-^TW7vB4U3aFKi4nXhE}wDM<*!UZeAtm#Z%Gt!m`+d z8lG_S(HGZf)tXCHHM6?@mka&dos!34+~-5i6nA$eR@00Rtbr2eIC=U@6aPd|* zd+J=)X4JN|M}B0zqBgxM4^T1#fdiJgDria&3?e5r%AarcZ1LR1%3kU0#QU(U;K~i) z^a?=1KTk`Suc)zW z9#jqfdQwmQC4-Vg${Ytl_^fRh#BAc72$Za#JN{Mhu3xw{Qr}1{$CTC6hZI2d>!7CB z$S%s^YNHD#Yev76q7NL`GU>+r2m2*Ta4*?~LXZJueK_s#A^O`I9oUO)bO{;=4an z!ttq-A;r8`P12Fv93VZD8F0TqKep$-}kNs zTaQhw4t$?jvVBEg5t5mE_~cd0Zme=_G z6v>M_PvcAl#+^s(Zo2(TN!=_I*bcKz{jZ606y()VVXUZ`X(xpdJ}lBIC*m}m+%Ddx zq)C8UAJSRtz%YTdu@{ymgIpOd+FQgXWMwH#6)UKiS^=L*h2=SCWc)j)L?(`rKTFv}LM_KCKg+K7QQ>Y?Hd-EN)h6w(KOl)#9I#&Q zE^zt%o*Oi^duV5fhbbo)@zk0>QsL;RZrZD5ku4`sr?6&_C%)j4e|B`=>%Mv2j|JG3 zfzjq5+FFpYv2h$ff6JD&qL6Q=MJPVgu!W_Y7ESht9g+;5X2G*(WD*45MzmVbwI@@T z@3ww3#5i)vm8cVbFaDYDBd09CajDc+K-&7Z-6{zGlsXP?zp%0qU-Xk{rtY-(04RH&OUZX>Tp~pn$uio!pOoOeY95=pY?g%mao>xvk;R**hl;1ghbMR9Lv|e*_83h|TalK^Dn<&B=cg-Iru<7=b}E|< zL-A*QY=$}=udaAL%=Lhvd4-fLfi+{FUt8Vi{tGWz`6RXr zW4(L&Y#_saV#hZK#xySfUf9jh?trbg(XM9T`~fI@TSubZAv4E4s?bgGRCrVNfIO>h zBl26y``zdc>oZi>k!iRJSru#XYIMgFSEULP8>4_&+OK-y4!hYgiER$<2Ni`31l?hD zvqlMxX1Mc8nQBVTmKrKbZpEFJv<(U!gr(&+pCKX#1sN?gsjOdndBa(!N)!seCCbr< z=i+QCgp+jh1Q%S=)XZs7PjSC+xGnA2$XYWOx!^8s!ph-2wJ60tZ@VCIBx3!-8KNh# zEDW<=+&=X(v?HBAE_5f&XQcu6K*_#x^O@&CdkAoU4__I>IRm6WG-?qYcbzW8D`~>F4*~s0KPn&H-dxuAgV?;5}XSHrU zgsL-FS2L9Z$sa#4Qt;h{ZF~BftGC+-wu^{dieV+qOd;hJN1!+7o~$!)?iTPjMP{cL zV^SnDJi6E5J%^y|8VnMm*6iIJYZXbEdp!G?QT**CXj7`J|6u^ru-SC5B@ zLE`<{frLvEdb9!)bm&;RZ~M@HqNkm)3pJ& zedAE^cEQt6Lq!!viiLuiQic^ z@_9#-;?!!)jP#$m2#Rt_x!Bmc#GBm81@%Co40cIzCAq^WMTLb_F{YWyoW)9oC;~$pXgA`cu*XShSez!4pgaWE{YC@Y5E7lV(w}&QOtrrwRM>P znpj#YyHj$ss@*3?8?93#!T+u3xtYzLD;IG*5HZZY9{M{qGgcUJA_TfPa6_i#q{um2 zDHqWv4$)Clhdc7iInA1&{U=xyH9o<8j|pLphrav4+|WpHRmmYwG(?Rzk-}Lg^R6p4 zbY~S}VAgu%M@5NP`qLFSy)+>+=_0({GFG_U4WLmR70RqQ%^J<^zz zA8?NG9<5#&figOTndjp9e_&I88)0&`d-sBs{1V~c6;3%m7Le*d0Ne4GGrs~Ys-ZOj#h6}a=xw26>g*Eh z=}aTcxb#t9Q>Y9NDQE|Paf`pj3aS}M+V$X9WBpFtMew(jmTePp*WpwJ_c>BL`L(r| zzhqedMQd+p^!sNF3n_-D)xZb=XrEJ)vT3GZonEhSPvg|$D>tCtEByv=^`J%i!0v*m zPYZKXJs;}@1X{O$$Lk^bRUyPh6XiKbmC`2nHyYnELf=+5*E5f1u~5P9&Gq`MD+mm=3aM( zmEdK7r~)3*+Uat~k{<#5toae^T*%PXA$fKEu$|YRyaEk%5fDrPdRfP5VDD zr7Do0JaQP5k_jdsTjf?d%ze-{re#8jR)n5xi}?K@PL655j`!3x@x#K*R9185z@0b6 zTI&z|Yn%X4BWehsQb=gPX#Obhk?qG%gb&bk%#k8Ei-3w~jjzu>KOQ@TW*Ksx8hR&L zZ#nWC5AkcMJ@wb0)4=J`*lrx$Ux9zF9xxmF`1LABF*h&+h=*{D@T4xxKn#k8^*@J) z7*%wzDr*=HLOM%?AN8-+-rwh&oO-ANPmC0#!oWOQk{_V&x04_!M+yYHAvr1C?6A7aYTDAMKSe-*@6)Q(CNeY3Oe z$RbbO71W@pq}02bV79T>jf3-!9e9R>*caG$E+_!3PwU0TtL8k*1Aoc}@8!3w5Ag6m z{>mzIK?LX;t`9zo{q+9M1nGdN-TbVL=HxsPMW1L5Kaox9ow%8rRKsx@j>P$^Gt9=1 zVJ!~U9j%{ka4Xcb8}8G0UBLgQCHzdjdEuc5U1Z>`FTmo~JIUm&7tE)+I}yR2z+~+x zM}-ZiG8e56I}}$|DsYDY{pObqjg8JoZ4GbSg(cXH<<)ac2g-E&Jcz0xKd3=5-vbwM zlu9J7^mTTKCnmV*XiQJzBuV~-e86tFv7NKDBsdbw@1MrQq+yT);+wd7pG2APa2_hK zf|~YMw`%J~e<|QC!W#vZ4Hnxq)MsTtW{y~&&RHIy*OlgDO+Sp z09VRVQSjuO*TQ)kJ8xJ#*y70nn#a#${@2qiY8`3!05xA()X>UFJyx<2TH#oH(DbYD zR}N{lzq51Q)}GYyJ3QZ7Z9a}X+_>fie~Fos%UNWbLw>?wcW`jC%hfk$Iw7HC$}8Fr zy?+YF`9XI7=>w;YVGw^XDN9bB7tu=}CW~91(r{|jo zfL&-4P3rtMm^h9F>B({`L5dk@{9imV@%E_j3H_* zAUr0}Mk;_>xdroO7=nsao8#*yNH*^$fJA}lF@A^N*4kb*A6&t6)oJlYfRi$N=u&lx zTI!Mnhca7DN068mb0w>-=xd6QQ`4`hyox6!oc|n_iGZW3ZFSw;d{& z&Wvp=gLuk5T;H^~7EL(sEYEn-vGO_4$(f@pAlU!t4v&eusbQi+LUZS~B<{L0O$V=% zZ%5SlJ8m3bNSm8E*Z?UiV!u4%94g$Dd(;aDBI&IKPQovgldX)koaQJ47t*Dy9ZO0e zyPY=!gKhNDN;v|7a+ki$>~9}V*uQZB3W@(-hJx%*P2*Yw1CpAIB5kb1x(xNOoZD_O z&jwAB=QZPQUHB8Qw_kA~y!Jk^cfZL#QsK_ut>=j}7tBTAOUU9ap4}OVl=i|t-i$3z z{p{PsUS~5S23v!-BCIpXaUr_ajItE-dYDmFZ3rEJuOKQq^p(Q#7Qht8ce7~kpBg!} z**%`u!7hbxX=6!`O$YGm(p{vM`mk`L}-jCwz0|#5fFT|S_U67A*BO|@+JUV6 zv{O10RkQnt!t8pZKfnzT?$d)+c{cCBnQ&x?S0M9Sqri~6s55J;ApznXR^bDD8nEIi z4Q#33t{KOdeGc!)bFwmg%aeU>$C=axobT%+v&r0h{L zmoS%6kKb*YPjn$`aqY8Hlk3+BtRct7JB)~qixbB>?at9G&z@RgGrrh$U+5CZdN}rd zsw;#0B%*bAQQ(R9!v4)ZQ4Du9bSBhy#OC%=kL3H3vFl`_mg8$i#A%CA$0$EQ-g(1q z%Zq?zT%8|Mr?q$Q^b$+7cc;Wvi%EQx_SWAtjl0HOkvCd?@Vva_8=!R4vBlVM6!tTu zn1EW#&hDTvXGs{pS&3o^>)BvSI|-Rrg6p;<7J~`sv*IR*WYgSA?QLh%+PY=M=NE3( z{?av9GAg+CGwMI|cUR9o2!pc=a%Qp6F9mG|cI|!30|`8G32%kwH&p^zRYeS2V|@0G z8OD8%%U8dLU7Oa>mO6%*QSQrsxqW;pC4&3!)p--ZYT6SQ1dFM?0YE$*FV18R1xY3&`Zrm^3#uigdtd4tey+jhw{wPw6rGe&WDHgmb6H%8KnDd66k6lPT8 z6BCL^_dRuy(SC|bW>&_0^^Gw#-p7L@vK&nuV`4sI1@%T#yR>U|?_aieD0C3-f{xn1 zc5$yAuesvN^uN!(XmBU69(Zlf?G$|mq-o`s8!q6p0!W4OpC{e{SC;SKR!k%FD!USp z>gR+Lc4`OUdgi^^Sa`0mzN9aEG>`=&XFt!T{c2vx;5@~L82McB&R1M-ekYDOeKqXK zbP%fNXzOTN@%$h=x{}qz$l2u5_P5lg`TYT~kHtegh&?iKu`HPXBv{aQb+oq;u0X1-mgNY;Y(GLu=`M?%*BejZwqv6IRR)~4FVN4>3@VqXqxS};vG7LF2HGC=D zxW54vu3nBwjYPp;Eev4NmzRbY|@-%gyn8P18$ zdqPY>^#=7`)QhbfRW(=Mdxs@khmE^i?tkvUEoT{wJv;JPXFw-l+TiBU$4U=HIg1() z?jwK7-WWG1Q0I6{5RmdCg)v!1cjk9TA6zfL7o|`|?4ObnHUK*fmqb4$XS+iGUDtYz z;Y9Jp6>aeMYJ{G5iV=LWE|*}1Fug@fj7~CbIGM0OjL9jY23_FN6bp({D?l}NTQTdg! zDeEN>=}M?i6$CpM`AxpRRG(TfE<842&AD$9+6b|;D;Z|#%uy0>eS5pUBJ#Wfds7TH z4rAlZPFTnCZEiJ^ge}l1p*B_Z%X#dMVlbDCYrWQ0wO@=(zVSyB2NMd~{~MhBzb*oR z?1G1mR3o6Pl$Kl^jN2dfSpvQaR4AI7w2Gm6-VlTlGB2fhw&D>9`6@M4e+4=W@0P$0 z@lZ662vxM}zHBWl12kMzsmYJSs;Wr2r9oDN`*Xf=SY%~~uhs9WHaD#pYayOCdD?F{ zmQc+d+!|VPgs*KGUEN&0HEHS$jVFUl`7M^1@U!F{q~+x0yQ5_clm2GdOelAOtt-~* znI39Z*rdFhZm}~=*?ZTlHNO|!?iX&$=>GN44EJ>gC2a$=s_HH7;AjRnB}I_P?TIr3 zBV)A8MtxmU^x2gYKp5g?r4nm_fd8+7E@z>MEwKst7{r)&FK|IESoBm&eO zt_lJ;aEQE7&3z4n-r)JOq;2tJ*yJV!B0yf5Y-w|%Xc zqb9HB!$qFCoR^hM!+Ck8;QOs**-}lTRI1y?3^q?$Ti&ZZ(g{Wpf6o!S!SfA65QkpE|KaLE@fSxB=e&H52# zSuWwllW7zqkr|MRwZO}Aie7{3UViF9;885Xo5WiG@*X)Sj-((!3@zGVw0%h%jErPB z?A4_i%dc|<;nmdXk5K1VYs$I_e$_*V80ggeJy_uHREY==$Oc1$Frr0`6>#G$JaN4| zC>Do?>Ke7kY(R@Y^$Z^=i?1PMR;50Yv$5OjHYSr$g-&%*?{V)Wl+4P94-C^@0U8(LR46%dWt@wGroM$SMb0Z$(Mwarrg z3GBimn$=<|GPS?P*!u(Lq;p*B22Tu%&{Jx0a>*)~Lzp5T0%K$WjpPntTkG0ien8f< zz;8^{dGPUvSgx#5=3B3oK5fm*BMbTM?&TX`QkdhPefR05r4{wN z-x7cJ)p@2-fQT?Hv)?_Rnm!ML0*r=p{|!t5jB#MJ17qi@! z4+G!crgxs_utO-aT@m_NJjp*QUpHNU-P5rX02(QT`y%@5ePSDGcn>}9vbHtUvZ{Be zL{r;JzP)&GUm*DRPd}+YU`jq{NjAc!Ql|+iSSP)FmWFuKtH>?4*v1-}2r?c`;RbC;RWFB*F*iy&CrZNssWx0q&Y`*sPTL-WO zEg#RR6*O^kC6{u}?Dr?4&s@lF;@FUU_LJ|iWaWHCCt>f&Zsg|Ex;U$niIb~{ z)6T{^x}A$-{Hc$2r?Z52a71<3Z`e_AOHE^<;0Ck*<`edGw$x~ZO}9P|zcqVm^u1t; z^ZZuL%pbTZ3-PPbx+es~&bkKHnTgro>@?u|51i)*^&d?}-d%mw=i#si-ti3du{~;| zv(dx%QlKC&)r5tZzdnzYJ;TVTwuXgq_xD{eOjbib4b(iZyQA@Lv#yq=p|536#fUkt z$+@G0E%kY}(Pv6?7RFf!Yc=)x=~-E0j~`aPre|Ra?5;uEce$Djtd^uK&%!T(@$p@5G6lF{p{vnZ!i~E4)ymEeQi zF$2u(rJ$~E_x=inEP-+;AXpyGr#wpew&D3>S6A2Q2x}x9u5@0dD+Scs@<@dDU>!h? zoI0N3sjCO>ST&l{73Yvw?!P`Vx@g|LL5K8}KS1HSG~E=nXh;54I)v2%(%&V z#_+v~U}z!u?Y`t#DiCP#Ys_rHXoQ&4X;L;m2+!GdE&31%tX$Szi$;4Z;OZ#lYP{Uo z9bQ~ya|^h3`YjWv*HtT!qopbt?h`29^|GIvux9M7md0$83fQ};^)x6!a7ae^!=|sB z0xV-Eu+6Ws7Ns5{3>Q09gg7KVJ?5Yn;hoApU&L5QwPDh9JffEIwbEvNQ+6n*M9)Z> zJQU&Vs~Dvd-aShWocHtg(4B>p!BC#dOq`qcF1DQ3rjT&_g zba=h)!!18npAS5`PAg~}nVy(8vntDH%2m5O)P0x;EI|9=DgJwNTWg1cVuG<3xDl9j zmytOqU1(|j9P_s2*pnZtt4>y zl{>1l5%|+>CVeNMQ@i(Pi#>TBGz>Q(Az>!gV_!e@l(8XMCiCHjqmz%bJR_(9iiJ19 z^RCr+8DwIhg^nioq)Kdwv4+LYm=OIEXK25<+?|(y%WP$%A{y?!xOhcUO zj$0fmSJL?62_{Qv%613AXvcAL9~%%{M&Dj(+N!@^N@G%dWPy-Njw;|8(cXf?!LP;@?aR zcwXvBI7Yh8=hZ)LEOKUHRNaesXAN?y!+%y(P#@`s@ca~`F>~d@IOfRAG+1;zs^5hq zId?}0KOZpm7xc`7b%YDwI$<_8dZKX5RngGU)OEq)A|iFo8I6vPV=Kv&GgLk=x$n8v z*7dd6pNyiy@4wLQzl^h~0S~`@Eer9Rs@e{g-ILeOy0p=QzXUexCY`08SwHg$g4v1> zwy1z1fR4~msBt=LOE66EEtzp1RAC%A7VUrh(QL++d{3?_##FVmYS4WH*gX=$ns`|Z z#5k=KN`MMy$&ctz72w@8hX(cc75K0O0G6*U4xadeF3QLk3`0>~Uni_@Kw_v{ExDG? zK1noYCBYpr#v@V9`Zdai;Z_iKfko4e3o7UDrFzG&&yEpu?CWHuu^$u0*Ot(D!Om)Erex%mULRRznp z*N)o=yDAc3G-eO5pFXo0Z?f6b#^II>;3C*_RcprBkSaI9*E;#zazTwciXhvJOGGUT z>7l2ojbCL(Iq5Zk3OImOSJH*9sY=zRtvPJF4HPtCUOaN}(u)H*=8Dp;;jSp!S7+C8 zs+;jp7&`(P2Tuc{xSTFhisUVqmb!&&B9hBhLp@-7N*A+95T!IUV59c18$_fo+7>x*aShN?-rC})4ymA2Co$ZP_9W=OE5d8w=kr^rldSjrr=+y zy(R};3Jvc5x>*@w>^nS{`o>hpT$E_3m?wPqd&Z?QvGX9J02Tgp&7$N5+@k%{bAiC- zy_$)~LO9OzpFKhh!tY2&yV$YXo3^*Qv<%`%rAJj%qi$@|>U>qqV# zp@pUSIB~UzNTu*e;DR`^%|$N38pZ&Gb+3?s zQ8j)SAvR8SaL#!{)Lo8^Jydwl4w!pYj`h0#wR}g~Qq$Kn?s8hWUBSuCk?~v}FZ244 z+SB9wP2VW?|9u~?PiJFoe4-6>bni>-*ux(CKiD9r%};vvl%$m)ZU4&u7>}=naz8S!bMV!# z654;==cerLSgce$V_krK_&6*!5T`lm0SQ}CZj9E<)L1Ka9J=Fa(%^DBBt8o7Q|f+>g>E+1nhpVN6`CrOYtz?8W`tUB zF0F>$9u7l+cM4$NQSkqt^YG9J1syUoV!zh{vSuXvME%XtGbogbF(2X*1as2>Fq{!{ zJdBJDTka6ZzMMIuDN^Ka^T6it=W+7L%H3A3ND1rfITPl%#^o`*(xkgDr4c{8N52O0`F4uk($3`=9pCJBF~okHW2H8$|~ zxF`~Y2(OT1)`sVINrf9JJOl`>$G8Zus{vB26d6qy<5wd+3m^p+i~}qy(e|1f+AwVdyUDt{J+!hZyQz?0x?GxX(HJ%lpM^U0yKE z%zD=I-1o0;(S?C$)fJ7tpYyFYH#(Cqu0kLI>Q+_{`%?6qmGzj)&t7}0EfL=bL}1%{ zVu*nuuVi+c&c&rg7Cyev)xH!N$pClPQUs$TJ@WNxTEoR@zS!SxJi|gFY&~FRh0^&8 zA!gCbpcRZ1XDPaL=$)I98zBj*+-Z(-dy@n5trve^r-v@hK(*Bp1(>CF@g0W_D2_GCTh0iTyXN2nkQvM@4SQ1Wzn)40G znBJBX@LnMA?mEE2BDRw>NlIjmw1MW#qD3jQ{>4TD7sg?4CH&#_SKgzO!&#HPNm`W3 z@8Od`+9+qOOCC`_VhC~zLLn|&!Dw_(#Mn=wcCddnSHm%Dmrtf7{8bPjV)!GUvD`*4 z^FeOD)`$icwk|DY{`X(_`&tZu*q%QjU!{K74m@FM$6>6 zVi!x7mHtXm6aHVft*MIo@sYR=KW?fIx;n&GM^9Cjw#@r%;0BtG1iA^po9*X|HjpvY z0c)qHPjdc4$wBK6CzJ}o|4+||I6bgBf|>@&u{vll+_9YX-f@qW{FX>jVq!_Aa?k~9 zzjf!=TKa*l3mD4ZMBYj+B9CA4-YT_P5R~CI$ca6U+*mK3xx#Ymy@k(15RL^)%$37B zqvq)ib~%pn6g1hVDqKtvQ8=u~J?KmJ69 zM|Sy+uBA}CiXz;FGRXUHwSa?|p&B-1hr9ISk|)ez>EhVe=hRLO3n-mra^aWR4oc7B-sekAh18_27i4k ze+zK@(r)MEct$~OcD9%XZl%5ubj4>)|-~IdSQ{(|Y7pjz5)5bz%yhF4OVyk`*4=^5T#~eyv$e^bkbgD{=P9%XLU-*jZl= zH3Z`rZE(>+dF5V(nRrG+7sewpxfa4r4|%4qr4G+Zw|guO`%DV*eCUf4>^sR68@@9c zwAOQ`yVq?9{oKs3)XBW~#udp(mT+A+5L!IQYyL#|{w$J|%`C==g5_0P`bem4t%yt& z%EPzx7vDLV4%~OYS?YM*SWyXh1ff-sXEVMxWFWW62yRNf1}vr?%xB>OOoY=`TZtCb zpYJe+NdjSBA2~(21V6daX5TJ_M!|7u-+NR*4N zvtv0l&u5vPCn6J>zt$)Gs|v)Z14Un7V~|XNQ>7-kPeh7}iy*)CJn>bnJs;H4bq2(l zP{u{3WYcb&JH%YcftF-o-WO7|e_T<=N}isi73H7C(HoiY6NOE~W;=7Yh?m;XVo8U~ z1Qz{1Uo-hsiS~eVdO~XkcTYnce^p?fw|T=lQU?IU`>nS%t>6+sot5PI#)0D>xAE6X zT7*!F*E7Y2Z$1p)rwOx<4D+e@Wm~Cm8vF-dkO}|n2L>IH@#0k~&VYqQr+uUr-`w8D zB=4Z0LAc%TRI)_DF^eO!xFjixb`C&C_VJdKqgTP43t)0X=1IR%Y}@Io5;7Ba&K@5X z>i6iyN>$|1h&S*e{cY9CzWiG7DB~%C+=IXOjlZs+VqgMrur4a=0Q*rG&09k?B5Y0= zMJ(sN*V_KfV-;b}h4TJf*U^Q>q$JDsSe4==mi@j3r3N0008f|7A%umI-1G+rg4DFo z;d$>57m!>QGhD|007K}9ld(k_Cj+|T!+UuJP`mV2DeJtn(u9l!{O`Z~Xu@ND{gPN= zkd*P_B6MLGE<%UvZ%O%ANJ|ID^opLioof@D{C#$Hu=ouIz#nz{JZif$_e`{jc=Z5? zj})Av?`lI5jfeamSD6yGC>We4{c9)vw`vFLcKZ|ixo)NV_$e2_khB1t;>ggZN8=*l zT31}>8%1U|wV~x-D@&GC;>ZJM_`+5&kd3etEOPfL71p;~U(9Df7jX5ytFn=l>Zy`-D<8K6G|gq<9_PpCMT!@Mq3VHVF)x8F%tW zZXy`1AP|i&U~{C!E>npnn07qw=ra3-Xgna4Rdd$%lnXp==2XFesi;ITvk(Flx)KnR z_urM){5xu)G>E7ajACBu{eD|bT9&Gdh@DyW0JU-6e2%bscXG?LbBYbqJ_RH==Epk4 z&^TyN<{hA$9i9s0`tO(dmtgPqkbVyA>S19=ci6<~sA<`x`%xo<9{Vsj+EJ3G9Q08* z*5^b{9Qk3&mG9h$u_WdDVp-l#Uop{4D(;MJo?bC7oY~|%u$KtDvD`{Ij%yJz4vuX^nV%vLn z?%uHX4xkV>SN-C~@w@xFG9QM2V2N-hh)dK#Sj?rdqEeLq!6D*|le+*Ph34@O=8F3I z`q2S03^t+o)8>@P60o~yrQO1WJH(r~V&A$vqdW=i9zHyP{^B!EI_Ya(@A*udQ$(M3 zoKb}~)Obbk;`?`J);|N;QR!aYUETYeZK+jYvbN54RU;Ll#$tM9@h7X#^xyxT=tuox z69>@Sw9~P*Agc% zLbAHMTSHXEK4KtWM`sWG6r1Ab-?f!cQ~82l7KOsA zyPxuwfkCo6hZ~gqzS_Oob)=-S#eS_{?|4OHPQ~o~{nV`hHEnJ2IiJb|k*i~FD+`Ov z-d;I@cz$+$FF&Fw$jk{HWbQiJWAfn(C`~w;~^uXkRD9TG@M}0X>_9qo+zokJJH|#HE^8`eluALPGnsB zUYyn|XBQc9^s_aPZKI&LF>5s&)ZNvUt*RiLU^bAraoyiE1-hVq0mlAgO(Bjfb>v;> z{KQ1fcl?36sG;Hdvym2xq8d#!o!)MT0krd-e-!y}T?GXMq_I%-zxFmZREO+6-_REI zhDrqf_|xJ+xWaTaxA-JQk)fO#OgkW>#fWRIS|!Ay! zka^lW@LQdqa6`u6)oE}?n2^=u%fBT}Po1#D0i96t(yP0xIJr6&f`3fCIuqo4I*lce zCMnaMvJyHe-+StG{o$|V+bw*8cVjHl-hIbgzs zSeu)h>(I)%w90cS|0oY4!VN8U-MW>ytk=HRx~bR!E-2LT@yNjNbGtfu5_Ye;mDQwC zk4;>zIytFu^08WDvCY@oa2pmquc3gLl$2f7y(b7x9anBW`)hZY?UmCpUMK}BCMii) z!@z}~Ll2D$ijS+Ba7f-U$*U_Zjhywoc?Wm6t3ENB%VS`kgaz{c<=(O3yp~)!Bm^S4 zAnranK@EXH-6G}J_t4iDef_O77qkkX$hDnHF4e0y_h>jcIAGUPr0eHv2CE-z6P#D4 z%#V1#@_M6LDk!ZTPH6;b!RiB>zZQAQ7?6~;m@bgTsH5=w+&V;b6d?Jl=R|2%M#)2*Pq_Jj}Sro6R8cPibm|}Igy5bRy>*@H>G}I2Ha6WGX(~63=BRD zcfHfH7hs7>8PWNoQdfHacn(|jxrESB>X5F{daQw{+)3KripHFXbpCa+zbp9fg!|YK zNtXP@u^OL(1ZG9w8EzGTQa@5*BsO<{5?f;o`32}xX*okJ$0-~+Uvk)e2ef3?o|txN zparO|-sZ&9s@}GOq0P`PSJkVhZ@lekI&i+PTHC)yQf`{QjPs(9ZSeP?lv4Hll{4fF z@5qK4Z;+Ayvks2vDqKb{XNcWE30NM`YQz7@%ii2omxp^^> zuPx#@z@yIo#ejM5PleOz`Y5{Cl)bTD78nO7XSz^0SVu=kilc9KQF%bjVVW`Cwtj^X zv@-j_($X@8b=K)2L{a}m>hSQ0THB~t_@7m-U~JUoQGZq~c&5ld+T(e!(M3xr*GNa$ z-UarnWC+8XR#=|uIzFgN-(#cQN_eUWc<8gj_Ufb*g)36X_`ehyznryQob5OgfJr!$ zfXmGXoZ|%n%?0@eM|3;f8^C+|2|eyI1Y3EIjZF;8fqG@4TsDV+_i2*^^&hfM_4+1R z(}_t@lrGzA`0*$|wsM3ao*jSMHi!qn18PDP;^m-F$Y$+>THIg@w~?@kk-MjJIh*M; zu;ka4Q6cZyhg>c+@9glsEQnS}>|0w<5TP=!P5Q9BiW+G6bIHs4@(?v)@b2bt;Piro zmd^pU7;oScmg2d~;A7(|s^`#ddOUA;olsWxYUb)A6BxK#jT%g|Cy~Sm_^q#WvqJNq zzEUI97qTyUOxJaI%^zMX&lN|E?@7=(p_frJT!gmgdx$%BE8VEnLThbrCd#VFn|Jjx z34Ay44p0-+)>vCCVVa$h$`=w;Tmby!^ynH9K3mpw9U+qXzMP8@DUZt7vuR!&dT;pJ z;A_UziBfTN>GGE5A;aj=n?%HtP=F)+3y{~x$?eHlcv8K#MBWZ&gdTD?T>yLpAQV|Y z4F2r9tV|rWU3+8_ReUlAR?pMMuvT1NiHem}6SS*r`71T$-=Gt~N=5ioM_k93GTjD7 zWU;qyNVu>?Fa9U|#I?JtFU_f6B$~5+nKtpYC2fVn)P#Yrl<&nlv4GclNr;c@eJN`_ z?*SR@rbtMv)fZpjj`N0^fTB3xxHoKWW%8G+`A_cg*(uW^ggsAHsHD`QgL2ul?s!aP zk-7(KCyVRUHXa_n3K#IeNcJ92P*eJ$7)#D_YUg|5-*COEV`ZFX4hDlbYF${M^XpI| z^>GD??IpJ22C*&vhY)jfrj_O8T;{xZJ=d4&B@vzBKx%Pjad$V}r5fy0&Hk4o&0p0a zbX^J+wP`y@-^>cdLe(z@T7g__Y-tR#oN1vTgAV}#_eO^uzl)qZ6W4b}>J?a9secYk zvaRvky&1ELTF;OA1-wP$U>iZVSs{TP*a%C+l|YBGo$q8_0^APS5n*AQV{)?c1($S$ zL_=@ogpGqIA)H*~Lvh_D>(%8EK7*PFAmehrLQM>JF%76%Pqd&>6LaYtI+d!TxXKJh zTUU+R?}(WcN&+dz$5~(%0znzu+w20doua4H<+)Y4LB-Ka3({rv5-Pf>Rl z-}Uc)@S8k!(BL=&RGn2Rq4O~Oa*d$nB!UALTU)f1Bp6EwG|L3YpF{TZK%77TEWOUT z;)gX*>Tc9=z|?`(swc&v+KaLz3f0w=GRoHW7=f_=x7>%nO54XT00eye4)z$+_oi=Q zd&9;NqLO$hyqMHfMK;^oSli_fnR)EXFiF^<#X=uD!Yhid+IFf;9a=7fHCW3pW8tHp zQZ|!1coHScna*Rqo8HB47K;K)mx1d6zHfKy8G5^%OLH{w?S#G)2~@v6{6_cKY zpn1QIc7@fwWVc;@{V&r+MVuZ>eR#*c+ymu?Cr{;5beokSd%t_Q8r57Fmb?$U7(Kjp zRGotYTBfF^V9pzOFt4e;n1qCn1Ucz7!4ZnZ#8j2aAY7@vDsTRo2BUhD;XKk;c zcIS;K26{r<9r_5DYp;=<<6Xh$d6hYVtG`~y7ge7KZqJs4Jw7Q z+Y2Z8xX)RELKMntl?ofto6lW*+;$Ka9pQk5k!m?H(xRoTIH#k7kzv{A zAWLJ^4aDb!wd8vh|KQk+)pviMM&!W&>&ufmcPC3c15)#{5~RYM*Aa#A;kq`W+NqM2 zm6`c>7T?_4O2^dx+&@HFdq-T?Vi89b-t$dj3@r^C*#`UkItw5+-}9A;7)g^QCt zbFuv=E;B)Ah=gVIRLO!KI`!t_M~Hvj&w$yROU1_YvSAf-?(MHlKk2C_M1d3baI}Tx z@xJV5gTr6+!#mWdLp*`6>~$`A1eb7vN~K_H;-$_{%Lsdxg-?Iglz#TuXQYT4#)hJ> zO#@PdOqvT*BI;?-dk{kAB04+1I-@54Zs#CZwY5)YgB8P14#PBvicz}uvD~uYqS|8n z%o!l-tgh^b!U6_eAL)VY|H>fxd#8SXn+`=6PJS2P?{knys)t8CV8d#%&e6~-_1~@8 z!Ve$aWTV~Q*~rq+_xzgTgVwUL+fyQxV919C(J%nH+f(J{juMlxtWmk5s`QB5AOix* zHxfsry%}TE<1D$(4CcM&eqVc_HR#eQ+9BOR1_87UeY07QNwDdMd+0+tDwiYG*m6~P*0r* z$wR5nnZoT8qobj;Rfy(izmg${WByRFRBFO7nHb>ZQ-KC_Xdc)k$hFc(K>eL#QRV z9>T`C6jXSc_ot>myr#BR%TQMu=*C||5Kp@Q><5J=?}$&iJ%linw5x0A_5T`I($_DV zvrPvkG%Z`73C#y0 z9q6End(7Ts5vVYJ)7}mJaKYGsuQ9tpxFvuzqQdI99oN!{corZ^{TK*6E7F_AHNk(~ zBwDuTp2&Hc(;yztOFM)T!W&1U^}c93+`Z;f{29w1-Rr&FRen&1;tPB@BTkO-7sPT0 z(+>v=2)dS2XRNYfEl{fjOT9Xe9UX{X5Nn9m*%i08-2oFXh8%izcb8D=m{w2(u%j96<)R}zaYl@&DSc(`b?2$z#6zL~ zTiNbsachW3bRIgj$GJQ{!uMDVcA-~RQ{Dz!%q$BW$kAlcN+st?sU0eWbsP4McK&)LveWXkNEl|nfLY_#HzRXt zQ%UG>l6rHgkzZi_Tb8pyNwR>0lLb8H$a#~NJ}Z))z9<7*R%f%*7>YWW`7Hk!St|Ed z|89_lVBEk9ue*K=#3jerhgUUM^0jsbm!KA$xtxnAF`U0J)TR%F`+(tLI@UbzL?Sk) zyc@sTSZHqSVJBHQChFJQ zsb?(YL%e=_KV%mJbU;I8Ir_j(7Tw=I0L%-cdQ47*Rj3yVDIp**en|i8|6W)akFi66 zZSCViYqK)#{)}6aB}b@gB?Q?|+ZL^*RuiQldNukv19f^j0)QPKtW$NRrnI!2Nu_?0 zh(YNAKM&Rq+J?FWx*kS{{ky)>w0#X|L=vmEg{O`nM=i<>Jyr~k4svDyq;*7ECk>u^ zX@`d@zIu6O0C*Hb>Aj7UUnnF4tcq+RM1KNzsOt^_+SW|_o1}CdaJxE*HVhf>gcDE* z$)!3;E`3);7N^#wrZB;fQhz|Ow zC}0`B$O?GQJ4Nl+gNUxLcfJxZ^KgW5>el__ti60F^Kl58LbkcJ@fB!fiW@H>#D~>dPY~Gi%inus^PqmYhBbPiMn4C>0I7SK~Kc+PHFbGij_i ztSEX_NU#%|D(o4@CUC%?Kg|LoiKC5bxJFyog*%u5TU)Y#%R_^&w44o-{J$oA)YU6$ zI%d6`?)CwdL2&B|S;>e(wa6LIemkjwquR8QcJsu}aFS2jPn7-W{ORmXlF{h&bnis} zJ(-{_uEp{hDme9vxZ5^6uAkBCf8JET1F0q&nCV(9_9zje#1a7qyVk`Ta*+>_3 z>n)|DxUXp;_+bW6oFT>vBr@++Z>VW6-;^p0k6Fm^pf~_oKpw1f%CajaF|k)%$NiBc z=G;ub&IKXK_AhM<6JcnO-AZMj3VioFVkM|~xJ`vur&Ibii{LM##oyOofD(@vn_MmV z1?J6Jr^fLaA}97KYB7{+(IVAtXt^u;3*rd<+-@i%LZnNK+=IVn?IFp6Dn1bTEh{6l z-Y=--9M*YceJZrBw?zsS~Dk#9o=2&2Q9wT@%{?C~OipWb` zwpfJKrj2=`9O#Vq(+;whAR-UgsRIoeH%ZKPqXTf~bHz)~)8gK8|DF(60tQD=rKzqk=Mv7Ih5mlB@_jh+gtx z4+xRsuu7W`7~|?M2%;r!O+;KqX*(Z&QYfrbc?u*ju)rQ$Pl{vj3+jb^7P(Rcsged+VbX{n< z$By5qlWbnvW3aisoeqE|@_OZtkU577M}|!}Qf74FbnfN{rN$!(8E6FN#NR@7Pc=;Xmip8C#CWlR`^`(1N7@G^J{Y9MNwn!*em1D1_G;OZD zynL3k&m~w!1yc%ZKGmOIe{vbrEX37Jmu#8J)1Y>#?x`lEk}DwmHkDX4}Do52&-{QEzE{I#mJ zKNJ4e)>WNSvl&go->eGqyyqj+4KjdWI2YU&=)?ss6V*S0+QN6zD6LC)vS&}_8lHLK zoO=(Argo)Rj9bIQwvIBL#wXXu=o0y+h-|Mu2pE^}EL#r_8mQ@Uhe3gKyO}qt^|K;T z?%p=S#bG2s&OmsC#kisMpS`IXhwN+A$xv^SO|Yx?Ye2t<1?Xil~J!#OT+wA ze(I2Wj5=OhK>Mb{pm24*M&aCiZ;i!a^ZT=ruZXjUp>kC2$2j;FkBieii!>bytN?@? z1Og52uv^p}eA{ASVHvXXoe>s3UQK##F;laqIX@{b8}B%ZFeqYVv)XY$&wq`GeN$Fb z^R1|QRffTlote1=edvVe)BXj~$uCfVZ8h*_$(ex+q?}2zabn4ks9R##K%}KmgiTp7 z!TW}eE;%IRVXS-^WuwEA=dlJzpV#Th=o|d`AAQOSYXic;{rqck+9igR!9TdeCNg|4 z516!TT`9aTW=>6TAp`tt>|@Zg8UP|!!x}3rWUoPuC&ip`CrH+CuI0w1j)MVhO{aF^ zMk~Q=&Va~F8zH#dqCLcvJko`q#N7Jn&BVuD0@eNOaBPI5oi0;)HoNB-GZiAUh( z(kbD9EK$IvZ0+}tlR|3?Aa-oR{UH!0bDB8acylMTI5q1Qt6n`gCvHAYU{`@hW9La; z);O)%CJI|K&H&(9&F8C!z-gC6vbC1t8F`f=UI3m^kmamxD>w&89LpK*fwK7%JGGb9 zU%;gwE~8{YBexJ3f$%YQ*8b_ETSfutNV>AB-7H)up!CeZzzg|ZEx0SrVj?0Y^_4pxFDols>Hj5n9Y$ex50umX5FB`?;YOf7 z_FCz`a`q(MU*1rBnD4)8wCl?4V|Sc$%hkTpV_6nqV~n%t_^D~pmyyUbx#%&6Yx8B{ ztm(n~w2pt~CMw&1{G(^}kM;g;e2fMXKk6UoLMu5~JnR@mb62c7t zTg>nWJAMX2i-Oel0FtCHMYzY#;48V|;@HIOZz(Eom3wiI7goq@MUBy~5w&ij!snyh z$ES^U>DBBZ^??BiYrnj+=X}19jE|2Gjclc;FB%f+b2jXI)j)va0%)l9BThiXH~X#N z@F$nAL-i{0#Vl%L0^mJ==wJ*W1n&bv#4M;+&Mg^h;*H}nbNvkk0WUFkXXsUP>24~#ruZy@nIJv8MTd3D`<0VfqO>3HLph6@pIYg{I&-8-f@QZ09 zq=4*gh_3VrHLSwY@UQTne|zHq3V{uIXa0>YU2%RetyRV!y%0!M@S%{F{>e~|gy~px z;XT>WNv0HCDN(197lrr94WiIJrf2?3E2CWCxTgOkpDZ=>=JfkmNu|*MhmQwhmOf zIosPdH3@VN=K9w(Q||LkKgl12$I|UI91mNwdX!FjjHzo3ie91PV_FIQlBFlTyN5ne zUH2F}A6vu%PN1O(fS$Cf2^&b5uk6fDk8T``~mWzWvl4 zE=N3jf8>&kDeF!akE|^}mpGVkuKR&?=UYw(4nCz$&F5p^A|CNfebILL)kEM(GeS9H z)fyWYIjz=K_UesJXFCoM%u18u`-V1%J&v)wgg3I1wk&Mz1AJJetz!Ho&;@rvSE4q* zKA+^we>lN~#P4B`*dL#|fAMe2>hEV`J_6|EuXBHIOArGB40UDgR3DFeZEE48UP%~w zH};lFry3!9PPV}kzK%w3+2sik4i^Eqcy^6HtY#40Rs-Nj0lQU8yu}t!$C99T2A>W{ zJWi@f^8)FL_3fM8Wnu)qYozXM0RFlCn%%5;{oWyqy-aChCiLV95AJ7%FWUp6drGt) zgAp}WV>_%?1!rd`-`v*oa>iAioVYJ|6(xCum%fjgOPiG>E!755$mg zgAw#~b!BCkgKtiPRR2>-gs}P;&n=KYq+G ztT?jTs<*H_-I!?`>L42y{#LQRL3B|=ppsIZKHM#W3(?X{`q9*)4VugU0B5g?z4t;^ zw};TKS{IRb{i(A%kB6V70##?V)jzr8ZXFtglGH2`|62_5H+^#lqw!Xp6nZb<<=c5c zZj}G0%)sXyuh<(uAG@LeT=YAE+nm|2u#ix;Z8GfnT$YA`XDHe8=PZE%A+%;B4(2jI zx{x|4BE*`QF=hl>$(hAgteH+*)Qv8{R-Ri}&nNl_FM@}^;^y9n)3H^#%F6Mi-2gQC z!y2r(Zt=RV!9;s9jkFCrfYu0t^vPUH@eP*v%wpX{%Ui#eqW;<&p~f$lwF9V>6on2R zRi1-|@5xKRD-VCtGQ%@YU0q#<+~y$Jz_Lkz+s+h?#}uz%*II+;viu8yZU(mdEIjez z(Aq|pRnKK*h1~R%mz9%KZ3*#<-f_F2xLz7i99eAxK;nv!(9LBJYe;e7QL5+e6zrR1 zCO1E#$o>ZddVC!0ar3pYRIykIK&eRLpN#CVm(@oGWVF~-v8bg%3-fx;FOOOyl!&FC z#xV^gyECTVZQ#w8PtI@1nd}i?b(?jM0H9S_6qZP7A2ZB_zvM?d+-=6?fmE8_?;@=Q z8q6iW*-uHny!$T0@&Jpel)h*E22r{{6s;>;eBkbRRvh8UniAu=-anx(5gIGUY&)h^hd2nY@V0CO5OBjP^-7()p194n)I~O zKH(>HDzx)11NclnFfqQKaJUP!8I9D!dMSadrYH| zZ}|N?_n!!+ch+>kHy^0SXm6;jOnv@T6rY;8j73t<8%f$r1cccQ*(`lpcp)a)5PNs| zDN8)Xxn1d^UfvHtd{}?h+XWg&h#=exX#Qh<}w*i?AsLQljcCGp=iaT zj0~xQH%ekcD<=mN#r z+muYk#i^*MTh={_$c^%i{SN>I&a17JrSJe0Y!3cY>aWfF*-yy|)g}SKYvHOrJ-D>I zzFsfbi>X9!$|gf17b@iFkI+VrA&!^3NLZtGR%AI*o3i0o7jt~2lP8t}pVmvr_`X88 z*f^9i<$?{hwcP#j9g@G(Sc*ugk~HsXnQINHnI>qy5kCB*&7e(EYGG-~lI%Rp4zO@a zUMJgAJuWUXcM1g-42FQV{pWGA+iZ>$m8Xishj~Nd0GrP3sq$Q-VF>}(?Wa4_6-nWa z%gFwIg^K?APY36$udF58>5+9GA@6|wkQxGk9503zJ7TS@ok@GJo2*p0Rr8jWFHhs= zqHV*efvTc)>q2_8X>Eoc*4NjUWdib$MFLG6D=Vv7i#fl>#R$;ErTSDFG&6^zot^|7T_+b6AF9&fymH zTr&yrUzsrk-->oA^MP3N|5AL092%jHrBlC!e*r2(gj=pm@H}qyKu9n{xc2s!zop3k zyl&dZZbKd8kyi%%j$2oCjC-mE`cddz(A#|*i(|FLQ4?Fcy&}~Hr)}HWD))zzpTzZW z9ORL;a{H4>n`Su$J|1(FvZB{I(Y#2zJaMYCegtfh@2qC>uq))~MfA5z+sdV-acmN0 zO?q%!H}PFW20;_~oKx=!=VhYm#>yulk`=K;wY{J**5XM!LA#1(yT7=~f7f|pD*!0n zyqA)v5l+zKqxw^Z!;K!b_7*wonW>5F@82J3mn{=%H*A}M`W23?<^fw~Z0t}=z!5(h zLJTMq!|nwTbP8=f?n@$BL1sXska^ zGPK=C{_#{GTs$c+!~jn*U5FSB;XSK?O2o z@{A$e;sO8_*bnmc7ADQgnKjd40PqetC^Hyfu{5TS2$4m;yOMyMQq4#^kY!ho@LpoFh1MPVmGfWS* z{@T`wC=?(^X)UGPfY+JV2XsN3UUBvkbB5CCWU^|=+n!1IO0jK{Z`MAUXg%cVa~!OW z=NRWYfSUZ1;MV^CN-GA&F8~Ho!jQuU`q#x08D%7;1*hXg(+Dz6lIl1~cwwG8ZqD60 z?m?~yiA5mMw<)&aO-?%UFomINg@`Ad=Lb(AnH*jrSCh<@QdGeMH&q6citiffVD$la z^<9QKlF~wwEAW>w?Fg@sCBZ&^4~|faEa33X(v>WZCCp4_EQ#gJY8k6QXg^~)#kQ{B z{=xc>yrh3WL;q`WJjDe1gTOmD@(Rot!K|#xdIr8r5cGa)gf|uxSCKzq7mybuyKb_? zbVuT$fMn;m`1q0TST@bKf)N3E#lshSz7l%uMzCm!?)nANiJ@2x&a}%*p^9+pi7B0& z!IN;oxN@aKP&o6&OW}*{Q1<&pWl4G1S){u5oKVfuUuOM3v(r~=*ea4S^iPY5iqi0& z&t?Hm`6{jC^8u)PE3MGgr3+`VQz*Fc@ z;4x)EDZi`r*3*rp2oW%$j)r}0tlO*^pDI!x^b+WH0`*P(awo@j=Gpz2SXmi|!}#=p zETCEm$@}3FkAoK;LSik7^Act~_uhG&$4=xmH0YmGWA5T|2}Q)sc$6D8q)c_6i>|~3 zI0F=VxrL`6a?P&cJe<%u0)oIe0+jH>Jn?yl3{F$!0 zegP-Ktjsh0@?8ZzL8G~B`P7kj1fu!rg0jx@p1b;8OTRMsB!T3tdl;xhNeQHbL(u~L z|75|uD^}{P z+T1NO%F2w{l(V$E-F10j$;vCk3gP<-yR;JyWe4$^yPK?VtfKs6XG_vrtDSpd>YOiq z#(Y6jjP?Y-6zBikEu_iD0!_(0cVA9$rsa}`ua1B+$O?wYLRf3 z6?>RdsVt#-D=UzCXJ+SHx$!!(69jowuRmbj7uKLd`om}R@zH&Q==HbZ?0gtL@S#yUw`KT)=RD>Yvi96d6!+FL@tki-A zD=%FQZBDWGdg(CI9~v>pD=Ia^zRN3Sy~pXc=f4zM8+}Lc+drl{%x>Kb%qHAR(F1N$zT2uellmisa^%2QU z7P?x?Wc$wZn^ELxL{d_`?1dez_GL)2Pj1gOisI!LW-b!>h#Xur_pdzL zGi91GWWco{4%J!_HtLelY1VRTHxr0A!2k`}zI%5!)FeS!vO1)PZvFTyU26haUH7{| z83%%kdnnzIQg89OBt*~SMzaDtD~Uf&G88lvLc%8f>IhW!x#EjtbGC7sNP&&vzLvXe&tOyp7bmai4J04M8(w8loFVvIlF5m z5E(I{^!S<^x^0RZPVUcm^(2puj!FQZmnqq?Tl)29ZX}s+;C?U<^xVZ)JQi=rM#8mEoNDGUh@u(CR|Rh3>>h^gyx!A#ExX!%CUbhWlTKcYB!cf3@pn| zx+=2Y_l**;)JW_gLwxNp+T087JK-jdz%Z6x*mAr!POPaB=x=L`LLUrd%ZL~sZ$!tp ziM4u3zt1$tno?LOFy^xHd_N(1G~+Pb@DgVJB2K*koM#9AQ4V-GI8%*fb2DK-DGq#R z%7uAE&GDQz1e8kFr5MNqv?!ao)f`^!!(Kf;Vm*g zLlyV|hfjSQrPRyCE|k%^l)5x7hw#WC$VyaTg*8}5%SKX{El{rCp6v>H0QPlnRSsLa z&;KpIdPZEew)`oclO=ELo46h6ik+`Q-KJw*VIRz=1i?ey7Y_A~j_2`?V+@RCD}=B7 zZ%W_GIG5H;W>giUb3YFEFyyN^lkS)c*CH>?+`nx1Cw(~tqA8};S zyl;#bj2pp7f_UFGWV_mPd5){bxCj_y!s)jT{c)Byn(m(Lm?_heKmL&V7A=mf>dORT zLuL=~rFY55lC&&zlC&+7OdjRGr5?dDY4kmvF{#vtC=Hh$zckj-8CSwnj)z zTO*6G!atK1r0z0pju&cfnkgistw9*u&4q7$CYq<>Zbv}~9WzJ(cdNyfhR|65$OkL@ zd0i@7feffJ8Y?>Rg(WZRyWZF0X&SE8Ha2$B*%5NE*(E2Ol3}+hbY6KCYU5O;66~zr zs?E8EjfY~cXD2l#{$P+d%84Z9A-S-KudrqQKdS71*4l4nfSxN`;_EkCaiEm# zuv)L5r~=WnH%l}g*8ooSy|HvY_dsg!%ptJ0)?{1%B-}*YXA62dS}7iL+>CM7?v9T(wH8C6stxIzE@%O99?$BR<6jX{uV zL(hK3>h{fSN+`b($uMh}7mH{cxUi7*fZ%`D75^F$k|_p!`>(0fWaDqAPOruh0QaKw zxO{YYSe)CeKOK$sNJJmK_Sjg_u$-+sAFZ@A5cteJb-j>DoNLhNcXQP8 z^+8LImWfExI2Cu|Zta?@1#L~+X0!Ca+8$zzh(YlEKN!r}lgGI}D0bqC+8`q} zQy57_-YAr23mo?2y{u=qxUNQX86#Z<+qhOi7-{?aMTYdr zvvzLeB6ydza=Z}!7Ti`mopclV;6UZLB5D}i<-8&?ZWL|;c1O1@Zi40C=( zKGBw%@8#c?$-jZqJDB%@RZMm#t-1%`$9bJ(v4QVU6Rm|_480lFbDJAj{JEEG3#f{- zcPi(?ecW0~Vf_MhzdWWtzg4^qdr;Ixr99{MhtF8=(7@z*DZIF ze(LEw-sqgnAWDT4~i2zP@n0 za*BzUSCow-6_HVYg3$B6(3}V_T&f4w#YL|MR9n8d?vQoHwNrQ$W`g6ZI~a;~U_?SI zXQRRsUZn6&+kf2_^n3P}dJ${6ys`a{#q$I8O`qMVRDNXY(6=z9?JQ$ibiyly*>I)v z)vNYYX~9<-0);B)F)RiuQ>O(6#1|*}$eR*zBz38YKnCPTwdzY8qjzZ93<#i~{g+91 zeG|(AYNOM)Mxh*mc%{Kcug+BYav^WJqb5&^0US0q^+h!=)KVs^mI&F6p+=u|P&%#) z9~>>xa8zT-Wh*LC=QXa_aUV=CE3_7AXN`^Sp8FXJSEMa-;VgpLgcQg9;dNd6O=Pm^ zSXxf7s8XE1tU2Q{e&_OkA!q+ObjPDH ztvr;E%LG2O^&j8jpNT@PR!<;1`)ouJC}rAckv{B?spNQCtu2~9w`>c3e)je^?&BW= z6u?%8i93d;t6KvLXt+A@Jsz8w8wQT5GrElmHFf?UH|rnSAr)gFHBHSQueyO?(&Od} zDis~16`8PyFv6x>J~u5bQsivk7@fGop#%T^@F98xy%muStwcmwS$$)?s?%7NV}w!g zJNkEfU0*+-0vMD~AY~^o|C}I%cgEQm;Z-i5r#r}jRHda$YdwcO37z{5l%x!iaNbxBRDtH;9HK}jP3jQigEJmP(n zUMMLSV{lr4Rs=c!7x;{;wRTx15F5Dd1V6>&;o&Pt^)=>un(-9>Iq&O)1pk`2IFK24 zg2=_C?EgpCRR%=4ZS7+bB2oe(5+WrGAR;YYN-5GYj8a1lNJ|R}D5)SI-AFe>gObwC z(A`5f4Dszb=bm%!J@>nRPOtai=U()(uC?D;(YZmZot2 z%A_l{Vox-`rr@(fUIy#;T;#akah-t-`@}_vA7JI_rxxuz5;8v}dF(Mh^PuL-x!CE} zefO@yfvy-ic1`31SL#42r7_E5^6&^3L+uJ%CZ%I%wvgj|p^Mt%A>o1X0mX%dh0_+3 zDwWp~_ZAMi)LpIoV2J!h{X&Cl?k$+Cy#YISCx0{hmjkhOZ=scdj-4<)o-T79r z9{#D*5Q^>dx9j`-#~~rn83wPe(YS1RnYY!tV=_e8y4m&q8gleKLewrW)`TNoT zX+-HibAlK~Ka-CKID>f9fCwy4(jd}z6PVLm8p#+?@A3FLg_(ykk?0W~!MVrY)zNIt zVA2#?yAG9-_AcR~jMC?lbR#JYfln^H6<9;AX_}9zl4(z){JT>?6<0@XX)i+!@ znDT3;alRdJH-I#{DFP5u%?DiU>$mHYR{G(6Vzh4GbhPPLYNdNBnF4e}L=JA>5q5N6 zvNLv~tDxjwESvI>JG?lPI9biM-ZKFVt277M;KZpnfn(Me1gkBcIjOKAI=_M5{%+Cd z&qa@K8sN6FQ2R|wgdQ+^_oN4XFgS=VFf2GS1wWk!82b}FC3RJ>*eXes0C5T51y5GkJ*jm z7c-qlV=m)KvNs>}{(iR%f{R@-p4BsD1+1TdtKz z#=|?0jPPij8}F4Y#aF3boF6MkHa9cv&8v3z0Q}eTzzToSbI0M=u9bVC1Ztpq3?a}J z3F*Hd@}$dPG-=OI>@?U!IYEZ#7p(FN0~e#Sj~HFT*p$&WVUKs`(JZ{z%% z7c1EdAh`YFrgAbfxmm_X@df?CXHlE#(40>$+Ow)F=>Z5z-pBp3&Blc%`i~28KKtX$ zvlnLZ;>OHfj3CJt)elB8>^|{Fa4Cm7-k(E|WDgmUA7|6#Bmy#)riq#Mko+zsUlvX# z-HYK6wsxF?n!7EYnPt}+g1NXO8+{v-w?2{|-}!V`=Al=V$oGeO)P^eqnIpNLrv_$o zb*V9;u1Wn>u&F0mRC*?za|5gV5q>TR7vqNEVcKWL7Hv1sT+(S!Nqy_L;TJ+wYYz@K zd=zX;>ba=WF{r$IaGpYGSI8bjOk12L`#i1JXfC?RTAU zh#-sZ)E7)0W(C$a?2LILm^#}{CEUZ-@x#d}UtANbdkM>&(=fbIn1Ny)vCQO5*aj@i z$Hk6cc#1qd=?yEcoCxzR^cCSlXwc;9)HK_e4s6Mb`jr=L33C)uzZaRaQ2nU2 z$Z7gwiE}LNwVQA2X5^79a)LSJ^+9Zrq5mLDgo{H&P+gLaw!Soz%-O^S(`3xzqY}SQ z4rcAwvvP~Oie}Zg6DqRV=9SLWy7S+-c9qDT8vN8A`XOqgX~uL>DA1lhx*6EJb-HWO zqRl6)XKXhIK{pI7ErlJ_Pd}K2#6)LLb+cUSTPkH(g=?4fAkAMr;4RIupLG4Ht>GDc zboON5;(k52vYRW`cwc0d6SMiOjwev-*+H!()ct;EUhbTt>9HDAy=xOy_2~Gx`lgOP z)u~O@M#UjrK(XcOQlwej*{DrK=S|I#$%$hKy6pRas_>P3a$8OX=92KkfZd&wj0+>q zLrhV-pp?P-smr-us*k)sL1ubo=nf-wN;mvc0CkM%Xos_Wpr(qBG_O>)8eW&!J%gW^ zqIFM?fz5jWb+cTb$9al$&vVeWat-2{m6cN?~GgLjrH%=T26Q$ z+mEd~^~=$D%3BCzBUZC1)d{mwQ$mEiZ_Wg!t`@Hk@3v5kB9VD&HVU%C+QlYJ{7qx& zw$tK5s~PuKwi<5Eif+3zYCALy!SX937Q1qlMD@*`CvY_0m<&kWOvNW_W;zPBebIqZ zTQ8Cg-9GB7+Az%9{CpI;M*5}D=s5facp$j0G<$lJD77VY}i2Wel5>!Lp(kB^T_+Bt=LkC)E0wE<`sV9W(9c5(Jb z;4oGR$569yV%Lsu-1h5(kuN_*sB6ai@i-G&FV$?Xe22Zra%Xe&X>F#qmIk;ioRJa# zev(oD5V?Y1M`d+_LQ$?D1*FXvl~>RGN(+9`El$J!!0Jte(j{LQDd8QO{>r10IS939 z(B9VJO!~{TYQ2`h7D}&*E7G>c{daqYO7vk z2^q6+Ry*(tmvO5q3rmE`pr9DFyNpt2;B*)rFNqco}adqD-|KNj613{Lq07=SGiuuE|d+)1ZV|~uF z%w21OS5a!rjvrqtFzTM`UD7NXtsvpm9uieOLaKNhHO7xRS#Xh{+ zZ+h~vw!*ZeSWblQ_T$qd2tK zpHcU~+%^$lE)HFDAIUH&Y0~B!x$c|apw0KBL5%`*stj|D%dz4^nxtHe`$(#!Zo?8k zVNmB|2NQ&O62fJJdEMvGILrVaN_F5q63#xhd`2Xi`V2KLt^gvpe50Zzoba`A!$YW9 zHV41vY`yg{dJX2bLVmLSJs~rQCqu)=cK~0G?inskd0p5&^@9wK5-74m-sOI46wb|@ z#5jTXOO9iR27_*|y_LwRzN*b?sVR312izW^T0ilgNa$VgQef%9Qk_9ND1>`&e{(8< zZ^}(|)V(autnn8~tb_wq&EX{O-q6@)-(?E-w$hnl!sX!SL0*0e=oJaIdF=@|D8lkT@>6{o5)vb%c zuw!QnLEROey?jrRpPNi%EYz<(`NjedMx37CDLyydr#b`>uH&^PDhz^lzbmVb`w~)1y4vAPBFaW|wvPdTZ^efaHe=Z?)^okfRIlE9v*D)5 zN3j3ZZ{qBJZ!%doi~9ONbwz`snlmR`HOi;^$*$TRHQvu+FtidAQxl`NZpFBy?t}Jo zb~esr1ai{fr`q+U@q&2t&aS(eBsbNC%c?vsYe~YXP33 zJ6t;LwYT0Z>a;FHM*L;UMVvOC>_2hE#2uRA!>7V|r_8fC)EuEJ?2-#usi2#D{ee-% zE9o)TaNk|iI0xB2Sbnv%yZyb(6MaRGR@=LK)ijHWEwgIlpdrPUjvBwgN7mkuXA88O z_;E}|cHTr~)N!GMh1Rr(5ZU)PlDP5YMu7dJ5=?D>;MYCamA0z($s$eSWSB@fd_cQ? zpy`xgEg1(LNwflMsvl&aDDXE`=PcY9o_DNx9?QMxx0;JH?Bw!OJ%38aE>j1Ud)6K_ zq5A>3OS!}KTcIeE4CE?gDe#@1<4M-HT#`Uphtkv1b9p&J^)o|_b!Erum%&gCSOe^E zIIdLgBiUnmD#$Exti(4?Re`HjuZ)f;{HAYQ35sgCCm^h6gV%Lav(R7ajpMMSX$(ys zwnf=mU``8L{=RS*`h(^U17CqAPerU9oD%1N%AE~qwr7ZXAY~du72KM`NX8;=8WX5i zAjBw+*UUaK`Sjgq&dlkvfJ6bULe)Z@#;Yh^kiaiBX$UfBzk60ehJdG&R=VI$dqk%G+NDe?}Pc;2)y>yAz z{xX3r?i*QEj81F)6dqdbeid&gH(pgs!0l`wEBWM}U$hjzhaofNr(pA|VAMsUI>aBXbio%H zlttdjw71YW-PlJ{K7YgLJq$K+u|N`>qU)t@emaP9KnE)W<2^U1T!K+7kvwG9jcB{c z3V5N`+mE}5a?(u(inVjhr|&>PkybN#ai+ndd@4auc+FQ?p#Gw2ler%o1=XQo2oOI8 zDe+f7`8})B909reW!FpB#u?oHqis3XdpY)zhsI(TtGF&;2en)SGTDVzoQR^oNJ-!nz~F)*~AH_rE}loo;WHS`+8LFEwfxF zJflV7w#i{Kz+~e;{C3tSa@Wp^FIUXu@q|C9SE=&|+sK-v|CSJrN5KLj>wc{aH@B5*|`YV_i5HTqN|rNwyIAS;f+ zC~_|F@#L?2Zx{8@zj4Je5sddp7&qI*4Zddcj4Q3NBHgIu?d>#WhndwTmv&0 zfD2ypi&IfGDAhzDQmnh=JWKoOGsodCQZ;pYPEVTVdAhQo((Gfiu=k9$vb-tlm(QJh zI$#Y}up(R|F6r&igyMZd1sc?R1ygq+tA4v?jv7^><--#pN4>3tCfO4d!?Dtf#?XPNQHb97_*VmvfLSnMcA*?`&~sd-`e1^AUEtB zJM-ev=TQUfenh3+6pW3AbuYD)hH5T$%xVDFg+iphV|d%f18wbYfioi}q!Qm$h?sH` zI`4wo{o;%WGMZ!Zdf{q#q3Vf02iQy{7Q8zcHFOeM_!<^__TX&o(3nYgiR|Kp(*1no zI~(TvM-3Uvm)TZ?_B`2m@{Zk1R)n?;SyvQ|#$ zsN{w7K5yl5gs>^O=cF+K!gC)DRr^*XS`1fA160RQp60yNd$FI6=EdTr>n67~`EZt0 z4w||llHna?ssdHERB$Jn?%BB%t=kr`b@EYpWe``v{|Xa=Zn`g}5y+~(+T%3Tfx za}COhSZej5jFoB-WG~VS(0Xy!?I|h?$kvSH6cl|Pm<<`01h>$zb!`X#v-`;_xO6UG z5)u z8s|16dH&Z7_Y3E%Y({MSA;?E*!)k`P#}js}`Kdt{=q5c?{XUkT{6O+NFS2xl!btex z^OPjX>H{i^XkBYm`^j3mqifurjam4WW`i9jkZd=^za7)Xjs{t8g{_tz{+xWT7V6Vy zTTrfV*bM&3oszl@E7`+T6TMv}{jiDr5FKl@!{cA*MAUDnqiRRzlPdNShh8_QL$$*Z zE20w4=uLfiMYErRUyH#GitJr>{X@R~!f$KWbXYWRuktk%eskk3r8eX~%Jz$VG1MIG z*6LWrtx>icy}7|$(T&V!#>8vgIA1+y`ATT0RC^V{zkk>mF`bk2dFJ=zyzrxc0YMae zQO~Bx)3vbKdWCP@J*atw<}t!^#-lt+MMJ`M2}Ar*m=mfzIQ~+e|Et1j2wJvf?X+v% zYpAK z;*02kvl#+hgDP$t$EX$=%CZc7esvqV8H0c+9f%Z~<~Vq|xBC_{!@Q9(zk><%Ejr#n z*3jN3ve8i87SDo&=Y#4XZvG)pY$)g@gc(+kgxf4eRaNbs<_bOwWvqT{E;eHoIHNoTIy8AhBjL>VE}eQ<$I;^Uf18BptAR@sXb zOHek{9*=s{~WZ+7D=4mL>MartZeg z^N_Mf0E+o1W~kkjv%UUXw%rrs9o)5Bbd~E!VRgN_(*>^OM-;05Pen#bUrEpq+@ni^ z$2-TfWwWjDw*-C%+qxgC=CgM!66$`mC1S>lxqja#Jbe9x#^sk+*KR*Y$ppyrtfbdL z4Y^TkWhIal&GX&pHgopNT{YT)Zfy@d-werJt^1zfd^6V)kp=?Pi*~nY-cEZI7Ie5O zKg#ic)5 z+^@GJY4H~TijoY0G-Aq+b`KavaJlMsvf7@;HfVol5?%-Uiw{0ctz^MD^YdbKZb#fo zv2Q<-zPT{>gY_*$Dyt!lCIOh@S!Dl@HhDAU@^LBz6T$iyxw~y>cQr{m^=Yki2=t4Q-aP zd|T@+&CU3KnE~OJS-`s^hLTko3+~L4*QGW=kzF{+b1EFlurcqd{D`KZ4Fe_Gn0hEx zLg|@P;qgSBTa{jsPpJ*&;8cUfOw;K!WbDHr?4&uU0yZ6|vpAC%(*0ieujKnb5AbAv z2g0aa_Ijn!Lw!{|k%jo9x$Ic{4_a=Jv2Miw1rIdCN6bmFX7=!LRh0M84)qLoNREvT z04cWnv{l!txD$5bu(HTw1t(sGYss}TLLF;uF z=YEjNYDN5{!*N4?AW0`C1PIA47gKbvws$=T%1_UaOSXNfZ4ah$&E6BrhJ6%O5G1q8 z+K&~1b57JpnHVdbaSEqwm7?@AE1x-zqphobYL8A8m}+a5lXp#PzTxpl#jWs|^rb%I z?zXFFkYSbP`onf(oU#+ zFbpP?McxbVR}=ieKMVCKXNiBC6PBdCDeQL*38Vwb+)q|0AG;kr6k1y28H^7pR)94MSpv4&9jAx1Rzc?p;W-?9KVgibap8RrLxXAPP#&xSd!6klH^ zh`?Pbc$~u>cnY-pehCz$$LvosS+Ke6_`Y~N{RHO&=gOt{Iy*;{ypV74FIu;)OOHdE z8i`KlUU!*eLV1QZ?cnGXi+wIoGr=x>=xq6rg?2MAoTv=oIQuYkZi*mQWgX4u?z^Mu zE}Abo@8qzc8{W(30|lh^_jDzw5Ulry-weO z=F<_c$G*Xg8Q1Dq85an{`LZdX(_<{xKB}yH0B=zlWU_(oEX=GqP&>B50Rru!^2RNC zAv~zAD;!eHJf#4T&`3Gcs)E}1YkeVofOywnuxTrFvTS4DIOCW4C~ehvO5c6o0Wy9T z+zhhh{F4tq`TP5;>ALzLfm_|5`Tdj*o1%TT6rqUZAAie^rHKMhP&)-HB;C{(X4)Fc zWS%p19(r>_1Ucz~&I)X1f_&6KRQu7FsIzYUg=rG!XPo9L34dp}`cl{1oagDS2HR}= zo|{w3+(QsUkvYrvg>ob_m0a%nPP#&epN1McjVR`7*50Q$h?kh)u@!`?1UKEjI%Xv# zn)25z{~D-&9vopSvWMIp1+2SqKwWd_{~-d(cfd(LcjE$#1>|JHNuOkI!etB^o3?8g ze(j)fibk#qlnZHlCo_D!5D5dOK?n=#2wJd=U5Yz|>%iyn_NkB@CFF&3oK=8#$t571 z#$iUBG@lj;l?jb{BP$$rq1Zcd!E?uEOST{I_8N1_hYOD>i{J|tz6Ts34x?0N%?&)IN5GVC}JxiPmmsX@}8$z^zbxb4?lk{cEm1CXomFXx=9Q|l8iY} z^~QSlM5N8)Oe@gM7TXowsMC-5(76PukFl)22X$PLW&?66 zW|9YO00$+PUvrQyXR2HFCW%xs;Hgeg8?EQKwduv#p|Y969h1&zC6pe9AMCj5lCk*5 zXPU6Q#=*X!UP;~7ozqs91i(trm+DlA^e6D*1i`}> za1f}N?(`LBu!Sl~=jB-O$;vuX@X22wtiPag|2hzN1sY0YwC1<3To%C=Mi;T0AmPQ6 z4g!ZNx?eVCy4ObRmTNI|FE0Q3`5t#ybCOO5vsw1MZCZNZcw`CoyM>mdcxqMDDvOQk z^e0NF<4cY$uxot&_$WWhUPfNGZwsWAdPYEy2a!E$nnKvp2RpYF%B|{p8q(uf!1oyUM~nNPv%#4ZbU3oR)@# z0Rptv9k_T66IxQYtS&b<7qSs2nP0a};l8)cQj+1povR1PTBr;whSlmfvx1Bvuk+0M z)3YI!VV*}{_+Gu-h#;f~>CwyJax~Mj0!H7fLNh8F z=lP_^Ud5v)(Ejh;iR@a#C+|Dze%`L!kDvxf!&>vFas&t&w=*!8dW|8st>*(l$TOm& zT&79G7g{G^EB#F*@x`ZcJFN~#Wc84gDO!#Y@fX|#8uc!}N8_>raox`A2T=pONg>HU zYu18;EBOS|Q#%ia8KvB!)i$N^b4=);8Op2ViVSQdHZ$LO%A8nQ*@R(28^$#M8^H4) z1ERza^!$2~FE@P;52$A`#)G0!c`rVI_Y3|BfY(aZS5D3cz^-48?u=jLe3K>fD~~xX zaJ}uqwlw+p;q zO}A$vcnA`Yq28g2iPkmyoKVMO^{-)J?NJ*1Np{^L0a+kep}P@?RENwyS^Tz*#ip{9 zGKGgO>;(&Nrh(XJf^6VzW$Z?t6vL@g@@>x5|NOXHE|ZG@;WXkbS2=xJtlIp|+2(|m>n^2clX$qeFxuaY2&5OJMRcZ#9jwR>cdhMq~%5W$1B^IUs z4a2z1dRaCpcm3o2^q@0?&@~j<_Yje%BF!$NS3=n=$Z+hfex5hA_qGY~2g6!D1npd! zW)+57xZhF#X=whFiwFD*JS>Wqc(-o>!@eLdojte1{&kVuYwCZiBuIYz9%BZWnY2k~XZcrx+un8=iHUWu@EFCU5l6&e)ukU#WBiEfd=Q9VJodK7%Ud_2U! zqRC$){1$tH;BbOA7pzv#_&mkRy zMZ<04$x;vrIyY!eL$n{^jnd9#)&{prg0Nm`TzT<+2|Mj7sR zTgcpHWso9S;N#=#t3>BXeLr8hFwM?IzMwY>0o9Kg=*NSL!{W~(`!h>Q9$$*s3(rXn zU9cY=02RvgmF4c*e2mr=lCKg@;SiQW=ZpDw3C%q(nejE`)oqN@UFvf`6#F4L%%4FA zkDPG+P9xa9n((zi&C-2;kl((SNwdd*;!x-E^fp`bRjEQ}&*&YV2}jHXb}=#3-mADc z$Mh`sraZ+*z&rz(3%euA?TLiu_Ehc3AT9_X=Xd@A3)zp|FJrQh9P{;+r68{BVirDPK!KGi3UmkobGu#kJL|OTxr(`RtNNN^KU$4Y92(i(ta(i z1}P~)*ENQwgAZgL3IIu1)(^x6@`}5jhTbSf=kV087)}|ahcYg9W2^t;J{|?0aj^{Lc}7VHAGsS zjFrYxRSxrc$^F|%D!Td-6fqE8C2cgHX}#21al>1;3RZu+>ZM3}G&^5iM;d|Q#GKN) z{B?Guo@iCe_i~iyabK0-kRAlWuWDE9wq^EQm|`qOZEfwqQuNN^kYR5-E$YU>lQSOe zq)r4jlCV~xCThN$wi=;P(;AU9aVsEm;DBb_w-b)PY3CZ-jQ}+EwH3aU55g zI{`l_0jTXDr#bokx$^AF!?q zhH-stD*aO8K5gE5n){j)0R=#kB7?T|IJ9m1tL_pay$J6q@DU7NGkITNJY`{oyVr<* z@Jg2DMna(rL%%mYn-7*@K;+-l$h%c}d)P;Zvj0`XxC=y2|HahPVhi+| z&aHB0?qR$Aj?-MevW+Uyq|Awuu4YGf$-1J&s_)sqe@Ky(!nd&~HX$L32DfOZpZ?5a zzK-rt&|WHRd+EuU$8@S%HC0`44r1Muzs2|PZD4FE8V0+7ymmST+XK$j=v8?NyH;nG zeK>+JNa?Y|;*)TZ!sL>V=Dr$cujUR)eId7$?5IYi@&kT)$lmAcF!pciw<=f~4P(&y z+EElbs9IDpG;rfS3D>zfW?juhcf>W+VGk&FdBCpbPrfUw0^R26@&i6<5KaE$C>F@E-pHecN_*0 zQ?I4U1lzYBtyf*|z=vsgOiFg-ZXl7!EXyL#sue!$-i;t$VL0UdTann~ii& zT-hcWF-F%3Li1}jn4>$q%}CU(kt6ByZ=tF@YQ{AB#U{L+xp6I2h8IfRMF|IK1cmcm8*!LK#+PGE9A>F7ihZ6zkN1k;8q&|nQB*VIjKenO#h!+w{gonbWX#p842TR`5M+mcdH?@B=%Kw#n}l%2 z_oQDx%j!QEZoUoTLmM)`Q6Z{OE(~{wm$Lx#k{k;5~q~5p4}$U0l zK?#7GbPRHrX0tMpD)-@K{`N0={Z*Pn&X8Zh}Q12F8! zQde$TjI;Zs=Y}5)@~~QMg6D>da{H znnbMK?Y`_lPeGE@aM0Zo@U6@i1GRySa!&InyhGA1q_E3CWiU-el$htGi8k%T)=b&H2S(9>wUmg40o4J0kTB)G_*)@(k4sV^RF5BeB z;B5R;(CJStWT8;7r=)pCZRaJ9!t(M^`eJX1E>HNpa|;HP2q*2%<)%WDPMvU(-2>r` zbgsHndE>82i^iM;$}+#48Q|67fpHrOSo~l3NiK5KTej%MPGL*JizxjG_XYhAe&LX6 zk@@K>%O4wvRJ`@7LWXS#5TG1Z($x~Knp3t;IEitQLgP2#GZ);Gvu7>+Km4yhr)2tI ztg-<@InMz>hdO*@sQ-b6N=I_fm7Bwn9xXQhzlLffxL^`k-)q7a9ar*^=Mqa5<5&hB zR4zy-B;NB}hAG(o(P%S{k)$bm`ltr7cM0b93^nzpxJ@gjgD#VdB=4g}2q1tt&fRE; zI*IjI=}X%i1yW;cjSL4$j?Xma5O4GG`mqGtm-q-7fhXa`Oj9;XHG54)+j%s6hPdTh9o? z{-hg!kB)yBCJAg&vkw#}-s0WZKJV7|lqR~Yat|D;VL34OBwJ)+jSsMTJuMe!scjF< z<=B&lCEjPN@pXy_?&cT`4Tv2M`XF6x`G(0nogi>>_ZZrfrTZmsUe_R$@o~yVT-c-E z>FU2ePWjaRVNvr!*oixAx~0D^HlB^y=n1>VUi{E2w<} z$L~BNIO)%KIwB7e-g!tN@1ek7@Z#m8FSM>}+$CaghSGd{unoC+el*v;yk^H)@Mvx0 zCza##;zw(v$k9=a-aRTF?E%c?nw>UuiRH+ns%OShK(8Qa!f7h%rr^AI*CczCI!`t$ zF|AnPyW>Jnkyh6wk?>=bZDJ(p%jW{CPfIzwpI{hxTtDF4y!*7}{J>ObIq_`Hqj|%~ z9a{hppf!>`Mb5vrJzU#Rt1nzDo6@(R_QLeOT4cjK8Z33$zY{Iu$_GlA%nKa`xbFN>aPO>9yk0xTsn#s|>s-k(cX27@=weHZF2!jQ^G+uM znXy0q&S%4E(uRlNhg}$<6wTk{UFm3XP{%owA)>)JkzEyc;oYvu$vawB6Z`*N2J#As zM-aa20mE(@TQo<)3q&!zlo{z0NB||0g;Sg;TIXPNhnzjbN`eNyV5wH$F&oOj^cezS zefmtYxq=52sX73gsODttWO7UEgIGbex;G?*(>K0@7`}?Lwsw_t0)r@2t?rviM{H(u zz-RTwm@_TLm<^^{fANy|;yzCO>TeoF0xuuU`oGiqkeS&SVufLNldD_)d9fqDVMJ52 z(6lJf_h#WWK8u5j_d|vj6!;nS%pC z_*<<-T7d$|&V+=7P5y!Yp~~cNiUJxE6cEHwovL+z;{M{_==4x8alh+`hTp!xZhPwy zx8o%F)c#|-{`D*L6EN0Lv(jmHJbNsUO*m4_1Q1ON@O~}10WurEbd)%Nlz(;iwf^gp zKMrW*65GM)H}OsWr%;}kDVA3}ioUWbPA?Ba06~4`KPZWpE3nak3X3Uq2EQI;cFwKS ztN$L7^6J7Gjiom&IsbUz-@o=)0iGR_ng+*PJmfw&IYig?>W#}^u$*MZ$ZN_Kz!agq zy>$QHmj0euBl6;;FM+lzAMOay=07ZLadkY8!|rC5b*o|b|ifc~=)>nMr71?=?{maN6M+Ra-vnFSZ zrxblwtj&iNh={4hEe+E0CJm7Fbf4I>eO#@$;nRvLSZ{@|$Lcip363ij<3K4@J^S5g zMy$ZzcJfPY^x~sqb94TYke9!2CG8EjuOqOWRDSuJn4@ICN;r9;S~V#aV~kC?7q7U! z82iY?T4=h5LLoRfw1%-;zKjC;gskkgOjB`*$9ns3lQ4Nscw>2E=#EDQD~czXOEY)7uQHxE{CoHuRGckjn`B z*6~LDL{b;qRACcy6b4>wiNzK1xf7XF7hYwe2s%HhTv;%E8#PW4mj8Mztb0_j^kbS` zd5j6+A5t1ZMHBPcKtscwx6>H3*{X;x%@NBWYYe5iEaX&^({29OU8_b8L6`C3deQ#f z_y6Et_JrZR^+7U0N;+4b;SsZgv{v-h&%Jy~FP3pG(|=aK97Q&IaIjwtszm!BODBLN zCNpINqsjpIX6)Q8;*`SEeWdCO_Y(Zi;o_Ai55iY@m9|>|Ebymi^B)I^Euc6J zvV~LRGOpJTFr*0sZ(IQ<6p4fDAmTo)fn=tj*y?6oLe83ohI(Jd{!r)9-G~2BpzqO{|cJ+}Act^!AA83e|&#@<;TLj`sB(eh&i)7Csb^DL``1{;^ioHP1=*9mh zOZ-RQkT8MSCrycCM)pRE(;X8`B(>nMJ>{9g_DqluPa#Y^z*xv-R%-but(UN$gN$n1RjQ(Q0L(n^kP6b64}pt=-m9Ht`iZ>!fkaZUPn z#g?Ddy+LIUj=gLDZnOUV*b9$%SzmGt?>8R;`ko+c`-3Pclf1+!u??owft3Guk4*!M zmy3(f_8-IR-^U#NDCni2gOeY^#2-n4kxnVOvvuvN3)Wt{Zj9cy{ky?`Uy|FJu-6XQ-q#|=!}jfqqldSziqlJh>pF>_e*0&El}p6Sx4?7Y zlw4;4EyRqxX2jcjj2*KjHl90RBrq;jb003cKXhK)KKdLd7}Y znGRF`|1-HY@_UfqZ0+oz?@2LLcNpGeV^5}3`qvA7Ky;^XN+9k>2yl}HyzO3_igN26 zLlyNPznGwgfUbb3x@Nd)@4L&9F)p5(s(w?^Zun!9UoQE8m#GChOaEFUroMmx?!IHq zICh1^s#%@9#kTIPpnDQxJaU0uC)3eGgqN@M#WS0GgKC;D_2XlmUV2&$_Y6y`!n;yp zWAA3MawJD5sYe&vV05HdZYkA%Kx}^a{8E|fF@@^IS273j_Zu<#L(qr+T)k%-6(O@C z#h&mT8Gxs)^hOOBCJj4tjmUj0Z8Mw-&)U#2n4toBzf5&vTI0%0^8{!jvhYl|>rg@vi5NfII# z$hx)CtNlMy;++>Tra0oJ|I-2Y$^g(2J^-im6sNDmj_8fiA3Vh19e{axmK~(^_a5>O zbCrm}B9$^ixa7Jvi*7SNsOfHRT8PXe{XFm4Dvxx2p`;1r-l+ zS?>?q_W%6rMGtO7C`sThkqE~cb9la3GOkw!wgwX$`z5jewt;`Arv9J1{r;twrLlH` z!A+6yGBofV2XHS219n^v(__bDbEN4HF#Bk!g|sHM$BCXAi|Ukw}I=EIAhZCW$ftkMb# zc7`-`sv^GjI1YbqQ+$5O6+8oqE&B*{yEG&EPrJSM=JEqjP~GbGzBy%dbGmU!s&fSo zGAH#N&aFMWwn^#+y`8SR7vyej?E}i0>s-3Ep;*$rA|=IM+D@qC_q(Ue`+98=t(pl3 zKZ^k z=tT#t`~#2*vu)PUjKJ1WR6Q6!$_ZPwFef5upKYcvx6+;|S5wh>dhHA&WV{*lng;8) zx*KS>d2kwdu4iXFOpp&~a5L6BFwh=B`Y#T06hhP7&VM8o8T=M0ymD+jEo!&H(1IF| zy?aL}gK>Vhof{QQec_O~fXe0bI4jCedN2O~wTZ?jEQIftCf2@wPztdqg{HObT>9D# zbNaS}b>I)3&$aB*O~y*>1$iObi{%ikxL!ciG$fF0bh%( z_M>0(bJ@?=B1kTdV?T}BsFr0!MdWL(1b*dFoDy|b9@RS4efBpI4*C>fXtjN2HMD+*(bfNxbY*MmE1YnG3 z<3zl)7}HsL^0C;mvYXaUEY?`+Nu8U=(5$<5T@Cz58{MFu!|V!kl=wqF;E)8fy;-pU z=Esi(@$zF!sQ?PDB*EQPKoS}>BR~KKV%IJKT-#NX+4b?7Q$xiixORd_%#AXQNO{wk zNL0*}U+4E)_uOuw@y&KlSg(BPE;_R?^G^wZ`PjL`iq}$xWJ+;@A+|>~yZ(I)SyVb{ zuJy)sS}!-rs=2b06j{?3(<_gk)NR$~ctI~Oy}A}_>>iI6b?r-zb%DN#*dO!DtcWU? zcP%Q;nX;%owv!4I^C&zjn}Ni{Em3wAd0@H<5(x7x1OSIZTWrmjubKMjDa;nICOhkR>OW|AwTn(8tn0iN|A(UuBPo?q$uN*!#r&G9kX zt>?1aq)DTDBLp-k#$9nGhYHo;(ax__1bUKVSZ?{btgQW$coA!G@#tMY*_*kqfErh^ zkO0|-@=V=c({)j3CkCO0! z-KqEP$OOK&1P-ByX|U{ zW0R2B&USRlc^DNKEr20$N3_oD&xH?pW;5+Ra!|ZW{pry7Z25x)ptIktQ%kYI(%IeI z0rmH7_DCV{>mAE~=fWD0|4u&x9KxA9`-jF8DnMBy{mTf3HQx9hD3r@rT=m3+&~G~D zRT?Kp$->$YdD=*a!HCBqh({#EnE@FjJB3BQ=^6O)!^}Q4=Io7)) z$MK-3&>=dk@KefLJmsdV*ezB4pp+?faKe;nbrM?c`xyd=0N6wz#1s*XlRbm)j50p* z+w)v~$wRi!Z-3^46lgbZAK75&Dq5Fa5+mYW{FClCb+>)U|4^ zm_T`x)#RgE2#_Vz9<$GtK7*ixuK<|^K$fG0k96#m{EH=L2tL3fyfsh;TtgLHNe*TX zS*sou;5!AUjgd}9I`sb<7Xi`$hMBtF&EhPiIX99xJ|KTODn{4X;3<=-{jho~#ZO=G zxN44Y;;}?&iteqc9wl;|n?EyueaLRPCvaD+u2uTMoa|k*Pg``U`)vkrevsedr}{PoUUdj?ooHAvtEh zlD6S@XslX{-|r2Gd_B8#)J=z=Z}wruie-Q%hz_Qd)a4KAn4E*eXvZUYV~r7{QJ#P( z+Ib3z`ajOTJF2Ords`8uNfQAD1QZdah#(!Q3MgIageD!5fb@={pmaq_1f(N9bP|db z3m_mJ0)#5ktMm@voO|DU@9&lS{`0NnavhSKIWu!+c6s)*_Y?(gS=|2e5DV^fxf09u z(`Vp&ku&V`Ua=iRY!%4*a^iMT>bNj-?|HNaF|w~X+DJ0y5w?Z*Zf;+mi~RJ&`Xl4^ zw|HG!nC*9cyRDWsx>Q5oY*c{(hAp}PMzIw=H4ydz*~_`vyNX-YT0$;IQVVTIA_6t6 zF2Kh|8jNX|4|nHA_BS?Da1mz@MSMA`R#>WRH*6nGnccOZEce;c75J)}u}M{wH#Oa- z@9R5&TG_Dx;7XMm_xLpDX5UE4)HLcyOfSS7RzgzFeD|wqHC-OX_P%55rEMHl?&X-e zcHSfx(uGQ^XHU5e=XUC)D9w5MbyQU;j`o||5;dGI;0Em53w}(aJ~H=@Y?w+p4UG1H z1}_?8m1}lOIga$W5(h^zH^n@ZT+JM$YQNrfx%o@{mA|L&MN__hqk1X$uoUd>(LVoo zl($4zt|3~g)^W$Xzs0J3cj1O$8sK3l*=_=Pc}G}fh&r>?c13Py^ zkug!qS1K3my|CV)uCPSo-FE%=7C&29c6TPl+;X?VCN}Pf7tH#$yU@O&3;8oe3#uC9 zW|u$5$vn=TtL}eD1T@7#{^A2lMAGI&E!XaT_!wWl&US4Ek&o{zu4-5BKPo8g^KWn9yoxd~&5X01C(YqnulTc#H62LZ%=cI@_R(6O&;El{?9n7#dS!cn3? zwRZWa@VUW;b_s7>(>$z$;Yc@id;e|UVLiEufX}9P^Ku_*cVqD`xl&xOS#RAVP997R zb^Afh!YVCVQ@l2jAzr^nFB2+t^z$@BX15?X=cUUXJ^wLY^)Yd3yM!O07FGS;$;uVxfI+}DfeWVSwAyrX|2 zOeV)?+Iaa$zw<+)F=%AtQM^%_4?glJFM7JTeND8CV`#i~T3ISd8N39Ho1r&-SgL!B z3fLo*gy`euY5zc&b;avwS{*ygb;2lxeuaPeSH0u=5%gii!$J)``4692wf zga9$GrpHXb+s}W)8_p1vBTjNB83%$uPGgC$izlyLXv8Ikw1LMKN6`R?i9^F z*>C<~y73iCZySjyy5PO?HN#9GRJg`K z>~6#Oz>CX^v0LdJ?mBXXx)L>2+}VTI>(6zeI*N9e_$Wp4e|a3fLtHc^zZB9~^LTXT z2RlfPm2hG|yZN5$FMb#!i+Qn?DI+#&;$}&axo?6q>R^8ZZYD0KP`wZvyy!Bsqvlp; zNO2+FD{II~T)UlleXXy6=VO82R&r1nhtQ>bV^M>=MBV&HSkgc4F8f7}@wYczu2ZtWca8OAChJlFd|8*P6z3JZPde^cWL4R=Z+oA+fE z6SwwjP%y%g<%6#5?m02-QHiOOjkJ=rWO4uYdMRoel{b|UWwSIPv0?0M^HDSCBe)!> zQf^Q(+%_L$V4d3-%Ktxw$uoeJy8B}$*`wm)X)Yd(5d-PuOw5{wbjA@Rf`Yx*SXst0 z*h^hx6gf*<=NIRGRD=AwjO^QR4RHS8UG;yf5iAcR2m^J>ssH)Rdyq)%)TeYmMeq;` z`bX&y)%Z!bL-D(IJ@~z2Nbzt4`2Dbh7Bz&F{@XukEYu9v$cT`L;36bH00R++ zU|rQG7eGwsFR=MP7gQvmlk%n)#|Zzey+0n3t_Eb>x?Tzg@wzkk@#gxaXWKHY43NNY z5UV3QCh+|>Aq>lB=oab!1XRSJe3^uo%rq~gQBVL91>+YvOE3)aUWOg@sL%i2m-P$K zgWr9SPyW6Ce+_3i0J_(Lo%-BmIi%=k8h7hg!%%qKuK34riSDIyGQeetq!?_i(5 z!StPRQact=Y+)^ohN!){1#2f6Z(j=eWTb6&`#Ty$K*dBgycGVbX26&C!X`ft82@=fKvuV%dW1B9?p^z~vGIB$RklOplxzuB&! zYkl=SQfXeQuLVp%*1pQ(B?hIs{yWz0ciM{iIM2k0fvnRn26*N*Vq{D34Xj&!%c&RD z6vL4>u@l-M^%}TJ#z9c9V0bGT97A9w5c9^X4g@-fFN8En0eL$BGV=eJG2eWKL1jP* z{)eOcPr%l%g$$IB6w}X`qX%$F8B|lHS5xbu;+L12l~ea!a$C`R`IKaXiI&{ErA;ky z%ZaKlH}BVvI~e88%;=t7vl%(f#eg6JA?2gcB~ghkpvnMI(TX(&fWj;NF$LBiemm^J zab!g__gL6B`V6m~F+7k~WwA+ty+Ck)zce0K-;?O)qQtCIj8|?nEkyP9pLLoa+9(ch zgmm9KfY~Q@>Ykl9i361--tBh_KL_LGLU1RpyxiG05X3-)Y!~B=Vk_Sl65Wz3{bY|I zGPfX9j-u0h%O7d|T9cc3x-2+6y#7|wlwo1&C)W-azK!;o#BMfnFo7US|El5KEg?z< z=4B_`q;Rjh|Ld1+{rPG$IuxQPC_sHNte#iZ=Jr?H)n15$8P`6MZ(sG;?vIGPP#K7+ zK!|-NwGwFxT9w@5*q;B}js&RjFYtPmt_urua4vlUo6V1yT3UXPnCFbaNk3*~RuFJt zdIZ_N%kHnP{vTrHMSrlN{%+>4i(3$DSy9i0vs?Nu( zzqj~Inh-K#{p6mJ{jVljsr*4hGS(@)#Onx1k}Yf~tg}+lLS46DA0s;6F0yr;_Q$|Q`;8<|zCv#CC9GsXr;=C=J!X0FXV@)X=dC!r-b;C z>Xr)cJaZg=<8XjG9@>K{qc89jj3GAO>Q6tf3qur?PqMoe`WXvZl+)uX2^q;kdcpw)>pNEsr&FkwI7XB9C>r21pm7gz(J#Jh2 zcxKx2L!IsYIFLm-pKIeS2?e^0|3#*G zIF39x_y-*ZcH(~$5ZW3R;p7SG0^mv2YnBD2hbZ!dSI-AQ3gRo;Z_ivln|xUSh!R{v10PUyTXlKV4+L_ip1|L{qM!+dF~_# zt%7o*q7o!0O#$KHe&h*$d*&ynXJh&vejpl{@Hsc(yuY6 zHB;5Kq)%?+su7ynmKKR?O$2Yg?cyF#J%Q}ao1gDN^Klvq44OELP#>G_IwCNT4H=F) z!rzDZw>&Qdq6H>is!m6k6Azl~9X|TSOt=q@eu34l6E6Jyv%fE{L-H~}{fp@DZ{hFv zqAm-BXAG5O+!;T9$byV@x$yn8A1P$>2Dow${f?FRaY9CQw6nm_ac<6^Pt9Ti4Qi_z zf2N`O6$hSfL?eFyp1uPKFc!t@$L;$uhzYSPawZ@-M{x_7wtqqhBqS6- z9Ys9@&9grXzjk~n8Gxan;nyEh|I=jD+qxUVMjDEz0BhzST_#OUq8ZacXEt!fNX$Bi z6qxt0fCLJZOx-K!T|CaLyNV(<;hsNtU-SQVT-}-ALJMAo0-RN)FI{u=i`{ru~bZRoWhF0tqm5%@x2 zN|NU(%rof?2#50AV@^EAZej=1jydN^EqT1DKR?l=1$!emr|Jhcu?W;4o3{waq^x5H z9jPQd*L(c7C}>Hse+rjBKI=KL&xXt;?}%l*_`)V88U85hD12LObCTEfT$*%pjBE;3 zz;hX2a`iXH^CFih){G4=_2O`vw`I2}2(%#AD5sY2#0kPx$UYd!Ql|pFxC?sWNldTx z`>=o#1SfaG+Nsn2vTy!g@hALj+3P&@M^tAgCZaGHHya0!XgWF_8xMo=s>&b{;R7LIIeNb-n$*vervAKQ1W= z4GoMae=51J-t^+4c*Wk0w0A^7iwQn#b6Tl$n3yv;lzr@PPk)^A?wp*qb4*HeLKamA zp@Zyqg@t=L-ZFojL$oHagf&>Zm~q%>7+$}>h*W8EUU73A5OCZGwJ52T8dr8%E*P5Nwb?|D-LO46u6E3 z>f}T&P#5tF1{+G+($^bIAE>ZkrmWAx<|ed}Z(19E(#6GZ>3}XGt@P+ReCQ_H8b9W- z>ng=HFW~x(ln4_DW8y6}#$988e#=3?p&I&O%ZG0WSUw)td)z;R% zta^#Q3~tLFCyddv7M~94pj#^*F(`S5+IX4U6AXHa;ERDSwe2k#UV%jjF><%91Cf{wBkPt3WhKUnn{FIAFUE)g zi7fP6ZbkbIEsC!sBM~}8pQiP!;g>Ah#bM5ZsIrb2xo5s%XM;!#hog1eYgjm(ojlSg zp1;zy=4#>HbGWTCQyggcb-{P2*^7$F9DrmjMGQjOvV$$F>LF?l zQ?eHGA`QiuCj*?JMR`019`r&gGo0W=A{p=Rlr%g}>v$|px4i#{pFexPc+|w6q%uZ8#jEf)f)N#3;U3cx={y=@WIM`O} zB`bF{SLbhccwmuvwV~M6deRuTY^DcK;b|z|*(!B;5Nd(mIUg6|F(BJC+um|b^*VhD z&y>Z+LA)Btu&z*&Sg_U^FxL^AKR+UB0HWxjH%f-&VpU_MXd*2fG zq6l$~QdnaE$Qj(Sr6HK~NXwj?p%xn4LnB{4<_+Hax$)Qt$C&S%gi_gJFdJ}YSX$b1 z;095A{d+KCQDcCTeB-+GEbiSR~1|!tZKPk zEd&l8vMI+>rl7sJyWxPD46UYj9WE%VRH0mw;j}cfU6Cs5dxeIEgX1#?R|;Fzeld`q z$$o*lxi~+Y-WD!on^%x_LcyN&%=7bSi~C~&3T46%c^mIJdo_>at)ot3m@ezYJdXL` zV#Zw>eQ?T1*2Tpqgf0fR?GpJl-&>fvAETgejc|VRlE^DNB}H;n;}YtNf4-T&9#@^N z5Eoq|(Sc+P$a;04pVsn&7Rbf$BE(Jpws4)#x^%KItG;LN!#wn+&zAH)^B6#A4v9`R zdgy@(m>u+nuk7gx4O0fvbODj{x+t&e4o#Vibv)~jLoR_cOShvLpk>b0P(1P^S|6<4 z)=BWHoFW`tnauR8_Ve0aHq-@&OSZeDpt-4;jjw%du$K4^j=%_^;1uTm>0;rQ`D=f> z^+C-=54r=MuK>7rF}i7%SEP02++^TA4jQT|uUAdpL9RXOycqqWCe`l=X}Fqil%Y|) znLR_-A6`Zy%JSPU#h3IIKYj8wB1QG>rXasgMRtNy$xP<9=*W)aH{o^*N2yQ6HL7;s zh#cb>YJV*Id;O>hOyDn9HXv#nH5P-Bwxb>}?WC&qGZ6pU<1(=N)H}}&H|`oWUXAGN zVa4cgl=N**G8(KR0%b84m@(N3G|zA5?VPtx1#P-?mt?lU9(zN8M$fL zVqC`5+h4oPdy)Qq#?H_E0}G#MktT^TIBVRd;b2{#^s|D1A=r;TgC()G7NE<5BQuP- z8}46d(RXl(c~z9xd*QxQtA293P)zjr?IgO{$@m-kqy7A;t@@ge?}bFqY@ z4F^uyw_Y;S%Y_ShNliMPH`C+F$MvQ6>h>>#9g~7I7B2YK*)LsYRr~l>OzU()r13={ zX+53-ky<;?>vdzky=;A1eX8g6* zHXcSNu4*RHqal;m6>l8D9_Co)J#DGa5A^4N59P4nBX`Lui*B*DNkgf&mZ@|2=8YSa zS1=d>#`9g%79|R$(V~Mx%Pc$9LVObTL({Y4M3-K@a;MD-RdH*zJl}TT#7OAWtG68v zW#54A|J+p#WKV?@SDr6fgBRiqX z$fG?nhEo!)-byA$xF#!^B{*(*t@vUeQA6=Xks;-62k!aG4xEZf*1rK+iYg}20c`C? zDjk_S7H=7IS03yyXa~&CSx*@78dg3D7rTN!KmO_`fi~r;MM1_`8V5(_%dq+QK>@yv zAj$9F*X~;Ev!>V6P28_K(fw>~AiYTJSv;4%tDoSaRn3 zSd#+>LW*#op%W+NZvsg3(tN}d=kPeE4l)m7Y3(C*?1C(8{@JN{#(kKzXPc~bF6Ozw z|M3j}^0;Pz3y^E&f9|-mrgeX8>{nohWLxJvw!5^V>}o%8SOQCW!^>TS+>^7Qit1O$sdgYr_Mp1X2E4|YhgP37 zsj{GyCG98Ep9OzMRI&)5Z)7;W$o>A!iIWn3X5qWLGqa4IQlfVi8XNW0va+*3!1@|> z&Ak%i7+N%*HJ`K#yI$RHtkxCMr%{T1`sPa?L#4OFJ3E7mY}6yBfWz>M9yoCay)1=i z2=@WC0VcIYfjH$i2Z1LW>wEqsj58rgSzj zVtJu+i_*AbVTeB=G4b7ZYghFk?Z^9HocN$0F-2%Di=fRh9Eg$#t8P;4_Am-dV3_tldV zA`PIIAx)?GhS>a@Dm8gFHZC-3DElGS(p9p}Ku8}6iT zMmFdqpjFq(YH~L9J_sJ9!&`J}ba!reFc=$d$#o~T8MJt-47>VtM)wt!lxm@Dy6GVY z6V1!u#XbD6U8}pfNeq@S1^3ZfC{o^Sr4N%(_3m^i8RV^8t=#1H>9nvF$;M>clzAHZ z^7(WQj0=ov84DaF!&{t;oj0@TpKIxBpfrq?r{VY#ey#Y->_PL8M=5ay8PVf-hu|eK zzFw>8XXCkT+L=4~yQ%$ljeQE0^d}#O8-}c9`%6JQpQwblsEF8R>dx*)R}Hc=%2VBQn}#5VGWrE(n&0c~HBPTGSZCD`rRP7TJMG3nQ5A#6+)JcE8^? z&F5JQ%&_Yf5=_vGJ&fxu(wHxa*7kO=&0X@=@p*_4-a$9@4dk@+?WWp{niuq*R528T zA^#a^KH9+7!QzGGR7_Syw%-|dL^r-G$}+&k>)hp5+tMz^g-rMHGuEa%uM?XB^N`TeM;ZphA_ z?*xK9ud)+IkAR+O$n_R-Da9sg#jPTb#@GizadAvH^vZke8N7-aVnwpVbt3Ki=nXw0?McLk-OFY} zKo|dIT?|yv3A%`G)H~N?NQh^|H`~q$4Ww!&PvzQtD0h9ITBWMIF(8_}om0|lQp)W?|VHSXve(|U17 z`mV{Dy{0jC9$MIp&;OV&p=9hF%b=QrwADu&p^TM{oiQSbJ2jRU>&eafTv%*DSy?*jY&AxB7G4twxCZj)KUd-o+!j2ck^f^)c`p8Lk$ zzOChYhCIreXYRjvW=#AJuokF&S(9r|Po z6-nlY@-DdmYS(sz^r7rv)P`OFCQeKKPoEP7vyRVUhH^xH|Mvz;;#rdqc>enrCkUct zO?({!nD6+iaKRa`p{_bEZr4AqZ0dx;;u%$TqJ2%=mY*?8JylrFlqKBgzf4FGT~?a61~vGvCFF{r{)3$$$Fyh7#&;ia-DH{?gtx@v?edQ+@Pal7~Ci zo7BNMJr|`gySwdS=3$}X$0_>6ndw6&?@0H&Tldw6={;y{RX5e(rZYBI?>>M{&qD!R zIf5`t>0|<8(9ht#S4_RGK+&JZ!afEja?8vh;I?_fsRQ!*fF|!>0`z%vFu28{*YFnI z?{ZgK8p;nPApGZK@xPR(Uo(4QNtK$^9ZxwHDV~m|rUx(6Qq%*NMkgP$0@8z2?(O4>#{qv zFXW-^SMDmdIJ=*B@lVHOysQ)(v`)s7bs{cBd~IS?hk`#mwURIDk5AnVpt~}3O(>5I zBl$TA)1^z@G~r#lzK$>Dt|(kg6zb{gw)gRgmw)MbJDg2MUUQJ6eY6|bW_N~ydNBC< zPD3(N-?6iS=?6Po7c#t*S@%R!k-5!yMA zJ9&hFa{d3(`QKQn=m%=dA{O%=n8RQ&CF79_#h=^^=$~1betwc~Ih_?!D_ND5po7SV+03-Q0C>^cV+I-iiJ0jer7Ai z1DBg&ZdqPn@Hz4LRjTXuV6I}^jy`$*^+x{!*0Wq8Lurrp#L@58Wil!8$AsDKHt+O)YUaei!S34n><=TTq#B(@}{jZ3FmE)7$;7Eg%fK+ zv3IU?wjXDHH`Fz6_yKd?S1h3qSuA}e(pr0GHq*9w4&OD=Lh01Po*^(D$#?nPQb=^Q zw#PzAK95Qb(pX?4)<tJAYu?TE^_vw-9Xy*d(16WOH?vzh4JBu{@7@+KK{_?Z z^3Lsj!r14?gnI)~p3hUTHthXWw6xcuHrBgnjx6_14QudXNWMg*{hS;;+I1=y&ufeC zDNge4>>ux^S2@5Xg(%j}%ymr+u2^`uyZ~ZOj!X&eSY+k=BP^GG2G`4HYis*WB-}q% znwu`Iv3<0&MY!Af$-5gE2!;{I7O1OPeRUkNn-f-%f=k77OL0ZP+a}&#GcIa1uhLI? zWYp?96_PD9`D{GokFgE#2G8P)!31@Sj*eqf&5V_~1vj%cEz$+2-RZ>XY=`RTUpx(m=Lt@v`WeoR3siO)S1=C$$Cp5gZeg3U8VBRx;Lf6!N*9&^GP0 zbI8AAYEhuY%((QXY7ws9m)Imso3DkBEy&@0YotGr99zL|JGIhwg3J&Gi+gmY|Cd~F zJ`&N%q);YtM^d#nqS1)QSm|7=HeOBgT^a_R5$&lp8ii==^V^tC?c!yCx%8Ra_&jX7 zQ4?DX`d%VEoxA9L3D&ZO`mZN4Qlbxolpzme7UYrBi9;R=?}h@803y<22|V z-TpFs6IZTfgK4?z>qN#?T2%HQ%sk~ys2g|wgPr$r?-M!nD$+ydnV9EV*M-oB-$U;y zI$dH9zF1IM9OoUzv$Pf8ka%{q$A8KI>(kj|br6fj=Vv7Bj2CR7RE(Vss@vLsmR#wD z3Hc}`To~=%9^XE&Sgmh1%Dp3`V+K|rhPQH4xhDGwx~t7w%jaQtM$ExPNCRDCjrAP% z&_HunP6u_ZwzMWo$8S9TM*JF219{~ZYSEiq9Ck2K%$woc4J;|_eqP6V$YjMrc^9V1 z6*Zu{6@q^kr|qqU&{4{*$=(U~=`CutRxgrZQ#%LxToCTV*IQ83X#RBfWNSqRrmH<# ziQmac=r&4YZpRkyO~CS?k28)`m+8q=h;1%%RI`O?$F`f^5N0&J=5?j2Lp$JKeeI~r zegG--{52t{;=O&Z(^_EGZ^*gY-8azAxYl~8P{q=u@oin(67%rW^*CT&L=xL~V^@^e zoPRc7C=(FQU}*q3qR$ivm1SXcl|%$(%w;caA%zzE3`UI%@CzK7qSw)TQiUW7%41^f zM2OSKiovYXZUF~`o$3u^xd#cd`+X~CX>VR?QCpH4O}A4;0LEs+jQ*Gc0Z~dQKwgus zPI2tJ{sapJsw1a<#}^`lWK?+4u_A^X49 z9;^;M5m9!t3+wKmVLjcQW_wM^1h_nPP`!f62Q)5z(iSvNG_1MOwMDN?aw~k32)C4U zjtoitYCSu}*Qfpzd)d21i=q(>loJXLM-SKjI@T-B1n8TQFTai{!lEF{BenTg(KgcUiiz-_ZK4{KC|ONFL6pZ^4kNefD%=A1Dv z|E>PW2?AOu1%PzPp!}E{+N(Gw!tmi0H(_)jrm?Z{!C61)XW-Zl&al@BX_b}gt0Jxo z)PW7A&PSba&o#Tav;n!>s?4er8B)!B$Bk~F zjVG@wf}cWtpcmJpZso;AhOEj`Eg7ovya`#p(NHyo<~cP$D*ny3=#>ZG*v>m_9}E3! zNt<|DCPMb(JmcU3k~40xLz;4UZ-LasO+M$@bL>sK<%OdDO+M9VPR)} zMmYKCGK)PpEzUY72^8G0RWO50@*|RRaIS&s9?>g-+HysBgD#hF#qN_!8(XgG3hB|d zy3Qd0;7ay{T=!}p%JyU0`5fd^lT;J4{Eio$Abd+mLHT+no+Yt+{X0QIVg_OICzCh6 z&Rb%JmACGFGGWzY77w6)!#HU_+TQV#e%S`@#esgyQ0eL6pKlzIg(0_TECM4Ry9V_& zJ*ZMTxtPTLaw)B8?mSFDy!Lx8k-0opts^gmVQx0K!{n*3l=rC!o!+_7hF>jZT<*YL%_u?+FrXODAdF8+N|-S-TJhh?^VT*^H-?8j8}F zVeRwlF^(E}<5A2-zr0(74+>c^xuX;6D z>Q#D|JVoA?6sw+$JBn~a>EOtV7Kc8QZsn}Qy%}pozDt%6puS5 z#5d&JfFIsFU@C6>r7glfu5uCIJV~!3WNm5J6eu9oG57$@qmrE~qmvZC3m|CVEkyz- zU{++&k1^Z8(n<^uvj%>hY>G)vb*MzWP6ChW8jp9=Ev^E8(<;w!4VcR`J*4QwU@kiu zyMhQU9HuL-(gl+P)S`JvhJ=QPIFW!$E(8?a0GLIRGVQOE^Bx2H0hk-3o0Jqgw=DyN zFs|gChrdod&G_ctIF23PZJ<+8Zg;x6s6RJ8>i6Ytb!>y!reKNKyk;{hZxV9Yg*Si& zktctRVy>-sVsHb1J`=Fds=`Ld-BdtZ_>Wf)z!DXy8NA~h0DKJhFgNAG3dCRt0Ma;3 z#An!5VemZm(8#(KeFJS03GLNNNutY$-QYJ7Q6rlOMDJHHwNKoh#m9gpp|cdc_D-31(+|0ceG zKljy4g5;8i5N!W+)ZhSTF>cZVQ zZ5Fm(zcZSWWN>i91>?NeI&{|Sp84AT##M=@f)A>^_L@H4hjA&CRgc3RoVs)uo=IOk zcZ&om&UT)-CnkmC7Q~K%6Bx;r(pJe43PYlqaqyxYM6Qtv@f5#;zStN6L`Ieo!44Tx zBea+l=@h*6a~i!i-T8Ihz%B)u3$gP+X_2jiF9KFR(Db?^yXk!W+hru~v_INJK_umQt(g((nZ;cuzNISkB7tXn_c)m6In3!69a4?Y# zB*}X3@VvmC{uZTIyKJfWhC@<`_dB#cQU^Mvl~v|}wrZ;1u9k+$>mgbmBF*+WKaIuB z#m@>C>__?T;oGyY$U3*@g8?4|cl`p|*7lo0o$Rra_@B-jtJeeOWt+_UK~Uxi#DtqZ z`|uR8CfUh?0L*G#D+nfrAaz8s#q&{s9|ek%~b|#+N69P9v1j{`I?oUIgPQH zK7TtUWe0NU1#v2#UGFgw;Sj_UW<39ph**;d8kOwIn0hKczw7Yu@trs%VJ9N@=iGA? z>l-Ps0N1Pn-u`Bxfj%YqSIh;t%sIz%ae)T&rsty|Hg=ayuPN4*? z!pyrFKBRtFco=+WH!junsu$&aL40DSjA2M5eHLmjM^CbW!fsPkjoE$ z!f>fpwbo^FYo?)Ny2rrSlP_d@XLne^b9Yq&iCn(M7gDzw(w^TrChfL*!4<5U_h7DZ zqIY{v5cJ9>Uyy}8uBa$e0+FVkCTgUT=w?ogZ$J{Ox*Y^jj`!B_3S>^v znAXRg?Jk>i@#U*h`Wd2pPhV9wXFAu0Wk(hQrpvTY1u<^7(U235L2N}j*5p12LudG^ zGrD=!=qI6UGBIKjqe`Pam4cYKd>IvwMVDmEvZX$RS>R&;W^przmjdaqklW-zNonnk zzG__B_oi7^#jBq@BgX~FwWBqx#(5_oEN;)*!Ps;~te+aDg2 z_5lS{zi+i>5|+s8t3+va6sNs8b;I>Dr=F0C-Oa}Ovf=_7d}3mdLr^%SXbv)Teyo*h zFp&hwu3nJNrgF*IYl3UHX?wZbWban5V*lVdP|R4ht6PVr6pKwN9ozrLI$Yx$aRuGl zylj-&CsRy9>3V*UsrG5q?wvvrtq%~$WoE1q<6f&HS93in1XKWF3@Vf;v*}MK^(@SU z!xF(2F-e~ z6}!?a^fNQhX(1l;7MMq|W*5~v)Y5jdhwcC$6^k1fcd0?uWV^t<`3zsgt>WjU zk)y4pfAog@J)%LT@9eUJN*!#T8{(1FNyf9#d= zgBM;$&zC~IRZ>hYjrz9voD#E(*gI>L6Ju!2s7(8<7+X`+Dmy3& zNMJFMPl*4;=n??Jr}u>H|E1CYIdZ^u{^&08fY(T^bHtbPxvf`vbO5H$rm&#udPCCt z#EywMGS6FEeF9~N&nZ%?US??%Vgi7XM2%!8wOil*N;MRGcO?sBMF6||Bwmb;n9!zl z@7%#sZ<hr}k{g9`*BQg5-sSu(MS}yblPm3o_%khHD&R^9`9lJSo5FaaJ72$pA=; zJ#iJGA2OLL%I!dH4t;)-b{#LfiarAXdt!qg%^ER3V_>bJlNujS8bGh6vb zCpWMOw^K(v>shNust-=>9{%8p+rOny6sgNUzuJFm_@iqCU_V4Q76ME{T?FVpGOJg& zWs>ob^Nf_Bcq&tu1YXXDRc+nzBtXA?@T+(hj;Q0aaG&jo^LfFT>%1HMlN{Xo2b0*> zHnyILXfx`$0oUacF1esYPj~P8M~wwX!k(CIGFxl$59(Pss)68(fCQT9;D7`N^3csU zn0osPELo9rA;|rZvIwr{gZ|qw^_ceph>DRT+JpTzsmzF_hkPw-JPcu-2MPrQ@b5mXlvr+g_8ZmDk$WS4!%rD=nZlMV54r-X9-V^LVOZo!;^QV zlXD<@wRf0u`WTY10DZG*NKEv*d6v9QcyFu>kR)1L$$L6+$}TP`sdCCHTdt9d+nb-9 z;*1R*Fw;>_F7IzUFKBOpdK*Kd2OH z#;3ZQ#|?5{FfSWHav?-S3g;xq?i(#r*(ZY0WKiW5qU>D zGy$C;p>H^t&J%9#^}W;8g7MPaiw?|%U!5;Aq4j>Amy^gZ7^JTt1s2hp8ZJJ@^I&zG9BQsRJ<{Sb-d zaaplt08VzyWCY3Yz#kAWJ5)~$t-YSOE3cyZ8Rq7%8(1Br2|vX27c@5V;fJM^g-f*|$yEK;-G|1zHuv>41-%d)Wmvv$>OAE~E0u7f_+c3B(PcwpR z5u4rfk|7r;Jc35P0yHu+K~ph`XEXO+2!2pXQHU$))T+l=BTvIYZEK$lDA9PTXJ}^B z!dw`$c`k$D;ZM9i!&^WgM=Ud`EBCNk#rJcXQc2l4RyVuE_fIgqfq!~E_@k3=ktMwb zKCd@)^{MZW`Rq(Wb&ngG_;s9jrE-b#roCNe4V?X)373M+`aGr{llVR;?`uP#H{JI7 zLCsITh`(w9l(qCp%l2Odw8H?83Xi8XwYOrTnH`^g(Z%^>1TiRy#(-Bo*>>N|7!{rh%^9N%`KrLvK~`Wlqx@Wf4O@ME5F z0OkWz3;x4WuP!eC(oR(4M}%Y)Dc1{+fzRdaZOtH?Vl;x<_esfzil*yvlDzZ6Q2Rk6 z&Reu=#Y?No1>}Datrr0&pINCa17W6D7HZsep~bVC2K@I$%eGz@$B5~;;Qob{;go&3 zBD&*(h#BBjx?1?ev!TVQrOct}@<@>T z6U}#GZrKK;SkO?va|0yfl=|q>EK{UPPjBZq1u+U9!T77&DYr?VQIAlhr!P@?4>`Tq zBinVAdiXUtz3>&?;*~qDlHc>q19ci-R{3z{#~Y8ZQfpkr$kd#9Pa<3G^%QNt)U}Ft z{j3@Oy+ip@#FRPyAmOu51Pgr$8T>)y#N~*?#QXe0kug+igB8asbiffOVAi1 zSy24U=PLy8@t3XFBCC_=`aEWTMV+v7PyQ09JMgE8TbXMOk$zSK?{YC-lRc2pF+ zB1^DRde89*ex=lNDelLF$YFzsu|}a5a&^1pA)*|T-l@9W%-NcVa!-$_(+TuD^5`wf z{fn}Lwc&tEi;0h$&#KCdm}8V(8NG)v%K!&LmvC@@)RHTG8?I2(s$k7^#jxVyjdtBY z6D>k)16QV;35Uyq9ZNSrC|neFgKw774*G5k-}YQPWE+h2{57{fb8BPMm2uppprN?R zi>S1;xQ()7;Zf*QrIyUd%1O3T@Z#e~e_d$F(J}jBqh(!H<`u<6Y03=~(b-TAwa~gU zYqR6evrs~?Ry@lzJlrnCTlLL}88XVhuLYhHEG}ceY3YQu*ei>6@ zm>Fp+Wc~8~-a^-=+V&l+P7|V(H-xl7M059(P&~@kRrS=!X^9|fKmaa*v-S;uoD8{! z9S4wvaKV%tE|;n40rCfo!eZa=f((tvAgyQU&$J#Evw_b8dI=<9ezXanYvCz;h2wMF zlnke=_V3W+H(kpd{TY_+?dYD%By@xoCP*L(Sg@<~9NTU-%q~>ki2<0(53dwm!rpN> zv(E<2vKZe*2uHuNiWh=$5QVEBWkimyZvv5^o#3$Uur~uB>E&n zhxe?Va8EhNpm@$((t%Tl(dwtXnvUgg7WZKc(4)nha?iH~_!Z@eGnMo{Y6j^6Dagu% z;`7!z3h_l>Gw+eBy=J;eX(VF!;chBPP={+AidiK{6h1T6OV(f0wM7-gQghAuN4lTbC{ZDJ#uY_N{fY{EhaeXcsyVzN1EW@_v-Y>jy@= zd;@Cfa{Y)vMA&uAzE)j9*}2wDR(T??hit1zP}OsM9!qJ|kt^JNXGsywaI0ff;nYF( z)lTFv9e$~(&ehi@tl+j2A*_hQhfCQS76o7T8@hyE;K zSOx8amiO>CI>HgJUYK)D>f&zIHAuZfm7Q#ne<*l@V9Ekn*L_}4NvoUg=Y#;`$5SL3;LafPB&?O-^4iIObL&+wuNes7iGy42VhM~L_ zl&!4JwJD6q^8tPZewcw#T6C`pUh0m3KhG6wYON6NQSQj9m&pM?-?Q7Tev2$}tmUW! z_Nn@Zq9Q+*uYu}nZbTca#%3>wtv-4@x}C)QOyn|);%1A9Y@cL_cRR?|sYzdm1}P;H zMy~&lvA2$@visIR6;M%78l<~Rlx}IHM7ou(4br&@B{nVH-O{z`5Tv_f6Vkcq&in4q zbM83j_nkY&9fN=Hl^t`fHP?*idFBUz!$e-<36xEuQQu1%Q!b@*U}YV<6kFS%f-WvF zwqQVGty@X%wwWvdTjz@TFTF_qS)w=p3#o?K{fD^mP>Q}}wk$I=*m9YiMzO58mh|~`^ zzmax47}Jn)tH^#0`%Z7W)w#>aFUbFadm1*b@EsYfYC!I+V9w05v`L^LTPjPqx?TnF zRxoI7`v8s*nFi3iGqO;_0r-oKFNQlbfuyP7T~(M#Dk>-eS6yJyUms$#8?E91-z8y6v0R2ATZ8jB(XiwX+B@zOPOvl`z z$sN>wMjC3OCvB;Unpwi5`gjeB|GnuY@1%Mh<$2ujjC+jq) zGZutr;vl0WLi~25)kkK<^PkWDCv9-*Q@F_q-dvss`x3GO2}es1xnbn6W{~TyF>H1r z|A5zWXKy}>@^fs1M32YjlnK!7ov^#RnxPYeiI`-j;0|k6^O<_6#yx2Z%9oY#VW9gUwowz zT2r`K%UlCo@kIo1at(jzug^W2sp6LHnp48Vx@N$?hlExkD1}|aJ9_{n_UZ-5WIY{D zdgY~;{UjW_71|>Eb}?#I-}fp z72vS$4FgARl5I{qsj!|;7$aUd?o3BQC)5Of>UwVi5N}188)-S>YUEg2j{(YHcj1pu zzy;|)p%Uuwfsfs4S_Jr?*!^XK0GZE@DF=7M1T8a9*@l#Io5i-K9oGHl5FuKwxKppOfo2=7#de=d~SzDe$S$%hWQgquaC~w~}wL6G8 zch8Cj5&>>h$+Ba5q`B*B3a1NB6=dn!SR=+v5S2D7xhcq8@IwhnbhX61MnrBdpUO~B zMcWjF#7v?E&$k3MbX9p(!qdZ%qMyfsup^-w0+qy{YjGD)P||PWA^Y~>RNUK^2Q9O^ zF!`o+M4<~@<VXr7Q=UVY+a=(hI>7I6MwwS_hilA<5f5KWFTG*Au5XeN3i``e#L z)B-w+SvMF4qqi#`bXEJ#o@)NS$!?t1%Ha4tTJ_zg5%hByu=+x4Eo%ntNoq=y#?`xWThWUCuI()DtIHrMaWCIbKwiXfm<&+MBN ze~5Bdqw4e1ciFBK;9TR25<#KgJp_EwQze zsCJR^ixrDw!R1i8^$z;cu6QDH6n}YC_nMZ?2FpL>Hz=}q>9<{Df^ngGkiEyrT!P&@ znXG{?0CA?k8tFK(qS0HXqJXFWr#iQgt427A^ZB_&Y->6#Qqnjp*0TC z3pEGuT{XF`Ug(N$s#ebgyCEq4C^clUuLMC0Md`il;_TA?IwZ}I7y*^xAcpQN) zi-~J%A0tvYobTITB!eGb?68Tvi9HY>pt8h!uWJ}O)rT<%fe3TdVyBxebGB}Z|MKCu z5AIrVV3HPWrE*~IN*|~_6dWGfe=H(cWdVUZJ6~+m3^OzwKZ-`R3FK{nZ`FJ08@7aP zI#|k~;gzpojCHi}((x@?95;e+CNwh@!l-A+TLPVTO&JUg7}X*H@$`0WbQf*GY_1K?u$41l+K49efDyfpQ_akcWmz~C^q z$P}%?k&%d>u>UdqoDJ7tsbev}F2zV9pXA;{b|p{u_$5?)P4M=C&qSffAX+-h6-7V_$|RBw^YIJBD616XYPA zE}K2)l_7+U`&?sN$r~spH;=R_+32(UGDJ&KK3>ilMQXC@( zF-F6j`#?(1QmQb4wX|tOxMF6J6VO0KGJ2lxEpfr-vya z$az&F1+)grIS%lN(#!}syMD~}Ed!ddKHfk8vYX!GL;Ig+^%2rJ(5kRXCmi}4&mH>s z%s)y>O3RiWULrDlA)XqQn<@(ONlMxYGePQRe@V>q&5{c%wo-MqH#2wLDIEKqLZ$ri z(4wyiO58bA{W?mLZb1)gI=kIqT-1grBMCrZf2nx6z!e3xi=xL$Mu2phV}CtD;mQektO*%R68C|1LGL1^dwZVmo|^1OpmNLD*S$M>$BOV zQC0%#GI+G9SRXX**HIppNVl1R+Q~`>z5D4YX^E{(ka8Ek1t^n!U-uo=8g2Oc4buuS zp)F{C@7R7?-H;L-md$bsU)g;{jH*if*eydj?nk^`A4M6;7?wqi#MiH`#)2Q~TIxX( z)g)VRK9eRxn5UEfr6FoT-F7mD>Tk&^9EL$nPg>%S%u@ZAQl(bpRItM8dT7Bc{b zxF|xD={dIRe{y(%wyHFe2}N~mqo4Zj{?75;1S z0@tQLXH&axc`muxs267wrvY#jkDwAXCx3da^v~VGvXrqDWa;+{Z}!KsdJ)(P=s zpv|qCGs%$RD2pJc4|Jg}TE+q$So4cb=^Rv2>%l}gF9KW(JMnI#h@p>t+mY!DX+;B6iwgcbi z6`SyXn-Kh4{khVqRG7M!oAd^CT5D2H zO&Eww#5e+l-2trG9vc;h99V zyFE6;*I;j#lku!>Y}dg|#6_fY*Cpv7Ja&KL(_qV%r%T}1FEs^-&k9giwHLkky)!|5 z_=GodACa%%1Qu3#U+|{_#VWsj++V`nZ8DtuecDvfE=wRX!zVaV^g8*cK`+DmPXMs> z7P~H{O180Ot8de~0F@Adm*IL3;AH?b1Ojgy4~3Nwx8y*!HFG|=x8_$#4r+}5^l$L2 zX^OW%Kv$cq^-5p}D@>k$0I(51``L5hmN0%D1ma~%qpunP%LR?E7p*tT?^+-6|AVq& z?j@My;Q~!-=(*M08v+|@qS`Wq%>b~cHUeqe3W+T7x(E!A6F zC-ms=Yh@|@gNdrj>N^j}#7QD`7x{<+9cL^%nF%wj*??VRK0~t%iMFeS?*yK!PJDdf zn3?beomI#6V;SW*O#DoEI{3tPYkL4JenGi1JM;dfWG%8IkpiElijH_Q$s{zlIXu;r zktIGl^L>NQ6v?PMYc%!(ks(Y|w>)`HBqX#y76>AU5>**eN6raDJP{#z;E!{}ru=np zbA7wPD;*t16M@%I)m$arUqsBZwvf$$7P4o3^&AABfK*a^1VkFCt64Gh%dt`Vf_wyh zsEYP_EZ;v1oYf#f^%rxr$w)2@OWzFCpL>a=&3DPLB6y^V~nqcCzM8mKD8PyFBa z4Mhfm!1)xj@^7foL`i{Dv~+)%V*A5$g#kKR9M%&xMpfQyZ!uGgWnD#-=KS$?9wzb! z(rjxH1&%dmnT1kF*EWN}q1gvvA33rPOsXDt16}qP2=(sey|1QM*yYsKB}U59N(9p7 zAglF*`p@C0&~q(70}n9ZY<*|Wh&ojg*m;#o&+M_RxcH1$F8A;osyVM4+pR=Ykefi* z!F|sXF9q}Au0a?jLlhG2&I+LT)P!XCo6)|hrAQtFh zUF4R!!R3fqI0gG*&T-QDC{Sq$5N3#GIp_P3CSYHhZnIREqgN{I_RUmU{nd;JZB6QCD*Rz;&8{*GRm=Fq`u`@-7&ru+88dKZ7As3uHtpi4())-e)hc32g3w7?k zLl^*Ws_DC+W>tAzAI7nKlxNyeLHER6<)?2)q9B#BSlb5?Sc0L)t}<-IYx^Li^1H(wVAQ3f$CQ1 zRwb3^SBL08t(MhiF2Y{ghISS!jWq$(ohKKJXtGH}#Pil{R(etru!9vbozYsU3jmU< zZpsP!9kk-*p_D+C`sL@#iPy@YGc1sbvNi2W2|DG5wct0~HCVv-8z^wv*TInkf-lQJ-6r z5QQ0q=9dOVzCMsC3D@h(D*^4bK*b3Kvhu<*4C0kJAW{vpOYHC9sOinhq1C=`?A6kj zG!LL@2V0UPShm#U_9htB1MINPSmQ)DgyC}$yp2MSNAQ1RSa}g^g5%Enm(111{a9;% z*VgN*O>=_>7WTs(Kf%lCfXXre8}e_cWT2vgC%b% za^WEp!QWK+^6AY zx3GmVLC4$!KULjEf;iG@{CCaKsn)4>*oZn&DOM&Zhf@q@0KOQ|Z083LTwD#>VP{5Y zVBPvBO4Oz5XmZ3QaCg^-7+?Ylnzvn|XDtW}rfuWX0AC*v(($7*hypnP>{tRn(;7a2 z?`I6#>Td)lHZrYHZaC5_T?%-E!Tpdm<|0}Xn6aAwkzBT8NH#3s8z#)u$j^x4qdbsh z;zx7O{ToX36~RHX!I1?2^*(&h2ZmTjc~}Bw7ov$p6DywuRgS^Ne<6)qO)Shx0U8!j zwT0Vm4G))ipd;*VmQ0TNxh0q+K!#H>lU}cS!xw=}@i72^c(8UTe(w!`Zj3X>eTe)H z`kn|z*EQ(MC=57VdC8^WZv z6Q3LdvuCxRspQJkO4O8Oirb5xqYI!5 zq(Vm!s8MH#xreK(1XXovisEyFZ@(zOM^|c0QpS8=$~%e}ii_?1U~s+gpUJa~z&wLe z%qDeWU`rI0bT8ZHV*gkoKhQG1IUb}LuGmYS$MxL?#8IgGymhRq7+a%WksKl~*wUMY z1}0Tipgu<V1`8JIy&493ots=FiV|+JdBs9)i?GIv>2NvRWP*xB91&Q~2Qg2c33E%Obs7k}ELc{i3M zy0yKNv2=M%CyPP^0Tpdj`ed6RH0Iy#aVG2~_;?1EfUJSzEWrB>#7n|-?Gig*pr@&w z3*gbm0X+Ix{u}A>J9wE$Hc%<(HPVLzB~GB#_h(z2I*GLclRLenra7ESk7SZtH5t3d zl4|Y)jSkk_T#z|4)UozrjQoBtVr#LpOw*;m4@PBOw&?XH&VF%mRt`Efx+s;t^k=>3 zrZI%68V}hoQKDXFoi>lB)>($^82bw^H)a7h@V(V_B082nP-BLqj{Kfr0SZTKMH$rq zC)DQa+7vTEAR{i*VuzB~AJ6txF)i8c(wd*}g{zGo^sAk$M8o}!}224zn=$KBnd z1w>%#iV&2m(7%)`N2m0$`(Idho!)m`pnSewy$tx`rD*PUhL z2u5UYOT)|ai;-!A`5Zv0jf;7>x+R^Z^}=a7fvvSzgqftWzbdejV7$7-USr%cx4~2C zMiyYJF?a0%RKCWYkglmJsQn9&6LjZT?@V&p`h%tCBoJ8hTxD4d8>gotH#Bfv0Zgbl zwB>jCU(XOJnzo?*m?{2hGh9?GTw~I$30)Q|F~=B>)WgZaJ-egT={x3V-F_Ubk-P4)?XyM;eqmw7DcBOs1ft{4 zH}>_o!Ol~Gu4ow0AGu+~ME@Eif<>Ve6H{aA&`7OokA8p_KTWu4%TvoO}AgtYuQZGG9C z=GcHhcf9h#>)6n$95#^~t=WhjKyCq$Fo{19Yc;uGhAAUB{F{ZgNl>+YOYP3=e)ga2 z++gNHgyg`y+LZxy z34?B_WZQ18PUrE$zuQ~`%t2U2!tnpS&6%$dsVp9Nuy7vF*%De(jS$ExHE_H#S+FJI zPP@*t&{;3do3xUMH&8XOzTWU<2XO3`atN&$M6~JyM!E?MJT0w9^peozwl4b)@>1$==cW)8=x5FpC zDPlSXn$M_3Gwh%D9NZw2+1>(0dvHQxzUCYJ|#f9l&ft1ik;fbF$+79V3xWZoQ=Xsx> zJxJ6_AAI7)J&%#hI!5*y*=dw!=UZ9K4;3a9njXf`)XO@TDVhWyNpSrWu=)7d`a#Jq z1DM`tj6H{p>>-%N02HgVt92Jg_~Oj5vgaJTSDe*X6twbHt%XQT7=KpC>pYDvUnKE$ zH7C#LpcO&b7Bo+u1o1Uv{*fgjM930B7IvGC`+lFM0Ml93M9%+xWs6c60RDAD?#24w zXVzFhdWx4sTz~O!Z7>jpnWixJpWXcuxqn{c#^Tv)UM-Ie^drRCml8UmhW86F4c@m) zsBye3(Jg+7lL&75&W^3?E<4h3dEa8|JRzmfX77zc;$xhI>n-4(ip*AFf>j(gqR824kmtRMNW&Le@@h)_(r1 zMu0@lmTV(J?oSi}+7_aYdGuHWTT@#fAvI#B+HDf;CQh<&v}mSL(D=@O6opG`xh{bX|h=rJsfobZjhd4Z|oA?g1PbN+X)!v;a30%aBal{E12r{!>O>wnUk zo|0)KY0T{Eb;Bc^kLLNV9czo35cb=^rwkjVj9 zl{mL&?YEV56ms<5mvwEC%k<_BR`lC)U|#vwqjd%T;icr7nob=t8z+xMud5x~Eq3zz zC#)r`H1OV<@ez_788cG<_Q#df)m#!aQn;|X5pJweXiI63*U9z4$id=0m}s9U^J4~^ z#&{ZOJjCOIukWkiihfg~C`DW3dDr%Fr-N!Yh908-$?y`mHRU=;OTPKwAX)9|+kUAu!sIt4Z2BD`;Jg+zXESy@7hsKwG3n&hcey8sD= zkBB)8_<`@V|2=Q!FaU_r7r#oD{1ZD)q5u`dJRoN_mWain_$B(o>$KCU!PN^>OgV&k z4FI1nc|L^Fi3}xYJ?;;y@;*$yFfVUy+=>5QEec`5WZ*~K^5G;ezllcq2>z*RfLaKy zRaIBU36h~dy?Pv5)K%H$l$0wOOK@Wi4303jcq+PoHo3|??t-FbcHSbLK2=7(T7DUckmAZ8=fHH{LX^3s+!)+#Ao z38-yoO_WqMhe<-?En>)-+T)Vj`gWcQd7j4!2Y*a_kXw3s;}JUf9UxDRV;GSG{U3y) zq&o`!onGYuf4{7?|oO)mth>s5Cnc(->xyuIj8t}G{R;ZNmp^XwFk!ESEvE?h6~kijil zTWWw{^i6yu@9GfKDt%0X&$3mPuK+C|bUVo-7N&zZDDR7TcCWjcI;kHlGE%u1`o)7$7sV}gYt{j{*>lL@XPeEFHJB!jjDIEe*Fg z*UxzFvCg1p4l(nmy!C_%xU`f!L-hHZTccGjG;&<@(2WhL2B$Ns)KxFk>7a<3AQnV} zA2$)PXP$;{h_*fUU5|BgKfNuX#8xPiB5Od@)__VN`}QT>0^P!W?-2)lXy`S@%bM`8 z?O>0nhof=q1@FtKsj)7Gv5$bWbfws8@5!Kt11yk7zPP|iRADK9_OGV!{}xI6qk{y{ zZnu`Br>gq74~lk*jNm zon3g&qu)$kTWm8Q*MXe8riOQ!56;#v_&`fhjOXP8R*`!Ue6AukAK}{c!GSd z$@=G#_k+lx=HcKCA;0N+1w-Pk-8`TeRM_}V%tm~Fy2KgxtULrZ~W zo!*?3!E+!?NBvul6u1-DD;xmsD=#1t0xN;$tP^-&$;~AvXFG^I@I4_W4zcMURgTeb zPTqL-ZP7GTW$k@#rZ3rbN}{vGhsL*}qnR1+F&W+>TpK#c;J+Efbss1I5u>S})lEmV zW9go@p%#GF*fIYS=C|A%glbjVX$YMGz+`Z>QMcnVC%*f*@6fUb6U3^>mACDXl9_obEdbVLbm?~IF~|WIP(mkTXXf$px~Sd%Wa}c36<>IHEZ>@%ka-iK ze^NQ~OcrWSEtAy_2FhGqTz!LFAqNw z8+tBayLqK>&&kUy`!Rr=+hQ3}?=Ti_?kP~kl|KUAYSEmvilt|>I_7GbX?ep{CEq!e>q;jY8mFAF60tivC)_y);RYz5j;DVC*C!TbW-_Fi*o) z1d(fo*kDA*27MOG+QB$?(Ro<>khXj`v^FMi&5rSav*3Nl3OdN8YUQr+E8xS<5-sn7 zT+)qNDJdyxxe`ZM5*NQ5HNP;q4&=G-eHdQ!cqIEt?`rYkd=X}G(Aa(PnzQYZm=6sm zMRgAa4W+uzK)xPm&x?K0(#1%laZC#Gks;@0$(0|vln;&Hsj+Ln<&Q&jir2P{`DSw- z2hE8GDSN%eKZ{En^ioYK8;5BF29hr}nm2FXHtwizJfwxduWBG+FG^fzHTWo0Cg0Fa$n=8p#^U?3JihzT!cUUtHC&XGV z!;QN$!XL(KZ8p~*~w&5SiFpp}rVM7b-#ltOL*JSBmC}ZQLkcHH`;~iST($|E^ zIj9ps3{+n{RgL|o57_nfvMXwIfU>D9==cRaTW=vaepO29*Hl5bz|V$Ydwzo!(5xG zyJIcw@jmf4jthH;H7sjk96Gyjs+ddDFp$59(V5~gV12kN@I1?B|Jj11w;#_=Dtw6e&3!0#^Sfb6meb|5YOG()!9KA2Oe)0$Y=BR>SiM z$~SkCw@gaJoBE7?6rEe=9?2|M_PmqePHNQC)P00z<9&Y}%{%R>eG?v$QvhWo9EAjh zWo&ZOsI7Y^_2A2dD|M7K3I`yYOj8TfMdr=8CL0^=v+`bzZ?Y+$Hs>)%e~-J7&ww~J zLN&}IR}770BuL(~chWw8Oo{mx39;Xu-{Z`kM~yhog^Wy{Y=5Fc;TG}*syiwCFrV;J zVFLU@M%e;dN^?nz77!gq{p*4r$L33_r}wA$FZM6rj9FRX)gWuk^SlW)%4e%PQpoPr zYOK}B$}yMw!yg~#-$qB@)@rK`j3{2I&KilMKX8-npkAe^h99$3pV^n<0w03{<-ZM$ z`d_~sN{ISF(|UUB{yx*>@>LHOI~+QyN=RDSvJ(V4liG(qn{KIY#_0y%VU)d|)@fw!jq3{6Q6Fem1R3B6j&ov(Y!=9o~D-mBX zd}0D!F}1PaIei>2`d+N6?vD^~4OhBGR);q2_PmmJTRW#ofs z-diT%_j1#+k$QZ1wQ~IvgMyxKI1WjttEau8HX_XltK=}J=mj>fMhq^6f0okGZwgyq z9MD(3-zb#j%Rqwc++kp7_cayg^ZVJ^2B`@>^IzD*(E6w>8C7)^<>KccBcp7DPw+_W zGAVi3)Y!@`faYE-MC=uny-I|ipoN&%O$4mwvyWWb4V8bVe@Cz}o?z#~^=azM@6R1r zvsg&nbQEGb#0DfB3aI~W&42drKflDFNSGH%(EQiNZX@=suXnq>&#nCxiIgGY z9+i8#X6ooqlz&{1PO5JY_Vxr>ndc%-&IYTi86p(oRA?k?gj^>TV^mP;AgCVUavKDj zNBykgzjA{w=5yu%rL9I^4PQrzy7M?ANthW zo<`U}$GfYkbS3uh`Trk={9J_zJTt8yTggW}qYy>WhBY412kUn!YnKecDl3BlFqP{V98^9eOjkgDn!|deuYB_!IQOK1w2}sz+0i0LhB>4@B{t$CwYst-z z%wy4SKc*;$Uv8mvJZsz!4ORHl6Xag)bovojU;4C}DwsxBVf4ba7@HUeq!U@CS0Ah= zMu7?J0%FvkV|kc|7`~mIw7PW@!O>8NxFdy&>;QBB#L6A1NTErvYFtI;}>57^4C1@dvV)$Oq9s6J2L`J4r>rnQ) zuP-eKK&F@YgDQd;?R}?uTcXbQisK5P{OGfQ2L%=agqk52FZTHf63H3Z#_O>lRzVt7 zv7-F(#k&1U0hHubInB-lEgaDgE3n?-yk`}o))|c zjyH~@LGcqc2M#EA^=+;T<)1Lor8dkUYj(@gt26f|?T?aLzT5$_@{n!?(|$O=Z;ws7B`DJ1*4dz z4*KGNL?i;hQOBe5Y+Eqa-R~@D|K`Q2C=M%1p+zYMOjCmAZeNOdNbc+JFIhh0oPq+) zAJRur`e>Jy5QRw|SaboBw);{lp>c-n?4`UoHWjv7{rhaBCqX6T3qzhcR1MdSosaQ- zh$%51-nJ@RBd}I}!N8)5OX^?aAuT>17?;RAAxN^jzNO6%8u-#PsMy`IFxiuh_ioCl zK|Z>&(ZGvPA>#hyyVlF`i_Aag0+>>fM(`iJOb>-s@n0(nJ1}7Z20@mMz$FP>Nqe93 zW++g&(E?e8%6c)H$i*xCLWq#CJ zmztLN1kFZ=;U}mgmpj-}Kp~$ut1TXH)99d-DJPfC&FVv+`uoo|HjfX|cq2l>;F@2x z7bxiHo(fp@ef$w$5@c;;nAMhrCyTIA8p1~2FMlIZmSg+=T2@ZUkrjiJ3Q5@+OVB{o z@iXJPSSvV2yN;Zy#8)eSsnCyJ&O~rH@1xt>HX=_NT))l2#sRG&NpG}H%m-1^@4Vp> zGMb5vOA1{OV5$icf15blMkOHD_7*UPwiLt5f7{7V6!m#AOLcDG=jyy{f~rf}+*t^5;0`Gvt9JmjZPdTDeo-empHmcjLnCLNdGLt_cO^BE3{-Mfa9>XTPY z(4jo$3-IaSeA+XeO#*y|pK!rESr$8J3n8f<_!M0KIfaxIFYID(Avk!gQO z5Y4L5!nN)lqq65$895(>CZ25IsIJ>g_s;voHuY-6vih=J^lC)IZC>N9LytQLUB`VX zZn6wl$DNRfWcS?mRE6#q4pB1KW0F!JbE&bMri>Yxd97&%yCu(D8oQQGtK-1hU<%M zGS%wbhNV0G(sF6(^1PBPkO5eEQbYflzmPsyHN^@#n8H&Fs?ptM7D;Ld&0OZ-ti3SD z%67y4b+}b`o=nM3kGyTs+po?y+m6H7=>GK0TW(oqH`*)+-HD{6l!A7*xCTbaFn^VR0=)O{X~RAex;Hmbx%@j<>E3QcDHWo&PuM zoL#X3_G+^25cKCcUQ59oH{$ObHDZgd-_>raEUp#x#fip8mjNQWVEYeDfA54gQ<}C& z^`U8=FE(C_U(@3!ZrW}ZzZZv2oLyk|92$c6%FVY91Gs&!+4)ryio-$Mo1sar(S8_5vnI?mC-=vUGx2e) zabH5G|G>^Wq2}+ngV0wjigt=XA}~`?Lo%Caaf&2}jXgM(7`}(*JA!kVJ~CCsUW7g8 zF0A*#uPu+dZS+DZy%7@7#ogh8Kcyan``H`Bg^e>9Z4qV(ov)W?Mng{%^v$DBZ`<0& zf%FbZjtZrVjq15jrgS}ZmJ_sD>(!zk*8M%UPTSGM%9mLELX4}@T%KAM2qhjcHETwu z3LEkKp)>&(aRJg@vgWXLE%RNtF(b~uqm9Rue|!O#EaVf}@i!9rliG$>*7SX`<^ADX z5BE8BwP5fmwz(dgMS(ztBD9I-yx*22n*n^MsjJOdT*}1WMW(GDB{}?0z)1$U-KP;X zr!*+);=p}Cc5CaKRm#onG7{BBYNMK=)$?>+I zGY=v!bErxG<4NkN^*X8o#SS?UM?+BVCKGU7RX>;LdJiNCVr|%n8>F3{{=cG){~70s zLJ(2VZvxQ<0)#z_rI8kJf9-_<8pKfn;U?d*xBYtqZG?T~gG`BI8t@)^Rc6K%< z7FJ8WZ_tHUn<)^;T2-M@ZCJY_-3qMef~kj6Y_npGI_MM?~2^I;=^otYB8eF}gv7h~QFx zO)8XxwyhaI?jUGkZnS+o7Xua+){M5=H*mG~OC@bB42!0ELROIn#%lxc^ALwBh-|(L zl)Uwsq>DE$7DwrDkftu|yvU4Wb}V%7V$tswW+U!sX(>aGR#kV7t@k~fGtu1Ma!xcY zF)~0%py)>{Z9gv^B10%fq~g(ali1w$40f-7IfYUvqhR&h!0ZDHFHHnj}mXCP*ioY5W?~ zp$;!u6YQ}wzQR$lS*Cwb6jbw)k19vvc5)+ea417^N@xJjyC(@0H_jW#48t(Dwsty> z#tGhV3R<@H$SZZ~W6$CfY!G$tHB@o(1o|3DkKRs1zZURL`dzsU>1UT%mKF(b(y^5^ z)@?GqUKv1_+Swhs@=ovQ>0Om6rg>l(16}WH`^_3Rz2W8jFrD=na3xRoFY7d|%NRS< zlVb4Lq65*{fG;=o0r&`3wDg<*SM`My@x5PZytn?RZct2(w9x#W_clKociAYQxP_`Z zmw>Uh^?@k(bJvR6jRdR5>8SKk*~4{NlFSt0QR~A^>uQ?E{(D2itdlQB>EzeVGX-*z9(}XrNBvb=btj z-*s#oo)$7P-w;?6=Za9469S*h`JJxGk)05BLb}1D2e5riWnv;AqJyt?w** zc$53*18&tAJc{6~4mo@Jk(v1*93Zt7+#$kCusW{nQ(Kpm`2d;j`X-29F}}v^V!H;x zoM{65NTXX>v#X5~k`t%z`c|(y3mZQj>Iuz8(fI@gBgd~aDT9igw_#=O2Hr2jBJMF& z;2_7-x7f^2C~oGgu%vM8cn3#lwxCP*PxXfHo_;wM%>7f^s4O38LyglTLL8(~ zQ?YU-75v6ixhnagyNFy>1J}qKuI^4&y%(X(@K4q(53GtXbu`X@mctPKLki`Vty)i0 z^S9vLxQe5yAKizs6X!WLHnuO}`b|5GQDkvPXzBuVUXM85?LyRh#JB~db&~SpXNDMu zx|H$a4Vu_Pp3H7&1~=iFW(PJ6k!UfLi(ZtZ#bry*o=}#-mIx&I!YY+>R8lEz`Q`|h zp1H3;bVocHl4yiqwSKgf{#@x z&erYBCC&ZijxuX|Ih*H(a9LvmJ}r&=^O_!ie}yWC@B?ixj?Q#FsQjtg8=>9H`;`Nv zd&P3A6}!g~7^lXY2XlN4&+xbPM-YK6P2V(prNoVeSkh>AQoGwG`w@X$TL05WJF#?d-njMFs=uN8$id!gcs;k$+Ull+7Ga@` zto|#aKZ0@Vc(M)u#O{Sp@EH2~)myrW$q1!^sczh4LpiMrK-k{u>wHrhTT$#i)90Y| z@KrZ6cJNTw`AIFZmrPfsulU~WJj5e%v-186D-rU;SI$~0BdvE>59`2tpRJ_|#-B-a z%^ihZ>P``1J*2V@o0L?XQdFCacFj>?ze10Qo-rFMXA+<$EbQ%%{Z>=S>oGWOF-TW>{QG?WJvJLZSy~*fu{(jUTfJhxp1WDqhbr~r zDIQ)ajF`O8N>(jK+y$zkp2h

x#XQ&2#DQ{1JgSrU@}=Q9c8wG}H$-;hQbhP}LS! z#!X*stLcm{pFDLrU)WzAFn^R?4#B6LI$3fScZm4%It0Hzq>|yF{=V{ZOs9Ty{-?9P z`yB&+q>mTYtS%baaybKtfAP zTU59|&Hs)D9ej0Ww6#y{SWhPajr;ykq6jIeqi?>wV-Z-rx-H!1b38>S6sD*BZ7Apb zGxFjg+)SssrRlOA`CP6993U&G1!=`;dH@qnBA2f&#OFbUF(}cx|EQX?(XiTLn#62?viHd&hK7*p7)90`~CBJ za4g>JaqM0(*IYAmo-;GNoPjwcz~vD{y<08Zpi@hp#>dzqjdtXa1_vF`=&h#vZE3#u zz3Vpys8Lpw58*tX5=7mgd87=SK$oP7+og)oFyni68@o2@p{_M%fp+FbR_m*HLcr2SfWLT+}6W6Pv!1k3`#B^4{GLz1f*QU5fGent) z(!*{47dpDZc0EnSlNIU!ce=g4^0XK3t*K2h0DUb6+;7X3 z7shW0Z(h&WMHs7^?e-G~&|~q@8qvLR0-vv5?YuyI%bhMq+0~l`79)o!C%CrJ5i{sN zwZ1)l49_Rz{d|2aKbSl*cVBpQhaCm+YL4IHN@K(mT95ShZCn*3vz_;Yx#61+B|=uM zmk0CQ9>)yf9)Y5G!>rfIN2hUNVNPxgdk7i3H62oo!0~{eys_twFy=+Db{kX1K)ARj zq};07?-$Yp(!H*mof01cfijG(udFebZIdx+ALV+gX&u%1idS|wY6Q{;XlC3x%cL!vO=_NLMziyW(;~nJd3XOD5djG@>9S?@Jj0 zL%q~_$9Z1Kl5^Me>2T)*s2UEKRk^0m8bx}Iu$cmg55zDK%m9WfOuu6WKS(H(EhhnqWfsm~Xt|!Gx~7F54dvl&-otd;}Q_E_Iq; z8h5)vLPa)0N5BRKaF>fNgm3Y=L=5nP#04+q>sl|DJdVq3z1}>3{#+1qlWt_71Qt?O z34#B9>rO+zmPb)f!pB#ef%=^geh=Prxru)yyafowwwCFo>Jz}L9=nuH_lbS4wAkQV zAlTkCo?+8C0)!nXxkk%!+$)bWaPwuY-}n?744se_`{2!v2 zf@b6{89$OEcz_kU>OO1DKQN3~BmD*kXXmihyR3I5g|1*vZsrDC)yMo~vs5=47*$j^ z!o}R-b?~CZexucCb`~d8}|ODkj+F$;$a$(Fei;LhSJo+ z)b0b^6j%JY++kZ?^=xnToydlPA$LSZae?wLycjf=F$F4j3rtC~u}J)JTa2DA3 zB_Bt4pu8kdmTU=Z$q>6$Z7Ev7W6#2qpe*!CAYhO$9_fifj)WV7W#-YIELFz9&F)t- zL{DdNO3EG;`NwLj05tLLIjR5=AZ&TCwQFwH%ig>^_ML56*+ok&E+b-QF#} zOHNjHc3jlPq!(fvvf|=It3Rth>BsB%%0xZh9m&bb%gZ;c2I3wOJ{}VmmY2W1VQvMW zj~KPWfcT#DahdF&4mcQ5w(Qa9!rZf<7vFoxk8dLoKi@|vS=yDY!J`6o@(7sCe{mDi z<}sUFou8Rdzvf|F?_zY}taCogd@v}%3Z7e#ly+jhI4lwbnfqN%GW?>n`NqTO(X*DJ zxW%CFR~$kf(5P`X_aTG=6CYpVF*_DL;JeDwE^)%e&_6GTO}Cj>!-@&R7huq$QaP zhOn{nUc{n~atP?RAz)Z%9(_FUzX zqUlLG@NjVD;-fRx^RhCVC-#7=Tfx$INA)gxZqz`Y0~ZZi62^IVc~J`dubVek-b$?j z@nyA^?=#71uLGLXIf|>MHw4Z@h-Xd^8MgB3$EkMZQtR{Th4pflHZXV-3G72ozKKV< z#GtRA834U{x3JB36vSc~bauJF#52}e?q-wEoOdz$JJcwgTXobAS}(e8&8UZ5?S6$s z$0z#(p3eJVgp1}j00n$J<$pw9zUpBgSzflaGm3(yxhw_y-1Yj10M&F!evp1r)eW-s zK25n=JoF9%T7!m|DTKkiu9sr9GO}-Fl+N;}818nqId41@*{tLwWPgOey!@PV62SbE zIu!Y35I!9K!>_er25t&0%=3}z0r!xwR|Vpi)b3N@`K1SWIxd8^YjVQn8nCo5DLO`; z`O=5*-VZ$SRfZaSYHS#=Tk*xg+vqAQy_rCFx&g+6t3wmNF6LCV6^Ek6XEO9@D^wDj z7*a7-5EV>C_!mql|R>uRd3oh>zt}hRKP^-)9;O7y8@L zuP?Ll#{rq21DVkp&UP#uTjCGA=y`uw2I%2=fRS*pL~I=`E^5K7pokuRSQ}URw#!ld z;!(?s<=!$oxMjc)J-tCeCAt7eEapf`ngxQA!98L={-Z3ED5AsS4*Yhw#cgNCA_WZm zDH_?z@N?dmnymac!gSIyBmvorDm-V;a}SqV(KP1qQ`YT23724v`gngo#)VMvV^1oR zpQX$*O~K6FM$Z$iDSkXvi|zsdkz=*9KA zxj8^h*5!JZ)B|_(jVO^_-9}^SM~FA}oCb?&UJd8mH}=u5lP7UEh!adDkm4ca*hSj9 zlIm_P8z5?}6qmC1lDVR~+ro{=8i?b=@RH33p(NGWVjAQ;=w_QTBza)a&C%mw;50hW z8ROd8d+E43E7$G~NOsY9AkW+jb?%{C_wISR`!01@BzOF`h|ti^aXJ2QWUp=EudOGU z3FeUc`gOmT1Oh55SOnfz`WTp)0ZJFTkqb|>u;mf_H>D?-yeD*Gmj~%=%?%w zRBIfxdwg1qR@NNcN;$Q7^I5g?56B{-Y*SA7v!x%aWW%r4YXidj#=7h#o6E=81I|$i zK(S6b)LI=%+U9mG@8dj>hUEWDHv)U0wb1Ig)zhyFh+oI+GH(~vwZ6n=C<7h>a^f}u zX4Dl$W0=uZj?;?koA~Mh$B>N9TtLyXe!x}kGLUr2riA8ss0>L?d;kS1D^ox(enekL zn+~?JSL@{`D;QK`l2RIRB%ghg<`SNtZqXyp$u3q`0fc;;r$r#BZF`_?soz^&(g`a1RaWeYWn&a`x>J#^>6;EbbJ8Thgj^LI}H)NwKawj!Qw#S2>e z-`rsDJ~MBwu+}^WIk#0@s1?D4vJrFMlXqHG)2r;Tg!iG;7ABq#waSz6FcBzz_@dtS zXKcUr^bQ6938^SPv}|l_i}Qpr%xt^Cy2Hva>$o*?4Eas>E zMpU5w6Mv#!ulzdDSJXEEIuRZK4{E@3wDv;DcxLNMB+=Ejd-tpBXli97C4V>$^9Fr+ ziA=I9*~PY49})4^$iyUixr(f5G&0a+0J+HL^0pK3Ys^Y{Tvx;f^<5ut-}>slpl1vy z!jFH15wM8h06X&O?x$o-I3c}3cn+Z=3P>v&W@@|G?Mu;5K2-tPm67jh9k=oQ1LXZ3 z(Ud1_Dg<W&DFEKds8_O&1e4%SRQFSXT#a*%Kl%8F|t@2|)TuKl+M1!%J((Mku6x~OMyCA7_ z2L^KhGY)y=H+fvAkD0DdunKBM9OCj zo_T0`vzT|jj>@y;E*Tb`g_8n;aDE%KWpAGPpsyJFT`!{rTb*}(PG}0ms;`RB88R5# zJt3J;!cuga??PgV3ea^rb+Fp%vyCWZ{|NoMkbgTUpIJ@SPZ(-7ZtiByYd^so!9z}> znfBExpyP&!NNE1tKCP?215HiBtmN|Nvh8sd)6af!K^jm4(gZxNH^d=2`=`t0+imUf z=pCk+)*LkM`gok)eF)3aSXe$Kf!J~hBZ=EQLoEN9o6*6dX(H$1_?P^G457=@b|9}~ zv}lLwuB(-*bt~poP8{5n@b305U?Mxed$-p2Yk-=QIx5{uIWxOdfS*hgnC+ARED-EV zQSiSo34E<#fnc@-A;do{o|%*mMEaV${#C>6LqZDq5MeV9Ak-@3sxKB5z$i2i1b`oZ zOt(KcpHwVw2pJh0uj)Q*=pH2vd%o!FdutyoMUHEv!|RC$m_Bo32~C^;8_~eSxrjao zX^*X6<&_l%Kz~`JQdPK{k%m`6o0pXtT)7J{Np2ZyH&9Z=N~7rN^~)KIOZZLN6NnzJ z;(>Hcewnu^n_6buGjjA!CRao2c;a)5m6GbWhD3OZp^}=O5&zunZSi^0134&hW80aHVd=-&FnDoVZ0_H%T{mi=-p{X4m7F2P90a%pSY^!b>5}V+eY>U zy@{GrS-EADi1bnyR6$CLF2gN|gSE7g>3laEv7QSs&AMAmwA=qh#yfBUP|iJv)c7w_ zsfV)i$`r;O`y$+uTMaDtqTiy1NF)_5L(V?nyVOnVbi#a>+S=L%dK`Q~c~zS%Y%$%N zu>`wC=V@Zz#VVufr&L|swuGEPZ^Eq;Gcwreis)#6=x8`ZC$z`H=uUbtps&(1&zTtI z72I943mBZ<#*J;4^Z@V#+}>|<*TrNf9WS$`_MdUJq&mq9MzGCNakD6E?y57^+=9(_ zm|p~m*_XE=l;O8(7%j(HMMQ**#fvd8(hC>}rOK0sO+e@>HzpA|b~9inYYH2fUU|hH z`P7TR4hw&X`>=+;=8a5Rk}RqXb#`kz1x~%o#ab5-R0$8;)s`nLI>T*y-5t=_!!!>a zxiUZMvS;PHFbrd#Abl*4%-%iK72uHR7*#yPwOtvDB>1kRSp%k`BSA}=ZpDsMV$AAj zBQaQfce#*t24BycG1vSVk1R~~O({+P7dDo_Hf(9mrUmH!f*^0; z0E=Lyut=EHkU?lZrF=eUEn7=u&JIBUXvU$asMr97%pXl@+Uf)Ux-HSrg$KkG{O1{c zt_NJVvx2@QC7I*;^&x0DoJeb=EsU=pr_AD$WEHnw)*~a8-8{bWsM6LQ!G1l><2x@VySp2xEIwH zni^=1r|MIML~qTTNG4cy`kUIcSurN&lcMtH)Y6SU(2%hYJC zC@;WFjF9(Mwq{Ix!aR;%cM%Xx?P z&Yl(6l3gX>tEUKI$D`en0_!%TL&G1^gn5UbD6o7A1nR|QB;dt-b)_t<4l3Cm1_kah~>V+XJw#3FG zUOZPE>`+tD*27`anj5J%H0y3+=El=6FQd}>Mu+z6ohmDYG~1pqwj9Cn zJzfvzv@W7Hc8v$<+tY_y5&GQOFSxFUlko)~D}7w)O_^^xx`=X2Om%3L*>=BA;3$uVO2n$GhIes=09G=b) z5%XaI7+)a+qll1DYNO=Hi6TZ7q^c1e`~5r<7h4f%=iG!l61$i-q>joRH9zjPYbv%> z)B=fw5iJ0V`<=@GliRz!2|j-y)&rT9Xm*S)8D{6~xQV|9HOgGLoj?PmtU18dZyirh z-D3)==sP?vY_!=+#-uMVvUheUnN)Oxs`-6TIA0>aZ_~;@R+N#W(CM>Kqr;g18ezas{Uwx`2hwOveyNpC;_pc#gLYN3928P0vPuRku@QEuCUR8=mK6l4kq~T{*)YR}o zZ=h#*?S}-?)3--;B!g^}Ij-ryjr7ytqN1@9V+3Wa7gnY}ulKYu5aMALca2F(|6ChO zX1(@CEO_H<<%8_qH47h8_~c)z zk_mG>r6D2Fy5&KSqK{d(wCNPA*aO9-q8v#IV9z-y4T+;g6sc_L3H~DSqBwaMq{_59 z>|goe5U!EDcpxLkli^Yy>(Jxlr`G`j9SB;D1=tA-ZKqRX&K&pj$1djXb0;odh@c={ z8K7bu4iMHG7kSs4_$46q<%La7Fg5_A^bczGdC<-WK*MsiY8h1gP^& zyq%xtCkwU<&3=z<37a2d{f=q)7!jZTcKuPMXmLVRPxYY}>~xNpSyYG1%eoqPN^@LM zlP519Ma8i2`Sp8RI}DxP?IHQlUbHGEd6H;Hq9|VC$^!(a@hy>snB)9pe^k~IB? zw{#>1hDhiy?56J>?Btn{$ zB-OO=LNdNSoj|Snad@#yWf6dFzgt3j|Nm00*eC#%Z}V%9M(2-Db0@23=Nje@=`9zL zb{1#i^W1ZuQwXL7As;oP^0ApIn++_6M?|c_g4Td#A;t4}clwTiU@DuT)TrO@*~_C} zEW??(xkhz+^tB^+I4Vv26Z-2xBD-#N^q0TpZPsH(5X{OkfLE2jjR)DT^xOH7w* z^`{wLRmAg((L2WEdU@3gi3Q2gR4nTL#Ra_Cst*;`A5+XuhEJ-VM;fBZfseW}f9Jwu zjJ(;QCxc&07^C%4vFC*ZTWc0ADBe0~!Kg^+i8;e{qg4{pH5|+5>(-!k&d+#0OM_!> zcttGfBJ}d8OQepc)q63DEOY(=T~{3Rb6X+d1A@dTaBvu6@+nj-pv%H*Zg2WcyNS(Q zkq`qpRCG?}I}1{dXf=6lB&6esIW#U6%iq z3Q-yk<3RPu457i^vf_dRoNo-KbB@;7G@@mETO-@%>-WDmOlFwZLimAN;@C}%jX00D zK9BS|?mHkE-vJUlM+3nFe3u13wSrd+n_PZB*;yg$KZCh6`rUiX_~^-T4x7C*C<>Y0 z_QS^e_v%nbT~T(id?{#>k5u9d(`Ztq>{NJ<5FecjM^k# zFeifq@<47HWZGWpmWvABqh*v>uk1N(Kk}c$!6FKk)ChL9`#`O2#PLHxojx)~N?~d^ zJe)KE)x#(EY)PP}2;&^l^<>0)lyF|pIx#T4?Yg(mOR5ynzmB?ZNgy2m?2`nX);3vb zb2F=P|I``{k(&)2sZfX>z>LYwCoAs>`!=C(&&>ZCp+NAnTj~dv559dD;4UL0qN+mi z8r$6Rw=!}(fgrRMRh}!iTqV0^dgKojbWA_9fc*51;ZcLq_uP8X`|zdmI3NvYjbhlQX5lI5y_>Q6~|(g0u-CJNDi*pdI~H~R^|m}{8`Qn#?h_CpfVv+_h^B;=EX8%Idk zHm_f(Bm_NgO!n=xDZkM)8+fpT)e!aULfcnNRbsT^zLk~T-xM!-3Lr+(I z4>P!2Bs@@AS@wX!bnM*ErtxROMbM_i|A@?=FP{?C3-+(MyXTi19lSEGhDxkz@7ekDyI8&L;i*B@SW^e|eS18fs8(=C3Vn_+1(U!HP55 zy3(JH;f1&;a3(bYVq+OSW9U2MC|}Ghda+6wS&az2fv8ng-0xFX4uI~CQ0!8Qcvn{7 ziI#s@Q8ucAG!_})Fz|V9HCSD1_r0*<(im7R*&NW-G|r4 z#(50A&(hqsuG}WrYsZ+UPeoPfeEBMExk0X9S^jE}f1F4*xb*D#-Ljp}n!Lj$Pimdc zGAn$t;u2s**lCD*}mxR*{5exb% z&KpveQ~pR76A!a5hGC4h^osPEgJ761ap%?lV-5%=%K$WKH@^b!w8;8emza?YfMo18 znYqzreYmI{{-ed}{?kbPDOo-~u{|_c>Wk~KD<#(rg?w^C7b(S&usp_YdW308=cIqKzE8;#_f zx&)_V+RD+rpDO?3A*t~`jTq@+^yh4%7c1Fl;WQth;>O>U_%P1mxRRGeY0mReQhrR$ zpIdewNV>FEH*&-+>2q|N%gu$)jZS1sf*_DR1ZSC9+P9=y{C4=QVbj}(kzk@ugdqW^ znXU!AYL|Q_PUs;An5i9s#6TDk$&tDnl@bmJbgJtOpsuluE7ltKPrv^@Rpen^A5O8J z%CRUgkP(Rkg0c2%YF=aJUH4S!LFuBu)nyrCwDXTe7$QA;m-)5YqlD#ni?CE^Hr_~N zRPB2~mtj7qhJDZr64Wz1lf2qWSDc)f8nXQ~VFgc&YQ;rL1jpEUT|%4h6*`teI0)Xe z>0V@4NJhJRggs1Xf-X*%IE!6T$lT&)&8_*r{*rywNP(PG%e&uJ|KZsGeR##^=S)<) zG5vXSMqnsYX=BJ4+SVTBr7qW2WThN8f6wO#k=qC@UT7@)bXWrXC1}oj>)|gTwFSAW zA7)h3^woJ$+A*;GoYr2Xp~iH04R`tKg^t?>CeQuZc*FH(3aT)w zXzIA`{iN<{Fl9Os@j!!pVt1YAegyXc5pn;CR4Ra|mZi1dHn$6Vd9_j`Uk|yoeR)aX z`lPR~ucvW{TkCL$`>-odDj^lwa5$a!YO;bO+uBaI?QS)W6kzj`9!DAm@8V;a2RwH7 zh&0b^dx$zm7WI1_GTE6H0;7L9#JsG@Hg7SMqWK@F+hrXz{C8--OI$_qDOAbkqC2%d zrp!cB2~ylY2%Y7uH~}f!4Awt?A6dBqjv{HdXZ7UOZX>bY5U*PD?qi6`G`27a1SXuk z0tV95Y8>f)roD`8#=^p?-6*{F;9;W(>ERq@U0U;r`bt?PW@S|?RjbkJ<2A695@Ujn zU`0yOi7FG5dqX<|xkh5gFVmo-|(CB+La zn$IX}Kf)$rt^Dus;opgLUQPn_htVVrgjy(ot0P3LLDAn;Ov-Y3Z}*@VAtZT@e>?FV zo?OZ3{;Yhk^(48att*o0i89~ZNF?Rkk1Im+Uq^qmCDVDH-Jt!>?Ixv;=pm6Gh%)Nz z?5zC>S!K;nEC?1mB}<$fM?okXVsIdxEO8MeH73mx!}Pfd+eH@X36;hTs3rmr*{JyG^VOhMFO@mxq6*2_dJIukCbu(5aoVIMD|3aGlY5~lTJ(`hbS-Guvs9v#g7Ta-2 z7LsfYTWR)s)2)_%Y+&I%6@f?H;WjIy<$WjZUy#Cvl7GnpOU5hq$tr#LY138X+#H6g(y+N@)G_kg(Lo_Z_NglTTe0S z;z9Lv4D#eI2*JBy%CU+$#pP~vorZ8a0Ys^!Gv(RpMI`XRh4(6TL}li+-w5gvKtO&4 zp(`Ei7bnlMPF;QuX_~$#TjK#T*||LMC753I{_V<+aENS=vS+EPlOC7iJtqFUL2AzGJYnK+e_EYaS+Iynyw_!7zvP zQ*2COu!T!(eil(E$#cqHV&bV&79hdpY`4gU=jQg!JCdveG4ZS0?)m!N#pg!zlB0pk zygETq^1Zpx*xzLP*_MhrXm@6vPwf@nW5Tf!p{Qj+IS{Oy*#P9_1-6v*Kdp8m*d+h) z0P`9)ME^ecDWk54TifDue!+4V-?>A}t1d-RJ)9SnpVZ3fD=(HOq_roTkM!C%Zj-&RxOgmHeDh~R1|Smh zs;XNm3D2qH;^G?aFXpRU4s~P_Js$4d?tt5M>PAmK+;Qy{d;3*4W35?Z6+yhHQ~6<`$aMe&~r>;B(=qDAcb;e)Jo#iWNlgp1|FwscR;&crK&|?68rD zKSe1JvmW(_JVfYOnsky30d+5cbaJVb+Rlwt{nZ&A#SoyV2GY*q)o34Q?O8-lnG0Mi z>G(T>jOTCcwJh!kZqb(1Pa6xxPtGnWs$FCR&GXlkGI)6{pj)G0xX=Ioy zgamaU{|7tA4kHRkuC}}JB&E0IF}?a06X%y=I}_x8rM9k?3BC&Gg#m4zhaStFKffAs z3hUn7Zn6{hB(&c>5|NXGxWf~e?;b86`90Thmj!%$+8JdUCyk>HhrKUYVq;?);+~%f zs9rwN@wg?UpeP8lK{M;?+p8!CfmJj*NRHm6{qb)9?vftLNX~%e0Qq<>o(?8aVsJnU zUKLxie;q2>`?ZaqgPc=MXOJhkNh*as+JL`7nw0 zJA55=ov$SpmMDb&rgTm8C5tDHS*!qO1;^pzZ(;fZGe#I6glg%IJL@>be?$ zy^uZUzL!ASgwJ93WSHj^F(fo}v6%1fsPpQ;r9BkLJgTpr#QPc?{GBwC=QB_~a9vzn zTy2oryTmcDYnXCa=f|)8(oqw4i`V6i7L?3X?;~GXA=3ScvcnEE(KfuR@)N8@3r)1b zBb87=soQjani3|3n5vPhz~_QIL#u}#SZ_d|&NQ%^{yKeEUx4#}FDO4(iTf05?&3U> zh=Jin5&#lNh9D<*sF*VGvPi`wrPTSfxDPwL7Pi-advRDU$Te%6z{#pRd*uaGv3hQ(g*5u8gw zX|aZT-vAr!KQ!eC>dG-jsKI$*y;Q7j6UmPa!_;XA-H%p}1?Q8*2(ajsBH;jQp9 zI>5p;>qmt+vnfkvCKonXt2C zgsL^xLFA%vQ9VF=z8_T>nd?g&M>P~(j>nHO!xIe&35kI*Kh;{#4_a2g6ykGJ;PV3j z(ok`BcyIcv4115R)+5(PvV_g7t<*;gw4HZvnD`NzdZ8s@mNf%%>6H<%PLm zMY3JIj8x`dD_@H|z$)3rEhDg%W*HQAT?=@TYW`lRFP==Rnf@i_b)UFYh@g-a*_r_f zs&Ld9I#s{5QkMhkJuD)WnpEKPCNUHGvx_dU$COEY)Vw(;f0Xk>pWprQ(xRr_X}Tv_ zcQe0O(+p=|M!P2h5`IpDw40Oh2|0=!o@`yAEr&shOe0BYw8Y46_1)aaMzhUUUV zDJ11}R0~N@p1^;R5D`>baOm`=j~1ZXe>{AAu>E6yd0u^JYHBi@?IlxER$fKVxPm`u zfAr4H&oA#Q<$pMibbYwqvR~^$fG(e%)ly8+Gcr!kc>_hQD}t>#i?s^Jeor9kctQbJ zNldG27$B7xddP4Z7?RIP7M6#f{ecJmo)nk}O~DY^@=IE(i}|=G6|&sfZc-0R1?$>%{k)k0W0B!~tSiF@F*LqPUR>lQmGJ0Pva*exM$p}= z+DmVjhUaks)K@d-#)V}1wjUHp%dpN047Zp*ezbN<5n9`Ve$1l+N<>7F(ZMRQ0Bybi zea(-ThY1Yk-?Yo0hgSqok%ct9?XXIZTteDhc^Pf9u9P--KuZj50LO1OLGQ+-jT+M{ z#fxccaIk2mVe)e8Da?UU-jLLlzE^huO~z+0sI(OdsGW72>SEp({W{kux6qV7*bL2X zJ4rvYD3u}>liNsmi)SC8+hCzDzWoR!#aU!Zw$wI8AGw{7YXp(-%))1Flm;9POMVdq<=ghF6O9$E`&= z`C9CeJ)?v9RCb&az`G;(q$>?6zEJ>de$_f#wq6Atdu=7i)qZF(ztj+wtjd`+;1jx7 zYLBLCdifB1I4^_MNNXDEchL1@nLPj(!zR>#W6PyCik;!5d}dlbR9{+b4Qfnb47u@c z-SRwjax2|Cv+5cID|!^4WZoD=m6Ulh*@FjYJnQyDv%T0oO7T9O<(+hwX^k$?NFybV zOaXq&p-BqN7t#E}hxei0dMG7X;X0cpVfZ!r$fOD8G^l%WYcG3uxOq{EOe-xp{rmNs z!9q(j`y>t^hhe$K1=qk(h~FOU4t|=@)MK~5_JpA}GBeLqC{%XfqJjb>7C=f$j-|=G z7L}0X+j8bg&t+|HgT}15hJs2Uir&a*=u5K1b{?j0qmKYktl1e!1!*;92p@`B_}hJJ z&IdI_H1FN8+f{+OE~3yOi(E3wu~Wva;HhE{0r`VdUegPu(YD5>yq0XnIL2a!`gS>x zkKbAMAeN%34In0f(>ix)IW}-&9gR6w(ZWj+}_c)-<-)BjZ$qoQ5XO#Qxg9#(MsvfWzNM)$ z3CUg<#0Gh_FFCfk0l7M9=@QLZirVb;=y0wA`l0i@rfeX4?@xz<0rWJw3;meTB>Ah4 z72ETFb~rS<)mMkoae1?)PYqb96XmOu$7fHTJU$|X%6$K4X_Eccm!4Xabr-D@9*2|B zR#NdE&%$Jw*jmZX&|YQv6QDW7quQ>LijA!h7a2GE%&2ViDTp6fp&tUV&hRj!BwkMUTtk7vy;Ny;DpidAvBhS zK-mM<<`0pZgVeb{3tzo{`?~s|6Aq{t?*T6=Dpu5(_odhpmztSG>zpatjc#1+=H_J~ zq%CQV+k=XNCi+KbXJK7yj6pUjb!4xAp<#Ad!6!`*Y-PMM<@M|$EmLosz(uB+|19wR zcLB=LUVR>!Qa0isfERcIpU>zgPw)h~yOR^1a{0+i@l9Wo%I~bs>Hu<#@6U3m6ooSr zUMBNjd$N42zPi4$m(qlP`TX=*qeB0H%+}K_GlEY&!kIJjV{yJ8+aX5>T&wI} z0NR>?`OrQbO=47@zpo(BPI6Z7Df|Mg-%c~UJ>P${fAR%N>~|;uh0DRk!Rzj@39f9x zyQ`ULI+yx^_c=wL?c3zW0f1qX-e3_1A$E@SkAeh*Skf&Yhyu?H^F6TZi zNhyh3DzN5vVItc1bg)nTx1R=}+lVH%->MyoonObu$cNz2-R~zkN-FAuj3XK*NYU74 zp|7jWXS2~V-Wf(!Hr)npn;Ei$`~ybz@jQAZu*WX?gkJ^)nmuOa)OxAnAR!^E8~*AS zSI*vw{SDuuW|Q~%Im!_tP#TxF6SeN&zxVI|rSXBc3L-w1!^2L+Q$Ycdw3Ev75?k=e zSytNAOTp-c5aZL?9ny>+KZKrF zsy*LO5rMUK`q$6OJWzZ19C{(>^dO^WWaJMBTG7c*CU70^FGKogQ~uHD=w>@V3}}of zCu6kxBb`SEGE~PNa-g*i-Y>Ml?tI1tU7xn$O-67CaPp?gpVCx7b1%{blVef@o+sI3 z>>CbM%Fsh=owo#wH?arm(B8k7WO?IYwvd3>B*b&^VLrRD0~b?8?k%+O8T2G z$IRQeZ{-agxtog!vgU3?_mYV34zJxDUz^YVKzogZRAs}D^9J|ge{JwxU~s#8eV3f>nv?@|q`D|kNvBA^o& zQ7wtXlRvHM|Mlv(18ZHdGr9B=3wHh%D2QZ>TfLq+m6it=OmLg6H;^EIR;kbsVsT&* zkC$%|(_4plIr$cRjNL)1Lqo?0(Z(|Z@VqNnGk7IP;2XE4)e*wK$p-8|!3xrAn+CE7 zbYQ{>^9alMEEB~M7G-(8q>-4ai%yR(^@lXhn$P9OoXpPiOJ^Jw=cw{mWG43z)Em5d zgOoq^nXGB|7aUg}N7|20**4d@ver<@Aw$k{5-hJ>8;;BJc}VAK9+p zpUMF>(x(*3xLACh3nnEfMDShqAb&_}D^S&IlNYAVdn0R%`+}L9 zsS;#0+2jy->#VQN==>svY;NopDWc`d;H#XaclP0u)f1(T?e|RvBG{{u{!?`UYe*pl ztY}|!ryJ1+Cb+eHt`8hPZ6JgFKwHDQMRx-=wReNG)VbZKrt)fPh0e|FSfXN)imJ;f zbxv=;HH?NlVWTGwiJmD_!PPW_zR#o&N;Vt!qbN2%$ci`++}*{=1yI@MZ@;^jzgD7z zgul+oy|U|<4#|&hf!9z;6@89lzi+gMyN=1+<9ua?Z*9V^nZzkh3zQIHZKl!8(t{f**a#K&1%tkCA$ zNvC=AK~P3Q&Ia{RH=Rqp!>JvENmVj5qhITnfxSz+nB%b>H;%1kjh2ifQ}FPnJ4J7D z_uBD2#qmtn!ET7eV)>>4xJ3+Dpb}|ojt+jYl0CD_w%6yM#DTgz1hUv=+JZ&Y2vb2! zb9|oefgMZFf@ZBZP|nYh)o8;)!g3YkW0@~SLV_b$IbM5QrPt^H%=&@LObMQz8|x{V zp^u^6llLaQDG%PW@V079ech!thE_e!os(*)huZK;P1v&$N87351 z*;q@kSsiP}s91Q_kyk}(POfj-NB^w00KY;>vEnJQq_E(RrPX#L)Dw5 zO8pQ=CPS9*;P)HuFVxNEXJ>_9_LmeYY!%Zib3S)dueFj#ASds^IXVAjvE1KbAgWyKL{eBNH{pp3fl7BT#2mM zKT%Pca+v&JrgRETmYGhSRyFGJHwWA!6 zsULw52mp<-DL@HRxaQeF$NjYy%a-1-J;U>2@*0n>#e4AayK>tmU7tINq3(zP37(q~ zZ5_6vc?PV`=V7($v|%Up48oCdUasv5W|XbBq`@}V?TgC`^) z5G{kIS=_NOa;F&>W?L2hl*B!(&_nh5@OY4a@=N!c=QdepbkeqFvB}`alzS>&BEDty zG98x7<$Sj(TBM9k4`z(xV)&$MoBiUu2yGkiOO9E+=uq{=o|&+{9@-QrdvkgfU&0hp zBOu(+dxi~*uZs+}|0zicbA8`JW*beW*$&vt=d~kdIiZxvl^>@}Yiu0Knb_8wWVBn> z4!l_)J$tjIxQOeKDG?*fB{E{wx632A)7je|Fm&k)~6jsV=wx8Ll?99r;V^v1X${MSZ*7PlUHj6lf@Ks-IwCv*4-+}zGcs+vzoSl*Id6YzX z>73L)_%Lj2ZAE$ZX8HP3zN&>lM%(Uh0b@R{x~94?*NBb0tJfpjV&W;>QyJir@wL$* z+aiS*y&~TPBDwt>QtHMZ@qs*%^(Jgf#TayR!0h_ivljdfdD><4O-B6q4Ziao+@ZaO zMzmzTu9^_JTX1^e5~=e9>*dHY8(!XAyw1%*zbA0j4z91`(Oak0dQB4(7#7v_;B{4m zni}WR*gFb&mZHrDX7O8Wd;!c(GML#Zf$seOc4Ux#4l_GHGnYU8V|I$`eFZ^IM(UcI zBioj0V;1>uIHam<>SMe7IW!!56v!X^w-s~NmbUcMPxe#jJqim{)igtR;FG^AN(>pZ zYogAIiirsSh)fTQr?d9gZuj>c~n+w2@vN(I&o{is(ph zz1^`Dqp}Y5fRnQ1(!fOR*3LR&{gL< zCnk9}EpUG@vV=D8MnA8ijxc@eQ2#X)s=LISnQE2Ckc3Q0P8_|7MImqQO|ntYtDxdg zJBNk7nwF3rC>EjU0^HFQP$gP%EHX?^#p5PSqC(${OJ5qSV$BkX)?Gn`}qeo2@f923v)Zbq#^)1sg?!# zWpn-0==_(oR>1l$?R~ZX^OslBa5*`>MfLR=i*lmofXkrd-H;sUR1S%DHn)FDugeo; zR4j~f`RZ#5v{%sHzfs2W+zxawtoPjYBe?uO-4V97(FC2 z4OHX2FFDW7AtVF6zZ(}D#J^V>p3fDhaY!rti9(|vb$C7CxKqn%j)DD=ErLvcvi@uY za)Kop5}p}%%KTfYUQ$`+ne|*-#@rmY^{#~erJh?9C-2ALA8wG$qoWUz+&gnxD6~W$ z!Vv__xWjP?i~iAU?SFhW-wfd3Ps!oF)rY;~%ZT!=2&vmS&qvRf@Y8-yeEeJTmPrHj zt;iZx`YgcH2dg7Zv8|7TfThoYsh_#t&zpj2;~`2h88Lmxej!v86bcB|!jxB)1KlWg z9RDy&UDE&&)Dhz;V+8E5S{rY&!xzAjS@aE36zq5ocfwr5Q39N3YcKTn5znrkNtI$C zppa!8DoI64+D*D9hdKqWDzPFB)$Nvt+{)W0@Ug`}`b&dN;<=Q*DK!{~VqN z@Ub)_*F=o}OYH-XihyS}Pwg8f1+%~fh|p0~=U1api%V?tp&oDLecGiP*-gHXAo~vK zG2^XLPw{0rD{J zfnRf){)z?5PE}yU_^^*l)z|>_BM_*aeHt{l=w2Q@vT0Pj(9eId{gEYoMjkY0k!AZe z*+TF%7hxOsYl-evazJ@=GpGk$`tu=uzMP3)Q8^gAlot8<2{la?$OVD+&V*ILc$75c z7!Qv~MwqtkJo_{xU$ZdIYVeRxGnU_h(TcoJoa(E}sUGl@tlTAU9N77Lcp<-}kTot5( zC=fdD!fj1H+d|>K8WlH@K$vL&nH4R?W51 zBLK{W;Ce$^5_F>tA||L#)>*bi>HMiYyAG_7Kju&S{D%UCEvW`DO74>Zzsk4^xhfjBUm&a%C!6I7TQq0PO&UY<-SzZa zkcuKpvnuoCxb;^Fyg5HtL6n~!N8EACu&ee*TjA$6X2pJ!_!jN<#xL1S0-cm+_Qfn( zV2Y_a!}RO)aXGvpHUB9huedT+b4so{%kV9RasqWC*;V1B%G}2;o!+}_)>w6B7(xeG zEy~Z!u|^Pow)D&)sslz4ByfA)H8#y=Dqb|RTr+|0YCbhd(H^>D{psO-VoPaosNM54 zph|})HbaZRiukrGx%c)Ja%bVvx3wsKrEj_z-vQ95ojB{9S;TbAhV|0|8*&&@x zCyG&vOrpH4Zb4dGr)PhTZ6&Ljk6OA;)w4W=wb-@$il#{9 zcW$+9x;P3J-|*Jx&=xACz!l;@7szc%tufFZ7rW(Q7A1*g)?=3=+nTyFbA5|h)9o&nviIyiM@KSW z{d7%AJp5x%*}j%8Z%-Hd!k#PFrc9Tg3mm#%{)-VUKOWMqW5*s_Mn|;im#NHNJ-kgN z^mAc5h08F5hRP#HCx1&bx5T&eWBPMO7`|mYZElR7QO^C{253*p=AgYyNY)=XFSBo+?Dk7#2?+QKQB6U0SaLo%)B#nUi=%8eq?K& zj7*-9YU2dWZH=_sgWqNnx0=u&#yXxv|NW4v>7WQ+F*4;E;5bCU;!~E}`i_<_d=8I@ z6y>}Nc(65(Q$Sq8eiPoiIGK0iD^gF3;6DzWqW6>Mv1dKdIRz767G^+=Fe-B7`3CX4 zwP#L&0T&5Nx@dv_c;iC&q;#iqNkmpTlic+=yN{^Gx5uKCSmWe#o4O&k^`3Cw0S#YH z;7s}yBfO`Ii`iUGXB1Ms_NlDr;LwCbtr~V}`8(YEW|)Mr3Wu?c=w#!QM$XI2&bhu= zU7xTw*3+^>L!3?+9yLXM{hQtg7=}}z(@P$oB!+3?EEM}%U?tkvX)|PmiJldTZU&Fe zu>iO8tBQtm!B|CaL%N2GBhmG(lBTr&etAILkn!u+l+(hUwIKjUR^;-%3S+!4Vn5*G z>N=v^zqh0?K6Hc;n_W zpeo>$8>*>=dKF5$-w$EVJQ&cEVUZVxadC}UZ$_Rj&ym>H@4fMESa|wmp>Y_drXzo_ z24kMxZ9MY}v9_}da&Ra!n<}Gsx^%Zx2_GgNPd~eeI`#1MFyC#wzz%h!a$d1A$9w{z zGIMf9n5a8k*@aW@-#5vvsu<^7xYL1~@!a*6-V)IpU_bUB;+fEuymR7?#k9*|XU}Md z8olw4kp*JiYt}4r8`G5q=BvH&n=fki$~5&<_t$q#@$1JuPMy${72kK8Vq#S9uboNk zH1VtzW~-Pc^^X{GD+v=C2At~%wGn^i;pte9QV`8K)bskl(_sNScH5cZcWORa8)j~d zNK8oB7>E!>;{Fgj+s--k$SEr;|EZk1L`T&ur%Y9PvNs$=keKhL2#*d8iS60%y>_*^ zSETL!gjK7~zs$;qUH*2KB_o2v`1_O(FuKNB4kLtgYdS3Br}_X9v0Hp@c8%&JFAt9o zNyruHjH@d}8E7bzTIy8m*?B2wMmX}SGOlH?%e-zJbUAkc!l&xDI9*WtvPssS6Hds- z_|nN*qMI23^4&hPapA?IX2YC?v>3|r_v-O1 zdz;Wg98u|)8q1%W2ngP^7!Z@7V&DXdq2hD@fV-c?t@!%7<$vD^=z8t?9-PG}K(#fh z*M?ka&wevqckp~{H0%PQmmjp;*s&e&4uD|_hxapm8O61hj@jFd8xGERR+h@-PhV}u zIP6!yJ+k!H&^QXP*D%ymT^#O?OfVtKu_}7B_qc3?vP0GZ=cK2~UID9VX=xdYXe-$5 zk(W0^b%~?u_5!L*Y6WT)24fHV=kP*%!snXG&xsQ;6FwstQBJn4WKYnOTW6luR?w~s zi+$e5Pi`^d3Zr&&I4{Fv2V&8#uTaBW|M4olFBgy;IN648PcYMKW%;w=Zgv2JFnL zHKW?I$)cZ&OGua_%iLcVyb7evJYL<6o6xUy^OHjz!N1E=4}3+(8oZ1IElE7b97mmO)Q~5+aY;PEO&{H=OH=+ccdt=1GQOfB?I&!^VULp|3FGQ`PQv518^H3v|B z_IQ7{$xR;>%X8nF4h-I)y>e5y_bSXez)sKLXgl7i15-V?zapa|+Ugccz(7LH_imu+ zFBkN4wW2L;Qz^qUN{O!C-cRsU#1VCfDK9tEX=5SQvGH_~`*i&~NnRu}A$;@a?ibRn zS+4`!deWHb=Lc)~6!wW119}&l_q-)DJ*KiK9fjp8jCuB6CGxjg89ddCh)?G2D)!^i8gg9lC74}xf-+?=bzhD zIOys4qE)=El4b7Q+fNVo-q_m8nV55f0`K`5a%@s$@ln0Q%6(SX~d;8~AU{&2e0F#dk-CvW?YU--z)-{zS>uM$TD%>OmMKe#XfhPow&F+r4w~ z?E1J3=pAnjVA1Vq$=fsklOsqVS$SNd_t2uQ1gkTE-UM~_;EPe*eSD4H%!NzQpuao1)i*> z*lBWi=scaT<8kv&1LTw&6x#D7*v;hGQd!EvdM+q~PoE*;1&W_XP{2N2Az{a!l?uIo%V)EO|JIX)x{4gq^EnGC zxqSr6y4$gm_6Z~ybCUn_S@JyGz4d)F@cqy0BVt~g?E4f~RdCE6?5 zGaT)wPO$s^er1qb$XjK9YPs#x>9H}njuSy9hBq-gbqA^-!IX{>hw$J9thknaLRd&h zId#wx#<4`7_{usVne*yBYy(HXRoXKp1+wrjS z1l)=FyuB#!j)*91y9$L|2vyY8W$SPxDN?t;@2jA7`-w-IwcRHUWIJ;3214jAJVWcF zLz%(sz=XL8sci{?Jb%gdw$*8u!cG<}r{q(=?Pkk)YI{4w>4k)^5$C}~{v16fCMKqx zeeNC0kTgsA&UR^O{};}Kh~1{dej!H~52y$jC2b+D<*xtnlosHjW@zsz@dr&R->zPK zQV<*{8S1gy;5r;{T3Atg+1xDvn%GI>)$>heX6aUW<*@rQ=Vif}Wt>j+yPz3*18b8P z;tPU4ZiG5cLnoUwBOSA?{fz@cXF?4J{hl*1I?QZ9@8Q7(7^llyEo15Vl&FmR3sCJj z<4U8LxwR1{JQ~#29sX4xC0ee;xo=!jjvp+V$SLc$|Y*iANAyt;%%ES z_)aG)vC{+vhkJ4>Tz8!sB%XR}0GjgtZ+y*yO?nR*LkCn&DZyp1U55C}^J{R(aIX$- zWSlv?FG(LAzko1#&>pAI?jfZ{f|=Hm59}_mepf{%gV$uFqAB#fOv8#rb8c_OYDGP? z=l-1m%FrHUP=2w{$_jjY|KW11DDmata_QA%4w2=ig#R(A(AvL zAu@#}F`6JP+yQo5GjgM_mAVFGcBZgu>Zrx*>=IF{Yh3z0Yh>fCf!Iny8j^ z9%zk@LG-R>Eu$BF^gwv92lq`ilZ4KjN)G~@@f;PPssX~7Gncmp>ATC-YLX$-RPTQA zA+hf6?#$ger(4NBr{)l@u$3lOI;X;_a9yuGl~a$_>d^^Q&*CuO>B)ePc)@_k$RT%a>gF>M@PgSn8Rvm|B7UYDiAobElZkGijQ}Y5Ouj>d6lzN z_oF-c`T12gT4ipeXuDP(pw7*6pxiR`+iVX@+z6o5OKS~`$Zc%P+J5Lc5;hS@AXo_o zFW}Rj-ts=$So^5VVpIMrgD=s-z<~b>E_xN3NT>P#;vjl&@6;BHhm8 zJZlZ=0o-vMw`#IH9C8kGc^If=KgY^qxW{xQ+_c_uFvW9tw|ihfX-%4TtFL#CLN~vTLP5Vea>pS95+Wjxd4|E_ni}Nhye=xq>QnkK&M0f%5eVodLhE%J=FdHR zRC+qtrKllXUZYXAcDv`|Z(nudI!sMBXFud4a_jtHAdB{V{yiXmv28ftxh1uZTuaR% z((^{*t-t7J*Q}zN9oZ8;0v=WsR$5P#}Hp+y~xq134=xkk4OS|DZJlo#@lpErCRT$_J!@ z<2Bh_{VF|L|0y`bnX%DOycxiVe*CixQS)Xq=}}6Cb{)=i_hs6s)gnCVpIHD@UpPSZ z2~L#Gq1F5PT?=%u?p+O^plToeR6@$1%p*sp^heR9%`G0>zao|8aN0emUN~# zRI3?E$F!}qrfO|EiY0^&xeyBiR@Xts;*y+W%(?%#9|YPd{%1}R(FC?cYV z(ps>m=(XTw5nRTABCT`DrW2qn9n)Q(vW&;JX&eCZ-?u57kFtCQ6a7vd{HCJmlS2iPclv$(@48d(Sh9rc>mwR@a1Y_Lr2{{tl$Mq_dtZ{mkE@>$c$T zLHq563pVmhf_-#5FCS+c1 z#$rIjJG+?_rUR5{>n~h_ba2SnZa7vRB&TbC;yNkGBd=qLFL>2>HjDo=aGRxXpYQ}i_rDyaY_sqLj~(RPmkNz%S-aT zlcMUGcb5J9iD)Zlc5eG~sR9f2-xn`|3w`%c@F2r;Hyto9FxZKL=fZG;7r59xoXR&i zlOe{e++Ccd-4Rd#eC#!Fc5N~*{^6EXe5%RDuy?G;W`g1KbJ>p>9N)nqua_KoC(?X` z4{dJdc&*>CO@O|jQ8TC(9M5EPb>tMh7Gr!(wu;--mMvaWwdttc<;icW;%W!8yDE>p z9t6~R+dgx)t#2D|nZnhv(eznD?PTWVwsj>B?B_P#x>H!M!I|7Swe{YO^3w4}g_!ou zQ(Ckz#hvNzgB{i5khOZg+s8c&xUW+eyE{JBJDi594A;7krP?^8VdxypIjT;l54r8e z?NaP-<5~y>ery20N19bvARZYFw=c6X#&M8p33z*^QtbLv^%pt*vk1JG`_@8{zb9+T5GWP z%LMqdE_FY_tsnmib{*H`ld_jH12dHd4Z zd}g;#JJcERv|#E45G$-~cHbqbj@lb;jD}M2maF$2p~h@m#yh*SfKS$E!1KSu%zqtT z@t?yNm@VA}S?aoCR9srrYkvoUMNMyRMk$D7%oswUrXvcpH4z}T z3Igdcan#Ad+R(+efPn9%cHrK)^2A`t)CbqCaqH-~xVKH`zCLNxCY9e0#igc>GR}5X z@!s42<^kCkdLKthZHy>PM7F(PE1%d?@bE}*_;5kkabDfjP(bapt1q^`GS{HY-|=KC z@(?F_9CW9VU6Ds{gV}ypr+OrbpMG3IGIwfZq_qY5*S^Wq6*DX0Yw%)k2kmLjfasX@ zy+T)bO(|aX6PGzxtZ1?$mc?DZHTXF=Iu=e0g4&F6B);d|*3%UMymy8GOCZ9!`SZ$r z8v6$C)A+RwO!bx6vuDpB0u8#AI`;`(4<%0x7d0Vlt_!53G+QjdUX6Foi%!S04;CG5 zB-+#6c!B>23efFkKkI((AaL>mVF5GXHjwMm+{KRmX|#@^#1#K!`))AD+5Hvuf&sCZ zmCLi}J7WWO{V-VINn?T(uJo_R-eSP!pf$kRFGYxE#X*mcW<7T@xd*h(NkgA97Z~5f zwvveEQ#%+>#0^#rdMqy~oWpcY*Nhhm(VicLEQJlM7QT~+>c7AdI$_Nym?m^rKY!v_ zofdR?8T0nf)jc=Bz~aj6=S>1PV0@V5itDFF@|Cj-4ru$)Gl9ZW&?&SBD(DC$Gy~MQ z^pD1N6N`I>2ZTSVA`KPsx83gqetIEzbAXje`GRyp*C?gb1qxYt_QbI`J7Ql|piJ`hvKJc{15h z-C8f2tn8QhehTHMx15{o1Qk^j=B%b9gd4nF%tJa|kozZqBDvsQ6?i&wLsRnixBpVT z7eCC+&CQ%E|6Wj&(oJ~?Tvc|b+1j<-Jcnmvbl~x;^RbeRgMlVx@W|E0)g`;YQs~H7 z8nDmhAQZAeteiO^DPrM4 zH@wrF)XSh4R;|TXkV?!U?`-xp=+owo!;UD>*=Mk(2t(U8uuYd|t`#$d@;Q>3WqAO2$H#qquVp(-eW+Kh+jIZ$jK^fi69wthy) zX8Nib&Np=TV6@dkN-IA9FgvlBR!w_)a6E*Vk_}{0(J1gtz+Bed`vlP|S@sQ}T5QYj^lJDMt zXcm-RU{3!^F3G|dH&2(;suta9uz04v4iS>PU13WLwWIY;dguR?l2S_aq^n_5;61Mv zCcz=%V#hUN(393Hb0;eG>YUMOXWB7(UYf7|eBZJ+Jzlkt5BBVrZQAfKr(cC?;L%A7 zv?R&y)Vh*?fAd{6lf+u zZ`YsxrKQR6_9PiB)Zm82IS+xM5*Rn-6t7JxkAouD+=im$%K_i>r$rj&n!%rdb@<){@KaTdcf8 zp;Su<{}3}JZEN}*dPqop?44vsnYB-bhU6Egyd=ZCb5@zpLCMjjkd_(4j?GE)aP)bgyXM*uDO}%~xq^u3 zUY6i)4J_G%T|X_afgn4K3i{jm8B||#@U%Sj!k?{S8O#HN-`3V}kHd+6)T**l*^}`h zonentQk1pq*C@JOw6T%56yoo?JC!qI;)|)gkoaCq(Dsrvjah z;}c*zJ5o^6)Wz1Aj4f$8W~A>2Eesv7*S{-)-?DxRHA2EpempJKH(h_M zjS-6kVEXjRwgH>xQF+gO#OPxgK();pCm7{WK3pjOeeo{98_79Y3gK`4C&bT({>hfp zT33j;2h zDC`#_e4Ka*9}lSZSBGy##o9yIDoX5ih@4g^=CT0$A?B3{RO?xG31ioaZlW6dPX#C2T| zM%Nwb8clEtDEhuoF1SW#{AJzF_5v8`vUO)K`|X$_l*aOz+H~v8c(I0Db?HyUy1(J> zHSWU>6l1slgd5mZ$pOI^`aA(0{~2f;0~A3|gNj0u&cpu9KOCTLv#H9MA^ABxJ0yvJ z9DtraHPJ2i*5KuP701P`XtsB*5sge;bP{|Pf{mP>MvNYZ$WpSiL#Sj7#HnHZY`-Bs zLs}sOQLU{KV}x>Cjt}nxy#%Az;!q3sC5!))=7Fa>*OEN%AGv_g5D@kJx#{-;6nTUr z$<6bwMB`6>&fK=EOc2*VWqbd)9XR+a0QtJw?T3TONEQC3sjZ%V&$fWlX6>y`zI5lZ_fV~5x9F+MroLg2oW)3$a`VKv5$38lBwLL zApRnCYBR}oGhnVpP(T$WaJM4Il>Do}jiI5TcIv4F&)fWz3%2fqWM_{Xwy5u0mo)7> zsoSY5P&X57l-T&}l6H|gCoHQ)B#yd;PYfTyq(;XnzawuJBKrFdNq!IV80Z$>%^EXJ z&C_)-H&{c9p6?A{k(7EvKaUhcN4w^_UYwIR?-YZrDC{v+)`F8O*j&xVRE;E$O$Xe zlc9Q>DGj3psi07sD%UXc1W>WW`we>fX&4!=tKfMJZD>jTKH{UwM3wj_((Bt=o-4~T2$KT^&(4!;*JI+6J0;KE4o$hoS@MEOCt{w9VJU(It3M&%w~VRmWt z@k5BIeF(nti_PxF1KRjEh~l&Wmu;q;AML6=uSb6TT{JKpy#-hHd6+5umox_^4VwC~ z_x<^!|ENggAbvWCqf$F8=QLvX21Oa4auOdUyY6~L9b<}D!mP*EvrV(z-@aEkUnQI0 z`_GD8E5eKdQJ%ZCQEc^pwSguK7xmP7_5E`~b`~|%c#P_4Gl@-RK}lWGuc)Z8Jr60A zqk5^QAe4iUkZ@E)>S_vZNO`fR5Wzw@oFzlaLTX~ZL7fkvIDlyk?pjsx@g3x_*RTT> z9Q||fQ^?A$zC9D{vL|ZW;WT@>-$0%zr-(10pZ^R(PfS5-r|m`U%NsaE3PN07ris3C z)v*w%a#C};yIWnttHAv}SU98d8LK*n!o5E-8o5G|WbGqzQc^v_1!vh{Cjh(|Fh?yp+?9(|x_F^(}@|juCkH>!M(azODRvGF>EH*6H z1?2VDJh5L$$VU(`xUQ;PT4glk>Zr#z4VZHxRa-5PuQoGsxpZ}|cX|$GXJY31bqOF` zP3xiDs`G2IF%oTmmua$ACHf{2t*BB+)y@$Pl zz?ZRl@gn?;&*AFg2w+MOyS}-n??tapZUK8SOCZm|)aE|zbjr!~Rai}t)g6SR%r4Js ziIvFN283~B4g1qiM`y=v7%Qx;tX_8Q0^7CBmUO&-GAfoLN1%}Kso0mg>t43HO1}L= zW4!&v;!yfdnLf?P-J1Lak7?Jx1c!$>%fzD8VJR5}xy%4ZQ$=0*_kU_o-O!o7B20y+ z9{sZw$~vj{Vd9307uDa+AGz8;B*^sF(A=X`#Pqq4$TpjXWyCQvsE8Sqg${YoGx zlt7Kmd^RzBa+zkhGO^8EPqx2Wv>B=eG_*N4P3`H*BC)O$4^b61jD~`bCm*|dI-$2U zXJ>bZjAWU)yO1lMgP9^xW-};j2Wy13Y&h?Qw==uun(0$R?qXC5dTa`SlM?aGFHTEf z&lgU&inF(h5h24P!}8Q-o|ieP-eL;EhoKI#tV~SV0Q^hKs?DeO44}xmf3&pVfjTbZ zVjwQtpP1RQNy;BPPwWT_S=(}5Y&BhyL#Y(X>k2jksubsd5pVC+w0)?M<nGn`Kj`g;L{B)s5Vj?O+1Dyu2u8 z>7t^djJeAJi3-r;B#o`V{`l3t&~9Rrq+G z4vVQye3c;C>xy<4)bSd+vt1`}L>2);u%wbxPP-fkA9Uh4R58O?M12M*OphS3HQAu1oUT zaN4x4lcm)40AU9BZACV=IYS03hQTMZkMRtpg;;EEZ@Q>E8@;(L>LjD593Nw}K8Q|&n;#6(YNlM!bs@1dT)?f4ThPvS7NkNMGo$*pHH&v+O;y6=tSjtMx|{lNjO?558fCvHvqklL z-7LoC9PCeMUgr%Ie2D)yHppF7xp7nd)4f@Vap2xg9oCjL;0Z&b55j6a9nolYwD4SF zE!EbW;ISQ=*Zi|s5f0tCsI4E9+XlS4J$Ci>xaieI6Nt^4MQlAKZ`|?|>DstiiT9v( zXZAPWb;f|UyzNxrs`#6JF`Vh!S|YH1Mjb5opB%>V0dMg&xSyG>4qt51h$XyA%a!_f zRX7_cwL3QEd=ljTT(NtEItE0U>!;-F@%UwW*wJ;H#Mwi^!q=~wL#j7V){>sRB{*n8r^{&ofHbq(g}`ZgpjCIARBps9O3}xiJEpRa~4x zbJChoq2K!6N8coft!~}xw7HM>S54nXfOIuRIZx=y0p5x9#-)EhU!m#ohUehNjzDZt zf6OHg4ywPXN`&#L^+y>znr7223)1;$n{{%q${d-!@@nz2jllbS&lKD1$gVgx#C)0Z zAm_T&fpO|OWra8fVp*NJG8?Ij{PP%=h8(_4w>Nf``ugEC)}i_qvidY zlGSrQgnbDb?=ahDXL^j(*1-Il4Ij{SiuX8`z~`*2{MA*^DL0{rq|o%hMe?_ARNazC zqe`&__=uJrQQt$$)8i=T?Ich)-lEoq;9RYLj$L@A^6#_VV{sG*8GKzLLg-^6uXWnY z4E2}|i&~0F>-+rarmNp%u$@VGl!1X^^x$C&VgHKAd;gt}#q9FhW~hv|nQ;FqhcUIO z;G?WqJwQLiFm}24u6`dovR$L9Hu3iY_jt~CF8@nYPp?h=o(KIbjHpF(CVtLySHfAL zP{)(l`|6B$P!=?>i5zs8>6vM_EgiA7lqtyXc~t=m+x7j+DSWm~2-qg|wagi<{A95~ zyte_{kny4?bbX=InyBcY69AK}zSPYnoELrm@a^q-#tNe6($aTsXUBcT2Hd^-Lpk*$ z0=vHVIp5YS?Uu1r-gl%~hdcW7hvislP&9~%)B@-Rm-Fo#+H0(kGr5;<2uBxRP$XFv zv{GkXQ6a%7anNKxb7$H^bnn|?(Vu%Tj@j(poKwZ{Am9+>H`l~boMeFH%mqGJH6A?Z zQs@J@#_+zrf7>3VIf+z#S0&eHZBbtTTSwn#8$Wd z)54}kfGs_UB`_1!Uoh3vqcw(atyfNHH;a!|o_iUcy7$Zvwu*0yZxIQKdy{Omd|vPF++`v zNC3qnrN>okM6KLuZiN#u+G7j15xpV19DX;BNrhse+pWr07h0Z5P#!6E+?vD-*0ZTH2_{$h4jKv4VjL zQh%uBu3n0lW-v5MjE(fKBPLz4Z>* za&WwV8~WvmhBm@}i{_W9;3*jmC_6=lRqJ(!07Ld%gz^7sn)KTM8W>RDM}(*JMQtVg zJ0@+PIe&ShtKBn~zBVA>$7fx6fj)yhy9WyPphvyW<;_ARzd}gr{@yUFN8CXD%U90O zml}4k(Ywr)yV8cG*d;|kBXVAYD36W~6=fU?4m}}kY~eeNTP^~-=aoXjYjGTa!ki*! z(%;{0b9-BHQHPWp7!6tW(@(lB+@Ub~?_UBk*D*l5EMHr;c`!(5t(I&rFg7+mv_Plg zlyoPPlauqDyl9isK3f%l2UYNTC840nhB!r4U3p-j;Y;hOvc7f|5f+xHbhqxIA3qq# z_VSsjb8GTv_gb~`YTRN}g{`OS15(^tz{`(JYdAn=%gaVec;yzhyI*)K-#?jmd&eR4 zT1Zx6+hvnAtq7YTa=uRPqT?MIUKUjn{m|ua--_G2N7F4fMc~_G>d-_CruyP5n|_)Z zq-k==W-oeBb$_zno#osxlwFKC+qWfL0ckF1G} zpb*>9vc1x|r&mcmqW<`4H+WaoC5eJ&(S$c58L078lN=`g0R^8|2cZEe&P1^=^@L-E zHHvskn7o~2v@MN4T2wL#U4Z8HTFmEG9mZ78%F@%9AC7&Yx{VhCz&$s|lB5~_5Ofxb zeg7^ogCDs&43CXL!kg0I0o^2kEV@cQu)pM+csmVHYDUW>_Lh;ivh(!da@Zfa`$^xf zblx6jVdtE16j@vr)Q!wrLL%RYGDhk7+$-mYEc-{XwyRr}ez|kK)(ET>JjkEl09wn* zZ@)7_4NuE!xg8;YWP<{=+or1gldUOxle-2ot0$9tz&$RMymf8*rk*sA9)L z;>&z|Q&q#5NMUHw8uwEMs&N*b_hhX%MGU~yyOF9Ww$#N!@CbGHt^bCH{(^3v5QCZ* zQfYmEz40oKybCL+zZh%N#|Dbl2lNZ$s8{y$Ma9{#2bn6iAPs>YmL&j;t*UalNVCwG zu`a3GbZ}vB7~W(q5S3=HxL`u8y_b|4l3{OnA2>xi@mZtJiBqs{R+f;mx7?n8EF4B1 zQT7Qppdj>NuJmBzA>rqC7R&LZq8SU*z65i+Nm#52Kxfl=_&syC`t;$=L5onCBvsq<*~;yHPbzvxlv}#nM>7_9kXv^8 zJ_q0nTFyBA-h`)=eY5ejShIj_34X)TDJrv;dMhI8OnxR|z-aGi z?rKjYm~h7pu*5X&?qLDYei5-nMIl|%A8%QzUOnm5$MfBO;Y~b zTsKd4$lySCIY*AU;E!SSh?G>m#fDi}ebCY|LUj_b!zzgNF6UB&7*cHCXIUJLQn|*T z3#C-3tNF0uq2cVML@Tl3FLyKo+=bphvUCsDpsd-ZT)=eoN>LJnfY9Ouz&>Nmf51RU z{6O~{jAC#pyKw2TdGme4;Yr}C6~fD&DP@k2J|OvjV4;UKz-x$Rsw7SR!D~itzlIkP zuqu;gv5J!aBC)R)R`yYr8{_U&y8VO}l(*!3^+7%~N7knl7&I=u2Wbh?pFlkZt=)#o z6b3^1TCqn*72_uC1~vUSt5m!U0h6krY` zAN`xHBL7+0cCl}H5so&~HSvwJr9+!PnA64Vf9h1&i4^G|H2DVv$jF`qQ~|&bNwUi( z*J;cax&9VBL6iPL*y`?bJurl3cZTORAh!@yQ)CT%Cg?hHdZ@=_s%o#VQ}6ZyaN7-P zJYJOXxtEhvhp0P7CfJ2UL}b8N)CQ+alf{^ry0S;EJ|<~ZTj#J(*nTpYnr#$u{$O7z zXSz1xsG2GVo~G!S+3RlpZj9aQNF8dtg`b;)kkU~~@_~k!3?eCYepB0s9nk>FKG)TYt)~{a%0$24s%IfNWCJttxfj%yT{?WG5Fcd7f*#EAV5#ex_1m7xl@N4`|!Uo#u> z)CwS?5qqvfuY5%XSoDEO=W_DDAv6eS`H(frqI9MoXR?cns~emk3f`vCmxd4>$bFDs zQLn?xkvBbref=R=qICXZDt8U#=+vUNic`QbHr@XRyfem>&TcfqS(W#?>06cvh@?3` zxQhYJ1Bb{>(y2G)Q5aQ5`KtEvECpq+mMPVCsZak?*#b6ol-Dm%^Q64>&6DgQ+@dO$iU^& z?F=6%M@z33(B_)*0reP&vErxsk z*flP8EW?$lvWtlQNhJX4e}$p|^&IY-RH~$mmp8|*hGpbgm4R8#ljy2&&1nJkNsG($ z(jsVCeK_KZ;X2 zEV+|#0(>{do|bfE6B^3&p?Bfo)FvEAz+T}%0v4HgNkDKro8sn1)a!#DVL<27%6{fF zy~4J{vR|JacqZ2l#zVyi@K?wtS)cIz7kzQ(|>vK6?awRh!J^|h(q zGmH%s+ka>xgin4VBifRVD(hwjlp?Am;WP9bMF)oNbxVu!?$J^4?O;upx+TI7tL@vY zwvvHNIDT8?V!TIKq-XYcl#n}ChvsJzEFzeZ|l42Z9`vnHgz7a|%%C^}PW(y~$m(ETuN+%0X@{4R0J5CqT%fk|16TbV#lqdq9$SGf41L7ple#+fvyU67M%&HdLQ_T$ZfkJ9)bnd(IWg?@^ z%%zrB0eWWXv2^X@54Rm`+O;n{b#&j6YLaR+;XU6b%MukV z{J@GuR2i6|_W3&);DRt|#`z0*!J|jaTtVQGSJ?-*Xx#rsML(3{>NL1Fxj4c?;$1=3 zdmv{y^0-A`GULA-5q;_G_5-Re-#^&9CIr4-k;Vz66oriBSGi6_&Tu|W>WCD|DFB2_vx6v`e-O~0d2`ylgS(LUy#3k>?X z{6?2yYTAN6h{#ouu!E|D8{asS(NR9qB2?1ke#>JhqZXdC-&farZorvGile4)0E4ir zpM4S}kY&W%KhJ~LhE;7(mYj-I)oLYKA=9diR7C=Q_~)X*y%cav6*_R8fbdv~Xdn&T z(yC#VC_{y|oJ$xCZc#HENLq4#ih!(S>rjSN1| zol4U~XseuFxsp$HFVXJnokXaGtj7F`f?a!7!T^@2;{Vb07En=cZR58hN{OT(9STTG zcStu%H_|yET>>I4B`w|EH8iMncMjc+bi=nf=RD8xeg5lP%jFt$n7QwL?|t?4yEJU< zjku^dSwY#~M%Y;YKRhE462t-;>L#xWo%UW~$lMFX$Ys9@!5^xK0i1^4k{}k_33(v7 zn?CheMF%rl@D24z`iSd~OPwvR>{LQy*a-*o{0MZTMo8sUs{YJXZ38 z3r~u-V63pYuHieqfq;}L0fB7o)Mm`V_Ydwk({TWpi2mCM6qQ}tZj-X3Bl5xxQ$_H% z`t{Xcw530*hc`HHOY%K38ES|S@@L$ubh01HhU{2sDq1@gH@sp^XoD_U2E}^p{QmIh zFHQGXd=nlU+{~kVuJEV#{|5gIXy~uo-ERa$!sXrHGgMO%w{BEb@-^PP5@@`+o|+Y( z-RZtp!F)T;7J0&V&SJV5N2_lfb3%-AqBuPQuv*YOR;XxbzL2bmD2lw0f1m4?{8Dvr zX~aC*UyO{d^tn^?w|B|y?>xUaqTi!H|EjqdKz#b_+3-H`Cm(jJ85vNBWDhHv&v{NO zXM_;;QJ@EY@$ZyX@O{PGK_^ht=eS<3jup@KBn(A3vnZ&h5g{jWrY!_5FEd7A9R{?# z$>b@_P2?3w4o5G73N_(tE?KCcgxJ`H`tO!$dHcx?=$9mDm+8uwc4T@CC>7cX8s7_P zI#xgo%7S_+qdJ5%@lxJC1S>6YztXx1Wcuj8RpH_zch?|S=SD;sohpfz8D@(}R4~BO z^EWf^hr*m<-&61y6PTz);XO0KSsRRaOz{!wAc0Qs&nGUz(wr*ZCFOSeZexH?;@6%S|x0Dq-BKU**gJwuh(cnV`wEkQ2{NyC#eBu8RRX| zFw0jw4I;l=au7YRxME07Ma0FqpLb|5(BF*_ORA?wRiWcdbRWN6MjccOZT0;3%l}#E zvwN$-4e}*G@B=eEe*AQ99W=bPh@Oq&ZHT*?F-AFw3=@F?hQAiZ>}k)7AgfQJ1lHly z(MG%!Ap1-1k|^5RxaHrWA@YtEW+^Uj$x)f;hi^#(vG0<22I;(#q1W+{L>`)>tlb5-+!P% z0huv+DOD;GWYuV?Fc^DvhW%FsLZIpRp~BI*0iE$L&8vc1sL?g8<`%|~wDWhPPonw| zQ}fjncF^(L5}fh&$NK&9+R1(aCOBoM)O|6reFZfX(lQbYHFI@SPG+jRsGg&tFui1_f=exG?+ z%*}RFLp0CIBOwW7d!%1O0@E+De0K~rH_ERHM`!1T`rvdNp?u?=H)OE57i=al(Ibl(}dk> zh%VkB`cM&P{8QAB(&gQN-G>at)HcP7JZ*I3J>Dtk$a-FofWA>7W0SfUGm?CSwTVjC zSWTSMX1{VjZ3$K;$g}ygy)dYMF;RqYx$xzlE9(9x%SISEQ>$I}ur*Y$do0C{DQMQR zS)J!<*kff$x`+v!F}_f7sdhBexqG1RyL}?nU27f$cYlrG-duUCV0D`kWLs`@ zb_LeGloZ-CsP=YeheR|;9iCPWx|ApoM}9+T1D%C#lPVME8HM32va9@RopKaor`P25 zPr7JncXWny-N7JFLqOxl1|W-CA8cf#j+{BukRts65fZ}j;Ggb~Y}$vb_B{;M8N4@(uhHx~KOo%cy4Ur* z`ku1)+Fz?!;)yQn*>u;l)*1q|{=dtq{<}LLJhaBTw@a#7-rkVDX++|*t8@?%Ygb&! zTGPYR#ak_Vev7AU1!3-7vj0UQJ~m}p5n7b^!USmv&r4{kkv&TH!}#e`VydQBM$xk; zIB$Op{AqJsx(L7gg#KM0ZrIw)$}EST=TyU*gN%NAbv+l1>!>?HNamNlhC z^QlA-E|(Rl-BKjRKB(jE4JV<d%F#|f@zLSaVS5c4v-Q$&b zE*^^KM9Tq7$K$H}B$?-$*SYt=@{ebN{+sq*Xeir}sr|1w`R}{Fe)22#uYl z$fEE-TPS2dy{P_~g0iePv&#@kMk2&yZ3xa03hE<9_J92$CqI8q0Yx_B1Ncw>F&BU} z^S^(7DBXKjG_RNONf+F~^|_`n72j7u;R6w?z3iI-6lOcsn{H@1NWcNi^z7)Io_#sR z*FYR9m_DevDKTawY^FRrwYNVVjM=@)E6*Pj7Li3RNXG7szuKxYdiXf1^!NB+ktum7+{P)g3r`-Fr z^7zPle-{4y`~P5-ekk3S$I_TBYmhGR-7iZRy*W_0-wDC8P<5c102?|O16|KTQJM!b zS!tm~1#1KT4`6E}BjfW7z@(Qf>jRS@VZqCmJQZ(Z<;8wjvf zOpZh0-)mX2(kF6&uD&(5*{<=^X%QTgdo!Xw_!&u2*3fbWyT6E!Kj_GYF(h&%ELd82 zKcW5CHC{NnuYMw4|BV2$ZZ_VM#lZXCl{d0EePxuPo5+z z)B@vCKO^Hc4~y^8vc7$E{Ado(u%(Tu^Y_p&;+)^5?;@GpiYS+>Lbj)EVg}NFlJ#fF zBKc!28BkNvMgz~>9)U|h*C`bNr?1$ke11~S5hE_q`ZDQ*Y8nB-%zf#|EaL2{qO5+E z1xMs^PGwSX7ruT)(CmuyvK89;l9nkCj+^e?gRyZAMIIiJb`enpFk!3;>ZI^Dbx+Y! zCQ3UK($KtQnq(U!Bl|Vydgf^hlfemrW1^38q}q&Cb)HPuE8G#c&UPDfx=+T3a#Mzz@RPyxFpsl~EP!{h&j(f@n428|J&8$O9Up-ZkhrXNZUm6hHT6Mk~)SFx)Mp~eO^k$;!HK7f-28EMFf`l8Ig z0_wl2>+ct)EI@5SSY$)KLT%yt$SUdes=H98T$HpGrEQpoy1A;&oSDbWtgI=#?=D3OMeeWqaKWM@2&F9aU8gEs*5`AyZS1JSg4+Mk}Sb z$u*g5R$g9SqbzJ*eyCe^W4=E_-s_?Lp)h_B1If7?{`2a;SO32+2K|7#fcX)SC|fJT zH_%rW71WDxU5G|SYD%2!%#D+g2m3;q%*~wSzxWJ}N3w?FB5G-a>($Y|eN6#NR;17DZIqd1L=M-UWjO#2%Q3*xxTOD_R z^N~wXKm7#ZaozL!Q+-586>BLP9DM@N?ez6G=zNH*xDQtidqOW@jzos4lYU5iAx2m4 z!47^#G`V27T|lm>*f4BDLtl_Odo?w6`jiKD=s7LR1#>hpfsujbkBlk(Q*EB#?+Eu2 zS#*rQOq|aI@SsFAH#1YI?=mC+@oWmO*GdT^_J8%gUA6f$_$QxTS z+7z0}F_rp@Y723jq>QO4DAvVA;PLoP-v|iIO>5-m<|_SK_(&{#cy{I_Ah80@&)|Jm zBRdk79Gn-sY-&@}&o0M~u3~le z_NGVX$VJK^@8OWhgQOz%i^=O}Mst|cI(7DewueE~2}x_MHgffWl~7^B7i~_PGHGOQ zr(eaM@ljXO)6k?32 zyV%2$ES;tu%b$lAaZa5|$y(YN(-u}K_e1MXiLw+;7}eN{x~3e@2b)IuNq^7~S^s&} zT6}PhKG1R{uMG9I(~%%4n%tVoVXX|gp+)SjB<-t&n}$)gVVFJZ@@&ZQ*L?i$K1Mcw z91I*8CZdxB@7M@v9Dhi*g$pOeR$B;A!-v)Toq|EJ5$gzb#(En;?OX1O?nS! zS%)Wom4$F@?0pE~1O;vN_k0WUKD<}SC_8sSLywDbSn+}P4(35(2Cs>xug2iX5kS1XnW1&a&o`E&fZmO$ddGL@VQ8w;^-M#Iu4tajh6CJ>1eKK9&JLTSy z!gy>%G*cl9wgAR7H%uaAeH}MiJ-`#pGR+hAd3hkeT-Dd8+As7&21h*}`Z|;)X8EM8 zD8?5$jSxXD2TsjOP+I$z)a`HoyL1#>hTQ$sJVmMzFho`+iM#y8 z)Q6sK+U)YfcB5yaA2z8wo_nWn)~??s0BS%6@y_*1m$>Ol=OQ+Crpvp`9>FJxhpa-5 z7nWTny|~rg`9ZHdpT@CY^hfM7fD08oGjuKHVs#;Xy`-!=E0@xf#T_!J;$cDHJKglW zO2#;M5OFFCZTX$4+w&H2-Ep4ZL-(w+uIB*XSPG5=j~2xQbT0M;X9}Df2dEr)DAI*y z>uv>%+w^IG<0xyPYBB&$lDfVu518gx2&~QQHluwya3Uj5N4sx^?L^;YF+i zLE7xo2EZ||euIlyDFl0vyffG2o_a~8Zq{L>jWr!pHpo5#a-qJ?vazX*7UYXls^C2H z5f~X*ZS=60|6WNxHWGcRrlKO3Gmw}er8D-f+1KBfopUOi;=p7kTtdh*%bGa$&@hY0 zEo|5fp&$Cv@ATzGvb}>{4&%0Y+@6*RxK%lixrXtnra}$_rfvZIdnr_$mBF};U!AS> z*M=l|!%&d5SnF>3l($161?#fhmAs!w*c1gQF((hFm(xlpFlTVx*MzDA5%ES>bc;E~d5#$2QD{@Zno;PN_ z555s}0shv*fuC96$$efH!@MlF`oU5&3hu(2TwAUw9&ks!{WyRA_53v5r`9m1(-~ov zj_lk3z<+CAT5FaUNjf9^X8Nr$~#vILDp;I}BX7N)saz1od z=Odd4wL_7boMnq09?<@v7zJER{6tG(vk%RzTO%*KAi}soy(LRtAgB)v(Y>3FO-r#D zSrZs>ULb3YC)(=9u2e3NE85fpvled{wi({SCNdZ;5`yaY?@@?vuO_ZsbyWzs+KsAM zd8@;k3fI-P?1XexevyHx8!L~yg**eTC7UAKRU<|S)1?e;VY9vG)x;k@c}NU z;JgkTj;^f%`3UUgqSYk#0IY@*h6YR#nq3xW^m-CQ0rAlcVbZFqs@+*8%l~k}KG51W=Mw!g`n_#B20E=96ic z+pr3@QSmVJBy1)+HLiGOF?e{ymb9AJTeX`K9F@Bizt#3hc&Tzy&Rbcl&0uGu@v}-@ zsU_jb0cTA_mU-gVXYaS#3^s++b-80ay=Ac1lcaz?Y-u=k91KL5@52`cBJ7%>BBlIUcvHM#jePwX_KN?q({0?n{q> zvs@wWU-9#0#hjFux;;v4w`v^L%=x_z@VAa0xS@TOgpNxU>kG3qc zv!Q$)m3p%v2zJ+ zC-6xsIzU$J`QC0s!H6e~9joH+d8BJbB`%~%t#}w|OHYLiyZe;qe9qm}i5>46&4fC2 z&BbuDE`3?fMfVk0PFWvu@>-oXMZz)kwmzLS(_VB1jmolTIMdMNzm61z{$)PZ_bxv; zOfkFWE_HvvGwle5J(&iL5QX%xm&S0jAxkmn6lTp_lXrK~mebEw{cKMcL`Wg&IVudR zOeyhmv{-<+uSGir>mLZ#VRG5kUu?%jjc0jymV9Pk#%Md^-5zbFj{t= zKXCG;n4p|N*n?IKxn~vxtC$iHV&^u!F1OX2R<{ma4}a8+)s*F@FEdAQhT>Jh#^`PCAa8 ztESz?%M)qEt!C^{xj4U0ypO+zUQOD$5u`9)@OSpnW+u6Xy?d({_*lrMJY>P6C)Fcw zl(y)Eb4o)g0xdI1N~*_fzzfTsn{T9hiv7*IRwxpyp&+9U>X7SW@!BS8clD7Q!>x?X zWm8_qPr7W$CKdw=8r}omw?}~RPH*t{-r+yfURdD&$gM&!Pm43=^e%>bpwGUCANR5x zXNQQGvnhqX_EHBNb+(*+b&h?m3=ibH{EyBt22Zk`lS0Sd>d?rSj01eNV!e9vwDod! zWzcOkfIp+^Ww^x)U;$AO&s&P}PxNAr^qr=r^wlX5z-`=paonHl@J7tS?(L`ae)25! z;>aqKO!&!rQ`6kBh0ia=H8<@Ub#IXXlp~Bmr$NGrUQ5vX32J3+W@utULaaEg$|o^R z=&i&$OTQw>pr#0X77HPiTc!%mk|W~TB4%Lw*4f{m<`mN;uC6{s(@(J8zrC1H;;9*BGE&EvAwxnl9HqE zyH^n;4-T}=hP0jD#WL8a5LUYAk^B)>`YQ&~@b(8dL>^{RrU@-VFq$hN%`4THkKt#i zNS9Hm2#LLyXhReEOQtdb+z!Z!SZQZ`O+F z^bymk6)A@%nKH)C+x!87k;iG5tV@7_L1mQ%vW2}h^fDR_4$ksPG4Ax7+djD?Uw)c$ zfy#&mu|Q`JV`^t7A~DAc!3tx!obZ?8xlB*Rg^;KvD9@8+<*jp<*GNVUR}hOwet6v| zYrPcL5*`{FTI2ruMj3!U5iGN`0Hrc#pWQ0k+y9v&dzc+O0)k=+f1?twLAzGZfv85X zWTyjex$R~`)%;NZE-dj5Lf*LqdKB(hC<>H4D-?EO;C7X9!%qzl6E$3n34 z8oAMM(Xz`vwloMH3WQ}B1#;rM@B&_NAs^%0{EzD|`j>hgZ)xbD*i&C6BwCNXuX4gU zr|?h067zhbXx-6VVF09hpI>MbZ;EcY zH2CGaM2I4$X=`Z{0~d^&1hx3j;OZbq?x@Jacl;d{)S)W%ynE=n+?TcWHX2bM0=c<5 z$?70>3m|DdUiK#pK`SIgf>>O<9T`Y*jX$-$jdi}OZoZ+AO?)HAM>rA#^qWjc^T9Ls zt6e9hZa7`dM^xliNdk9b@q8A3uDO|wIzD9sx0_ttp8SzkH6G+Ad$W=Jx95r!Gs+d6 ztW-VTTrLZT8!ypbFBY1;G3^_A27<^o2O;ZlD)*`H6*;=jH}< zbaddrYRZwgmq&~UnNp(I8IczulA<6ZSLGZwk%)>qq;^G8E1QH+9%?24c=0pNt>NUcrv{3^U+x5;^M^9s_q{9y;?iGO8wP!sa#DhB}-S>HO-f> z)=c>4Bb9lP)V#b}TtCcxp&mP0^^5iUn~~2`hVgJZ;t6f~;(mt)h+}>q>*E;6ietg& zlyFsd$@;I^9ik&aLDNyc)Q?2#3%)U|F31Jn804D zXX7<~5~odsf?}lE!BV~2Q=Uz!{uoAphVY^K(tI(lK#@-DK3jD>nSn<0vnY{zx58=O zBlN`GgHNyu+CJ=qAwQGcAG|hii`CZFu7UIACHils`>4H|Hz^@{4Klop9F*sjFzpw) zbU4I267o98((T>As0fO`o2pQ>M>;R=P&)(5c#Cq zAKFuXV^3tLx_nYc_YPPs-;sp2+1h^FBy9LIbo-y7V~KxnJxg>>kLy=AduN{H7`@%3 zUNubtb`Uq6OR*UJsJEy##^LmIbWyk41D;A~@iKdF0JNvAXm!dYB?B~F6d+)gj~a-m zaXx;6kbg*9ke}8hb>vJqx(XW>P@?PN{%dd;c%{E-iPqMT4ZjS zniWY@S|L*~H>bIQ4G^oML1o~y6`wjk{!anYeolkMOTy+Q zR+=ed7)R$8SL`;UqLES7rKa}n9NJRz?0R2knIn%CoFTo00=*A88BrrSQB)4>H1eZC>)G!D*lg{SLnqDMY3t=0Jab|Ghd z8-OnCP-!bc#R>-lG2Wh)zP7tQXHsD>GZ`5ef>|>v%0U&rd43kCKk-u_4H7nz5!KH( z?$DwJco*wt_a@BexY0`Ai690B>83C!!~ zVxAz@HP$8-&BYTCm6hi!b} zQ$kzcu#7%HQR;8Am{dQDR-H?|zWx*)9gx;mtHP;inY~Qv)1(v#Plo5$=5DbuPjLy?y*THV=-^F zNC$c0S2&~-Ej?!(z8#{_i$a;>Boi$WPNXwDmJGMkkpiz{OiWBh#)~vJ$5eHVmZPm3 zHER2lc#c}*+w41toPK{r;46Hp6|cdWv4~^d|2;?F>T52ESg0jqd&hxQ;6cnHkELx=aeY$H> z4da+wn`*@!eUxak++HfZE1%24$niP>6k>7Aee#cC)J=nLjF@jco0FZ8k547`>-r)6 zWI!LMdiK#3TK+0&Mtb^2Tl00GwuM_9$wxC^FjqBCo5$1R8*|{=Z{f(yR*|k42CYuR ziJ9s?xtC15orgJh*YtsJREbZ!ymRB@&6PV$?v7lhn+#&>_U1hD2d>u&q{xl#wxI&izbym6z5N<|Mt5J!2|bNV7B{O((?X zaQT!cyEqesKy0}@?wv#U%n4nApIXH#rkWiWos?Mi9lxbOY*$8qefR-RwXu;=#iMO* zjk8@>8Y2@W8@5O!D9V0=>^?E*Ax8rr0H0f@R>Src=D3d(b1=VZO-uJ$y0mj&HN*$$flRc*+E*P}eLLsX=a*W+4k zbt~cfWXR)!T{Y6kjLA=@7qL<`upD`kcrLeRsKl&4EI{z-&JqSqiYe_>fuF&=0!FL) z>ravREts(%7J-#crg1wYHQnfj_PFe`WB(4`@u2rve%Ca4^6kd*bE#a~i7=4PAokdJ zxYZxpbSb;-0Si-gj)0P|nfq|dst8>!w1n00@hcW^v>hPJu$ahXP}6-14Gb?U?=gQ0 zIoYz_=ozyBRK7uALteT0YnV-qj)=(0^YG$&eFbOmbk;wwCR0Wg z*d1b^VpZO;T=t{caKMXNLT>wj+tcc10Bqg9h*R(@eyTu8Yhz>69db`6zjBuBMi=wY z%#zQT&76;pjLZN%0T-t`Qx#kDd5SqTB&x-H%DX*2X=K8FgMfF_byMm_C!_3o~US~Wv$K!QD zq>$ddK0s^Ews7VW!NVT3(yYFfU~D+&z|$iRS zIJlTD=QhhT>MD0--uO43p(FHLs3 z-(V=WCXD}h(7oZ<8rLCN$CS3`(Lfwag-h(qDilykRfHsIze53AoC{$!Sd-~yq%k;yk#ak&VHfG# zJP%yX58%h0cgGER!PHBR#x;3-gQHQt;(!y8Ino*4;*x%>zx4u3I*toa9*WA)r^Un^ zNp0ei-q?^oHf?uiuxS+eR=;&L5cmFhR`$t<*lL*BlFtyKw0Fh!*}QcYF!5*t3kqu1 z_-`j$=*aghF$REPYd(C8M&}`GNY-1G(J}auSpG03qo~rqrn6fF0`OH2)|=dLZHVO)n?jd818OPr6h#WJ20R<{r$s0~&UZvMc7!(e+t<1_c79m_ zEv7>PI<9f6^Q~vQbeEg*#Hw(lTyM9UfGu5VHiF~GU?qQK-4rLpEG&^C!L*vMcn;>lhyviKFh;zn2Hb#T^^EU*l z!$Dd)y3s8eJVCX(V|Q-*^8hKgr33$qG(XO`8ivYf-g(0u4UDVqav#MUx$F*N_raa0 z0yLo+T^(nywk8*sQQujiWY0Z;3$J&`Rm(4c--)Yx%_6XXXH4-ThF5nr>xN(bAdcq9 zM8N%vaetz*vI*$kIJSBEhn~JK$waxoN?#Shr(*E=>MJyIRo0B|VKlTfW>4zf!Qp7c z?xF43;2_3N-B%a9oZhykJ}`jeX`gE$pWYnF&SgSq9E7TtBsXC8lj93m1@qJ5@MvZ8 zxt$&4^X?BO^IeVBw9Ps(Dlt@KN1K5Z%?C$b?T=UV-Fhkli)zdz`T6=2!}6Q-I9*>q zE*s+vf2GZLcVDtTEqNhaB&GCD5Wt-Ey8JmsTA;#hXKomxAFyHKO#dF&5&hlCl zhkK^lR)*{k2Y!Kj^je_#^FULfNYO4#6FGt+B||)ncCkc82xkHYvucixP#n&!Y#5d@ zg_U@E#~-oJ2wd*f@2dx2 ze$~J;UF+REUWp7Vjnwwpv^}8-ZC$$7R9BXa9;>3`&P#n3zNmvW9gkd6T&(vHQp}Cb z1TAvpaoq7)dL`Gjgna!5rMm4#g&ofmlL;Cu-sNLwBZ|WW-Msx~7h3U6b(q5@K@#si zjKwj_Djw0RNgwnp=8vc8%sC0c6V++b3{K%_`55R$d;FzYZe zq$tnV7JB@Mx=FL4Z{AjZFrqFxCT93xxnmOyExl)!OP-K%+j)XMZ;~8{{;ZjCjs=HwZZ&A;Zyi&N-r3Wa(~*3RH?RT5 z;G$t|T6?jeGvE^FxJj0RNLXhwIJ^0p)(O za3bNhzK2THj4>b)d)C`&kk3R>cQD-QaYM^ z@3va>X^n*+ps@ANGL_F^_a(aG_;7lhuf8Qk3tKle1~;ASvpMLcE%62Ir*l;hBz-u+ z)vfs^X?<`}pz0}%LAL?mQ5QSqt^|(}5W;m#d7>Yuq47;_I2Q~^x0dzH-F%z#Sl322 zc)J6%Z@W+zPp?&mM%wPePw%MC!+1U6jhRP;0ft3UUz^E;=e&YZ&*e4{f^GviPd6 zxRaXj$XvqOry#hozyF=s)-EehN&2K64 z0*9Ga81dZGt&(yo%3HJbIZGgHwx@2m`o)q_eo;wXy~}7n zGixW}Q^eznM^BD35cZn=iN2J)kF|*`|K=Qtj~j8`9!ez39LF2}c&=QM*f#8XIg3In z@#R^-jJ2>IYaMw37SXl558r*VbEC}Q`1XnR_ z+hn{!ui1j%0sqqYVtn$XYHP?)1|AoGo8NE=?_wC69YEx`QOPb0UdfLPm9M|DH#|&&s$Pl zK9Z#rH#)-K9Bz8%eE%*NQ)|&*EmLFLx{25DbVX6XQv=Cyd8yUxR9y-yN1ganUQt0- ziol8Vbp73fu0x;Zn_Wg1u3t9hf?4_b@g6q`0)xfcZn-hBs|l^442KVLY(~a>5op;h zuamoby2l>H0xYc=ew#GKlk!p(uIbx#JNsmk{*zS%m4Vv>j`8$GT8D5WxRkq|`PUp& zu?WsqOBCd|2bdlWGT*X`LBM~Ba%6O#N_!_Hx~|;hTXA69mV!&mtbKvoASrRe+wXI% zHRH2tCllLYvU=ZjQJ0ufOe{J!G`#KIEiVn+!^JjLb~6WlBpGOHgLI8!oub27o0acR z(%GCX{pSsPA;!f)7z8=flB&-$EJC`+a{##OtAV4{N!&4>IVcpvbuwV9n+qsnw{LN$ z+Rh#rc&(CQ-%uWv}>qqYSGM4 z-e6`d$Il}_{!VD3e-xz6aD-Z#_}OpDZjm#NDMv+9j7Gv79N50L!8YZ_lyU2ovrvcK z^BGirCd_j>Ui;X>-`rl&OG!|Nrgs*0l_3$rP%)ReVJyQEn8=x)nlKf?% z4>aO*qXn(>a}<$C)eWDl2l=Ess7%`FRgrR{tBGzaJJZ6LzNE&;%Iq@dTB5r`uTOH6 zmtyTGo)0gJoY3{u1OAMag#Yn32ri^=n-QTodMs3Hir~aDAuG`|NMN4sziPkADRc>t&*Yy=(_FFPXi`%7w7md-|C@;1Z$<2{B4QrRJ8nAMxO+bbIe94 zN1AVTBym3bCzMP~NVZpt@Y-(-VsQ7KiMn2LttQfjHZP@Wb}Z}lqd-ayoxIkLM&Idr zJ0HJG;#_KW8LN4jmz!d=}TK=gN%cj%Jhk_N~t zkdaZ4*2<<%mDIGlBMH7xGx5j#YAGa24*DyJh|d^$pG5TGMCF(pTd|J&z|H)@f?Ku` zKgr^o6?Rblrpj6BTV5Q85t0{LAg_D5ebRCHv2e@S;fpuN(=C0#UIhEF$uPq{`gCL^HK z-~t{V{#{2X5j8cnB-c#;ipS9J#g>Z;rQl8MSe@1CtCgWVV_Bx~mZyw>GX*C!KO`bSkwg+^oc4nu8LE(|0tJhP>DsYz`6DNDe`?i9-{M^~TngRpFk_fI}61r9-wHpjrGA@DlvcH*LKM7~#6+ zdG&cab%$6w$Zz74WD;k!94d=I{8ab)ilv)Olu$Tv>WlZ6%{Y@=k`O$*BFtTywA~an zQ#by|C#V|(J-63iTg}?WDT`^q3}w~sAruH36%1$E)x@|eTW#mh;Pt(o^H~_~)E9cn zXb}O@^{WyOALbzK%r&Y8DxU4ZSh)V4%{bHV$kL!il83(iaRm>`0omH>!DKgsG)T64S`nq^&KE&x3R0^z=Gxt*HtA8e;+H}F!WYR- z@|jzxILzu4u~c0F1O)FnZWUx@xFGDO&=3X}w^=}<2ejv0|RMOPB@ zx&F5P$Z^8>>Xi?-!8q2RMCiVnmOs0+JNfSMnDXb;W08);I zl$_;4(_+FS*)%e|h*H>$ma-qpr+|4Lr!0@WB#AWnXH=6{9`p+gu!x5KoiSub{B&}H z@4A^qL03ty@{CBHf2aY>V|;NqI^ZcO?%dVlYT^sMCS92rxJC#erU&a73PqouHZ}U+ zhLyp1P}UEN*QhudH(Hm&Nh?R$@p^<{23KN!wBUWFAZ6?1|J>tj7HugBUu$DblPC)pnoHk#aN~vnIFP?Kg7T zPwsT!E=jbhx8Ic-$sS16+qtDo0OMi2b|1YC{VUHv;8U`LNJl;#O)H=X(0#o_R^<`l zoWFDgT$m?}utl8$GOg%Fqd(=V2e^jMS`k5P8xggQw8Ys#l>$bm$MFF&MZ|L|FmjTX z7>UYeu5Tf5(*GH8Id$dp{pc!H%9NgnVURi(2Wa)rb>bXW(=vDG9X;k_*&sDJB=332 z=`boQg`0L*z0EOvKf8x(=eA&ex@^RnFv!KVqNi-7*=gScmk@GNyYvFS;r{vUvxp%T zC45GNFdDADCqrR0T8;j;Aow+CQzD65>{6z!t&5$b>5mHHQ%4&KLS9VA!ogkl?HeHcQ3>(mzSZaCsrbs@W4S&E z3eKn|-wdo%3oz=^yPfysc>a_=vS+U8=AKd(*HmXeh%@mhnRyR#{hN%8*OGkbX59}$ zQ*?QBG+s|%zj+c09pC-p^ydZ!uQf2X3$F2ND-1Gw zP{MCujit(r5!ckeq-DcUf3a5EEy>Ev{7cG|$9gX07#LCSUe~uy!J4#gP#YUo*l6gf zvmT>Z>3Oxe?{tonTE5|$?q>dlMHRYU={Bb3)7a3;c2YGlub|)6baOd)b2ir}O&CUw z=kI(IQf+p1nzVHZs#g>YXk~{o14t{&>q2c&zEXcq+GDq#mLT!GMnXc6+@2~x2x)SB zb+QZdk5!UOHPzAJ;(Q&@pU5R`-FU-LbmjPnq9WCP@fVNjaOMHc@m9Y1rR~W?WiVGv zbo3B!=z71elY*lTMi-4xl5^fEs3a%oUp1OnExt}X(vTW@|K9#;xBB&3d3owbWXpj< z*5`S8dS;F)>_j|{iJ`F_=J-ceMdB0VejA6dKt zRjAMD1aFTkl)I^`zjj1^`7X}5_6jl-2BTo|;u00lJ2Oh$O3Kz#BtfQ|&*tXlqhEuWyF}}|42f*= zb_dhEw|LrHTYn#=hju^aU}6ftJl<@%$!(eu-!N&i+#WCDtu+o-^?~LyWUW@Z-Pv&4 zG4ym#sa!glb;GQ%wQdrh-vBf)xHL0=zk)@?w$A)+6<9=+Vob`yg0&Exh0SBlkUyXeSt zF{zq*(WmBn)7hNuhi~J%7Y!`b{*^ zJ=oHC{!7pIPLQNMMmgPhoFw&`cv9jL?st;`8$klixH7U$4|&-YY1f&CH|D+XCrmFY z5fK>Nzwh2L|A9%bZi(hNMT+&}hQ5&ZglX-0W9x8yYr=7GJ78j|G4+SjH04B-QwDN3 zhPF6sBH1Y?z#YV~14~df1xclxu6)yLv7|~z0G}Vvf|Nlo@!BW;T$zu-q>R-yG;nJ} zTQjSs9m+d%*v<gluZ(0c4W-Nu&4FG}yzbXZ#25HC`f0b}*M!2xiYR&xr5 z@As(ZOp2;JKFUpaSrm!llwCrWu~sy+AHKu0m%0lz)Djbzeh_L~{p`cFpzW!;NHukJ z%X@WHDvjy>C3#m#RlRpRa=s6W#NBzjQ<)(>m=QVI$6cGJwHecgl}Zbvm;@i0WGCjad#TqE8xW4u2W8p5d=7P$JoP?M|Fp4!jW{7-iOJ2o}*XG@zgj#Po+s5PFaH%aeez6 zLv~DtKi^Bm*p;Ut^Yi6L=F4Olj9Dw5UlZF7Wbi7~hc8aJ13me#1rOpUCgc^m?g+64 zwowM;*~C3y=j7HFM^7ff^!C7sZF1t`Vj6B9H-Wag7+EuZEqG(HCehG)Q)w|f@!cGF zWQt*pZ{nqxTbV=Bxm3$D@e^HjPuZ7^Jf|#c52stBV-r>=(u=|##p_#3jdQ{wo}*6C z+|{;Cp%u`uC1bu#Wde{iysI|b=qgM>^#8&2-DM(LQML_f4y-xA*+{tijP}t{%dO#< zwzP`Gp!ab+Mq+lQZ-h97!)%j;5??KZjyFRjJrgFV+CbV}ztebg`>Umm6t3M5CQM4R zOp`=ifoWFO(k4Ifv@sCz8Lq!g*%(bQ+KUv^2kAJHz8PBh=I_-A6y(2GY%iC3X-$n;R!RJX%gMV~r$d{!~P9aa&zwX!V3S*UTXji$4!YZavL&6}4TC}D<~!DMX%FNmiV zI;NsD20(Mt=dwW#MilpKWo1jH+(5Bj#c4*&_hwuMwr3kpUGf`1IhxfE{?FaZ7&gRG znpn2uYrP<-nZq~N8E=)6G8-F!R)m=0PPKAw)vsnhT&joIP0K47dPgaz3Kk7+>s9;N zE;&)>^xM808=EQ2&^B~`aRt@vGWW8K&*p%3m-uQrV3r!3^o&)Qby4!~9Jx@Q$#;7w zn{f{R^n2J)zTus3(a6R&O*)Yx;_HuTuY&PehF{?{tFh*l8~%WPG~w-v^Zj(sTin^X zlFwt~LBt8Yyz<%_Sm2W~3N>2=T1D9_5d%(b0npW6A=~m04jz%zX$vadnjF*eWlIjL z{9=Wf9G<4r5OjCy>7`Q&sC{a~&x0fR2VBcmRhM`6<(U@Ld3d%K~lfyubJxz!rlFBw3cQ2*@Nqg;S9Yc=K7Mj1Q?5nEdrwZx3iNm0UV<~Foi zUzChHx^eYOc;a}&nTJm!g%}1_RzW^<_27Ze-Kh8OBb674Q`#7?QI%&5g%7C#8fSl_ zmbY{$nf+h6_`m-BT?YJ@juf`PkmMAy9>()H7V%LoDC7(hKG=PD+Ae(9KKdaNQfME z9EX;VvPEAKGwGEXr+HYyJx3ObI89Z$$k4)b7cTFk*0}s6|4Szv_Ul2UV{bU`aWYMn zudZ5$8Bf*j3o8$lPCCkmxV}WriJq?J81=u?Hq_=I*k5^@Ety01B~p{@jaky2I97#{ z<2jCFuaP*7H%6kWssm1+huQdCdtqx|0&eQwK*tniW=2n2y#210Le6bGhM~cGj&o_z z&b*wLVJOMO(9tWq3mGB@CflrT$wWNa@?=VrQ|U{K>DFbj4)udVK$(SAIi{TY+-=ot zvC}3*cU)w*{nBubE6)&gNjvXcz-Dyd{IpLbuc9#Q+EGe!-yy2PDyqjA?PZQ3HGmd` z1+v(m5OUtOjex-566?}>8LLqiBP#%-Xc>No_uy6q|A+!M^1gkpW6qtB)fL@9=#e6Z z@j^uDwI+oGX5i)}k0->G-X5PjMm1!L`n8hI0X!rN(z8qWI=nx0hwg-geTOwDEp~2u z2_B}878`Umb=g?J&}T4@7YGg1Oq0iY#59UpAG+Ou(St z7nXzBQ9Ym2VBQAb+q8~uEC5uGb*4YANMtl-QQi4okYANb==a6>*F=fmQP|; z4Z;SCbf}}3dunxBKX7#Cb4!=q$Xee$TuCp6MR;#k(X0TUN9iG~{emB?S*$raAy(1d z9j89&N&2;_&Xe7=HGw{1C4gY>b|OOJ*lx`SbVVTFcato899%)qF$}6?hZT zV)R*}Q5s_LWsd9pX`C4@ z_vEXL&7PzPtQ%8=7T+!Sl>jU5n#l;PMHCs2QJ6>Dwn)b%dj{5y7v1NTJPw$FH>SU3fY zeeoN#`_y#rkT~t@Et$c>hmN^Ik@GqPaKgu_>~XKpAA(*cvp>-LH14Nsn)H1gs#LQ2 z_8WYhSnwK#-V~)A05b4D)Y~E?UC_G%FEV-PwQ#55>=+GNNVvr0R1fzi^M=y9JuR~q zQF5zCKmYmA5M@Oz^tJfRBm72zb=xLImx(6+#-zTwde__p!CGU?p_C}II71%+ya@E* zEf_dVP^}#~Oc8UZdnBCXLp(`&uZ?7SIF=(ZOySK z<}QyZ_I6jEagtoU3R8Kt5lu~bLlG3McivRjCS%?eib=_8lrZ^li;eB3va7twS?$Y$ z=awX)=uP7{O)@sHC$S(g*WQ;=w$97T4vpJ#no8nQ@qNr@aYk^8Hq;rsi~4+g^<+D! zuE6W{wOSV~GA+)RCDP7iZ@K&2cL@|MX@pRe-wGC&WJtf>vA@|-K)L&p+0GUe z*f-Lyjs=ecx^B&yCJPr1Zr7nas6+nA9Z$}D4r)?Vj-}()xK*dJ1g}Ye?&~*37#?_h z&vocAXz<_%kgc9){Dd8m43teaA?qcpY;Zp+r5p|z@qk_1N0DB>MUM=bOtiZmUDVVD z&Z%_j|8q`_thml>)?SY(F7t@t?{{LsQ)ld~Sk4T%X4<;8UHo6)39Gg}}?7Oc= zI>*zDwBBjJpP>K(8nvR&@&04@>2EW3(KUXHYf5C`Ms@1Z!hClZOoY*Ha1iwdIAizH7p6uebJtp;^sWs zu1QAZw6upCPj_nR3ynqD&^j%%&j>ejA=QL(iq|9Ojq6gF*!2}b9-AYnX&8;b>#YV? z(tTNl%7oiC*Ct|1?>eqU(+oc}@;ahOUeNR^6cAY(DZu5@a|-M%Z%|&ixeTfscjj4F z0Rto}JP}f0vhJnxrgO}Y7ltRaF)j82m)LYifz8Zxi9NmO!T9DxjYRM}voMg>348s` zIV;Po!h4xp{u%3xC*_P(6sw9_j&|9{@1VWqf^cm9h`Vha{4rO(&CTS#Zj+0h%psw{ z*)6tZYm?UWuB5Kxpy^rSl%-I=fh$)U)UF1lUx=sevN2h-<}~~9=HAIM9qFf_jE(3# z^*jkD)-@7pTM5g8rp~jnTj@pmnmu!kgfnmegBVILyAM_saX}!lCbiNJ&uu4vG$>oz zc)$8~YTBCf{Xl4&?U`*Hx4|!D=+LYocfzSM$mehqtzuVS6D_sCDUB=(R-gKK@h4kA zJZ!QW1uDd8Ud?flJdg4NsSuN;VtjbliiSt_CGh5K{E~mH{6`8IsJDRN3NWM%Mu znXFx#8>oAKc1Ps=L`Bekj=ZC>y5lOH;7SNhv01;f@QGVnM6&h6R!$eMxBhv@#|mDy zZ}c8paSOEt-3q^2xKgE_(^vYUTP@;dl9 z=(JdV6zlGBnOQ79;S%zK;K_+we)RL7N){nn8h<>*6l44WNyAOs?}t{z!D! z{DryeH^v{op?g}_Kb#k3B}@P}#rG&dZv)S;1s#eczvw zF_8zp2&{pG%9%ls1P|D`a{h&OC%f?aNH9-dy*!eXKciVUBn z?^B(6XpCrTjgcu&)v@k0@P(VcL$)+HuSd$?@g52eD=z zWc+!rhiW%svI~@T#X|0N4I=IXmOK_3AXx=F1!X41>Q)XBg(Un|b8aqOl`c}FOTpeG z)d|>u0>}Adt(&PymU3ZLz}~i(>yGjAHv1L)D+}8-7b+z^WS^6?I!7#R$4I}pJXC3R z`sgP2^zIbT426NQ(5^t{0|tJ0l-ZUU*}x45$u~``%1UP-@THiwNJwHzti2KP)uM6wXz!i z)vM3zjo;}257ro{;_&ff5{LTeG?%}UaHGDP5h$OMAA#pk@Z;i$6eY6rqdX&V*vscv z?|atN8267!(O2Z*x(ct{BvvZcqCKvD{ts?!KN6F+L{8LIj%X#R73Al;Wb?X|=f@)jVM&hbuA4!X2J;UQ@W)z=rtG{PaUo7RphT<)uTyH#UBS|yRD zX-SyG9&=aki)BE~ri3ov#)=`Lv*nUqdv#1uVOG!Zb;@$mw^ap)>A2$Jl#H|YK@vsl zvG&;px0OxQ&it{*+YUq9H%+@WyD9HJ?Kbv=@0Ts@9VuE!A|ZR96B+xZ@haxe)b1SK z`jEjC^JYr5a?$mUP}Ljcrf@r%XkjuetK^>3Q{uI^?`ECOzo^zoTY(cJTPd+SE~rM% z)|MM+OL36Jkg+O%Yst7(k2QxQucD$ohYkz7x@c(A804Bs%*0)}v$NCr6T-z6&dTDf zt$YAriuz+QnZ+;;qS|aYNU~^yDO~JwHKisfb=?NaZ9||c>D)>ns(cgA1xfLh3-UV{ zyx^Y=>fMm5h0j_3VC(%!3cY|=K@9*#WPG-?R0+xR+ZFJRHyilyN4l&k_;9+`1-bO1 zLfZ-_6z+yroqSCXrdHCaZ>}!EKzKd3QTCGmsG{i0r&7#|(Y+C&Otm09W}KzLmV8M) zax=+T(B&!a>C-x~V1Ptwj_Jicdp3QoeT}#|nQ*{IU632JqzOiWG=lpqu-vzj=Jtmx zbTDGKSMaAT7eVgTxxpX$4s=}b5jm@V5nI1|nNGwfzJ9YW_b!?Nevdf zuypk)>FM)@puTSL)+pV&fG)BoefukRGmk}muSJN>=99hYQ{k`M6guX7K$ckuxlTUj?n#sP;j_*zo?(h*nXk{9hnwu!30IN_VZ}(efh7l=X~q|QNShu; z@UU}A3w;-%CR#!-$LA)hQkfqBA^aa{#4q4h`ORPQ{v$Q~`)yhem=$CXzk6cI-IvJX z87wX-OV1zes>dKfRAIAB&wl65lYoYSF$0Cj#||P{+1b@Z7qr3o-C(VVfpGpM=FOHQ2}n`tyY&1 z2RFiNVzbsHxp_6RREXW&H&QWMFs9p)=D6q;qPLx|Mp5-GZv};N{92KLKgu&ArIO$h zC={d!l?1O8M`Mb7z}cFsU1E6JFffhEuW@R`OCum4SdCJ7oGwG}E?KiQWB&{LzZSRa zxb)%mc8SA8!#Q@cvIQ&j?D3H8oL180qm|^k))E#dt;QO2cX|k?Ui=GUskq_=^h*`JF5*Ed3v(T>HDJhjcVp&tfpH zlvgmwK?3dapw>9NYLHmD=z;4}s-(Q}L2|YD>@vHBflF4b&&QNYZF#xXl7StOpTu8a z^nDg#>tnrjO_h4-K+tpZ4j*4M>tH7Pz&cmeq&NWjM_ZTUKZ96mqRCgJ;dHmF!eLQ9 zzp(JOI}a06K!Sv&%{A0n^?FEDQ7^0h%P$?l238k@uHxe2sFJ9Ne+0Yq?;D#H_NQd5 zh(T#Z2u?|__Da-vXjd%NR%F&v1B$NC{ubl10tA2ywR_AS+gC99at&1Rdk<+^^Hs(e zgp7>$44#n}sCw*4t@+61hMrt)c>6-N?s}HzEf(#);kJAc7yg;0>fSqAu0x3#L`qy4 z{3EToz0%Hri5fS!?>xY8qE>jU6K2dWKeoKw)rJY(4zqrJ_4K>-!G!fCh0Qq_Cs&?9 z*xG39+T2mChl*uEq^2)yxLBKa3iD@6%%{GaRb|(%tY?eZ=Gw@~;TP%bJoIj~=1+Yd z55Q4gE`7JUGgAhU(JHhV5JAZf>(;+QOql+I8)VFxy62t0h4pJO)S11ntgO_JW7;o~ zFnxe2Y`xhm7RyRa3!ko!iRJc8wYK2_{nD=hJ%9-5uhp9k2u7{>* zeh_mLu1TJI**AX8jeuQ6Z;UyZn_9;#_chqqOJvrDW#WiDE!?}@K;OnFqZV-awDMhx z2f-{IDCbS+8&FID)j#d6N>x>$!Dw4Pny6}UV~EEf-{Rh?RDPXPFoy9hrixD|>=hCs zFVBV8pI<&DB~9lm1MO44wVeW0Mlx73qr@ zEU`}2soW@}mQQGxg~D=}TY6QAJu_YzGe@@BclFu7U>T_NL2@>anjYu;SE7bC6fli{@hs|565qf>f>8#8^e;>jVA~ zoD#RNGFhAw4{=S#Xjn$7dez}k|RDz{jj zYYnxfm?<_80{Mjxh7BI7+tUqJKfZn4cqbBY`RaAhI}v1%<~7rcMu$D){;LJ>jfa~p z$KWJV^|%J+Nb{bZnF(!5i8@$~SKLJ7=2n>ze!bvQO-MxavV9c$O35Fm8aD6@lKoz( z|32XV6ypW2(~2GMiC7}UU9bspv!A2N<|>GL;n0a@FtD{|hR&WF|G>O2)wnB>6?&=PzANXuA)yr$Ff zcPl}k(+4rp(RWB~t*r7|`I&S!2eSyAx2Hioza|Nya`m|ho8p?+E&OAnNauB}T_ng6 zz%U{w7QBc;@h8eid;^`~Bx#>bNkeq$5m3Fg3<`pw zQ1g(Eh>3zT61=EmbunW_Z$Xk^XbDrBl7Vl3AUB(PkvGOPEjou&(Ujl}Hlyh5IOwiX^xn_&7QMh+7PWc71+jl<=Tt<9_bunm zEMue)9u&t<;P+_KVlXarjKJOeKa2eTwx7RV6k{r@D6Fe5V|ztnto;~E5FS`!R^Xw) zZ?Gnf9N@hN-@T~W*$jcOgosN7lnCNAly90*qA3NRBMD8$rY<(9=Q5lRU6C*-YTufw zvuX~&ahhwvUqh9%HhlX;z~_DJbcM*49s*#f54;w={qL9+R$8fyGKuH}fyWWLa(=db zu3z--NYEa^#m<&N=NU10L{I}shN;)KsoPO8?0-<5HZ z*X?Cfk|t(9V&AHHW50X4Y%e4EwX zMGuPDAo!*b`dHOX2M<({M&W!29xgV>ASmE)?(FN!(KhmqIXhhzQFnK*=>#WYue_I# zjG00 zeRe$7G&o*n(lb_rxW$A9QT$Zp;q_$Yrl&El9-vrU$XL-DtnetmJgD?k|WHD&L=Z#0N_+R;lS9Q#f_K9)Ad`P0T14gnv3 zj?wA1y(M{>v3~7B4v&_4~`6nWB%WM*at zoI!`^xy34?bX^|UR+ew)QmYoym>={sWOS4b)Eg_zjSDTQdLHF+n!9{ z+AvMDpuC&7d&RW5REZTzIdd7e3OLS(EnV3T-~KA&{cF{KL_1GJ)QYC4(gPfDT%RmfGABl((6Yr|~JA#l#VJx?()vFL;Zd5naD&~|+k zsIcF1x!Ku)j829fGGy>t@UGrJ&zS;Z_*g)`-<%bFaJF>&0V+ZDPsm(Y9+<_*Imurw zkN3@OixUSZHxH5`J^w)uB{_M2Jgg7#l^8&+uGEPjhUQR2cz!S=h-nX`ce9y>v7ZTJAea&f#a>*% z`wu1{y3Y7S+f~jxr6)jjG@LRn_AQ=VXo!My%=e7aC%`Tw%3nfFjg}3!?b(U=DmLy^HsLdt(3C z0Dh4e=%MWf_E$f@P>gXVrRBbK5mUIySkbVi#J`_Yv5LTy#!h+!(P7`f%wIc}Cs~ zYF=8!?1*Yuh>~qv<&h45K)dd^h#`CfgGM| zTr}s7NvYuk!UtMDst*koL^c$mur|CG@ozDqMWVdJS!HHn2z$PDH)rc|{!1q7 zbU@`(sfv5xyRz9x>v`XF{6`rz&69J}nW&E2QQfBZdE>p!#-&8D$=!1A%we%J1w8g< z41giEO{(Dm1=$t8v7DbwqO{ z&&g*ISG}sYVL4^5VPwjcy(uaCiG@nFT%#uW_n^w|e_kId87+?oKsZbc0I5l)BGgi~fi<)~iVC2!0M;-pR1Np~tTG=^KAU z*+6B8eVqsVsMT95m^!<9?x9D?s>C_LVKWZMV&E z{llg7_DhI>dRlfK4*AC#_NKdK5n*A2XR$7huQv)6^YfpiR-R2dE=kIz@FAW0zsWA} zOjz{XA)|-L!`@vrrTwfYF*Pi3*Yco{lP4RHJU%I$N*H$)$aAm?#cfY_y6NOCm zm0`$(30Z4YOnp1nx>70QLsd+2Jq8|1U^Rj`s(|eXe?6?C7fZY#u-1?hE`_uafTbIF z9wfp(r7s}bk+!ykTn2msV$9GH-m?>9!3{IAMaUP{9Z!Y#sYW8nTV|V&eNTIFJay~p zL~8@Dp}`E!uk`}>0`-IZ+Kjr%&|zWicip2YXziHDY8TB~czao{`!h#h@P^x&u* z`@lC<1JzFAhEwvA*A@Ba+pw89nkIgleGOlUQ)t0hu z`yzp_^>dEXOVQ$)0dwg47jC(}{oDB>PhV%BJ$QQ1?NClv5hdWdAt2Fdd~^0w%`Ojj z_eHkHsG2Hf>Gon{&3m{zma|5J&Ms1CPcmb-{l&F?@5~v+!cS$G2Iijc2T~2`UZ-u5 zz>hiDvg4Of-_~7g;0S8N3)QOHvc4~&?mMieE%X_NyJ>o|#d3yYE@@ft*oJr5?gEzE zh7BykmNF=ixH3@HGoF!tyz97}9sKiI)4kPjlmYpVmlU45=PxlA9s7)V)``cQ#=9<8 zekdAhD9jHS8=thkRk6QJ|HN=dAN*H0?sa1AMSg>nt}j#*6F+w#+HF^z5&g(%Y0Jd- zb+;>89Z@YClRDq@M+qODl!(NwUL@74GsHT-;ZPA!$V|j_pkL92c7Gz^v8r+ zwhq>Qe0+(xZS8x`TzdXdW4$d|D2#^lb46_Qh5 z6Kj-_zP4XWv%Dw(H1^3#=oUvGaaQz{6(N@KKV&8;t|{FOy}*jR;%K}uj?HR5KN_G^ z3Jut4gF>1)jkS#r80n*+NpE_@(VdLO{KkW=_zJ@el>mJ3XyBZ~-Y_%Z)g<~RIz|>| zpS(isR2CN=+OZ=Q+E3}J+jfj;h~DzjAga$YCWTOW^2AEotkI-@KP02em1AMU)h>rlU>X@>sr0gE!RH-|!DZ7>_L zsl$v`)+_fR*qlaNBJe(A05hCDYs;O0hfCYVF~blcp~T%iN6EKEyHVh1ix3u+$)G15h{>qG~ zdO~8SC=1r`mP-b~PaIr?`;{UR`L6i##ny%(e`MTSwWUp^^F-~~J4|rU9Uw?11Pz>R ze1+pG@9)fAN$K(syVn>AjzNNS_~|}fpXP>Hn*>|UW0DD$Hm>PA%*f46n!An6nqZ9fmZz7vy`=1Wx+{(n2os%e>^-$1P)2_%KP&@37w96Wr?i z7n{aj6OW}J+f(=ntt6- zNT{9Imvb*ac-smb3S?lD**Nx1cs)ink%eg%d~!rdMqg_h4JU>Q8!D09VDaS1A zOC<)y@w#GJ%mXtaw@T$+YSc{+PV^cbO?LNj2jWS(s_n<^v*}@*?sXyeecmnlgjZxu9PguL6G;GdHV!i$0_zPvR=!i;Xxp}`LW$r8p7~kt) zi4|F{M~7UigFvc4pYvo7Nng+&D~&9Or=s%wmJhQb8d-obR1a+AEEC;sa{`Cn7Ecmb zCm-n=%NN&Bwr)SUGS+Mgx398uv!_XDbI)}m9XCT+TZyhpcDbdlZe;tGEXyNL4YL>? zK76PlU_r@t&wjMoSmAYhEKb$Yk-a3c_EN>4V67LX)s>y)S0Ehy59Id0Z&@(dCF}OY zO$U-7keGw>5hj7~Pmu)#KFZl6;)RT}5q|lIoW>(2{V9I^{rwREWZ4QN^I=~aQ}J-q zyVl%-SRRtb(O{yoo?c}mcxUSy&V#-7XOzuWwDR9T^;i3rahO-xSi@%@JP7XF^h z=QjuAqa=v#Ktm%F!+(uWe+8nK>L1_{V$))x#fzLyAQr?r%=n_MAtT%mVb}_o&qEWGQR#|Mf7Ps2ubO9*uI1C z6c5v*_63qD2p9VlGdyH!EBH!N6RZ*LiEk65*fH=ut3||-6P`A*r~7L5b$NU24|-XGx{#eDfZtf8h?C%KySX}xrp@- zwBq+$|5-4>5H}mpM4k~tP+*ZDGyw}C0QB@jGZtbQU+^C$dlCabImWdzHEnr6nF~Wt zDAUZ0C!`_ZH?@%lq6*arxQmw7+9hPXYA{S<)1bm-KC!~YwSkS1h?u&-6e`h0)tA9Z zIhucq2_Xdr$ol618Nm~S;1&2?|F^{_%J>w_8sT^V5OtQt^dpxG_^ncsKjkAEu- zY!IoZXrWrmsRBDSn_PoXju%%5_QLa#1=Y3iC+z4OF)&@zlfeXmYg!0{2fh$40}UB! zlUJ}dpgyAC0pW=&p{vg|3;mP4@v#LA&BeIdMC;#I9;OHGr3PUhH-jOE`0e2u27hfrwL6cT&TkGer{&29}zhE6sUSKHeQT8t5jyQ zNr-`gFoe$Yz>yhUM*HdF!s61qYbb8RyKxA_{qQc67+5)*h><4ZRXe2nipcLh%y?k1^hv>l@MKUTY56{Cts(s)Ktezl~vP)Zy*YE_&+@71zN^MVMoA%C7!PH_jayBa$y3 z$)O8<1AAkP?Z`aW$P9qiD_E3+LqUHwZ1g&fur@pMY)VDxb__+?QCtBmVU}EU3 zBd(nZ16h0S#-$~DZneU9QzL>8yQM-}i>8M3X_vBR8XK3HTByh(`^Vsg5p4uJEiGFW zH-EU?C>S=XUw-KZ8zTE+UG|KJ21nh5%5qBnl~ZW@aVMM;*fl9c5T3w-Mwm)IsM_W52FIeCn|O#BfSY?yam}% zy7jVExc5ubs$dz{#rmQ}_SU(oDb-@Vjo1Yo&oqZJ>=Mk-uhGb?XJ#>lW9E6%_CMB} zn=>sTogfcePTXb~a^KiLN?u!!uug zHp^<|^VC{wKFoZcE1YU~zBS@FfYvJ&=bqbpZdKo+RUy+R)Lf(EKrt6gG__MRi@p{L z@wXjA>$&dm&srusE%!Ra7kZ+q#i7h8`P@6xUDZI={$+&>BUk<;d>QsUUqxirC>?agi~6*_W!JddYdBykuamn*=r5 zlWnH3Ml|uop{KX=LqLGA&7^J3`uskU`BRx2XIz`J*maJcBJ@6z{)MTlQ=e|q9!{dC zESN^<p!acd+8*E4$llZ4>~%>c9~9ft?AOh zgX^Gm)wTnw`0I>EVDs=z-)|zfbFw|IxvLe@nrEhnkx zfhD=@Xh1@Nr->sl8jhpHZ z2q!9Cn{d)N2nAnqwrBu>(H#_mgNN>B5R&G;3)fT?JPts6@c+Nwtw?>6;;0 z&e6%qi#9~^KhT{Nm1Bi7ik{W%2SHiy;PhOEIyPX=y1V&|JDyfzLRH#gQ<|*$eSWnE zm~N;4{gI6Y=Bne}=Lf$p{r$VYUdWn&@nrAJF;%hw>HwOpa#EHOdoTq2H>=7d*~{3% zH`7{>4c?cerJ#%bB-Kdg{^PM}zWk20C~`{5{%0Ii_7o_0a?0v8?@8q67?_c6Rj|vJ zRcSRZ`>)*+y4;FqU0zj&&quM| z`uWj-f!3x6mVpT;lLJEy&Wx-PW30xkKDnPzGvFHFIXIa{PgEyt*d$i97Qvtz?^QVB zdIZk8dUuhC&G-FPQPJ%#b`rbtx{9KO{l6DfQzgF1*Z(7ZuE)lxX_d zP9%+yZ>Tt3vfgWI4Gj&^z+!z%jhLR!?%|CN{+M>i@U)Z-1eQ%#N2Y-=^WQ|YI!BW- zBYJu}KAZ|`Ae15mrGIaLk1ZIFbZ*?l{9hj{9w){xsN=)CicJeXJW9&#bQ!pOB$%re z*YR+$v1COxe}(u3?d)G|JY}dt;Z-cfu)2x}EiNNjUEQq~B(U~ED`v%}btUPoVK>9% zG!X_arSIT{?T|z%_Xpeo~Jx8_agwu{U`ZfM?)E; z^JPRqwI3FldKRk;jAjU1kosGmReaS7`Hla>_OW@F0=9(ma(y7wl z-|-NFycca~)Nk_1)Tf(rq{Kaa0D%F&k8FZTnt1Nv?c&AoJk?k%Nfg9fz8V-}F8kaK}0?>d-*ND{>lxLkI|R&CPLQV#%eJ zzTb(99d((2&L~QJ{;Xl3tL$j5y+cdnNNP-d{d#8hA2I#AD>^O4^q<`B(GRKClRctp zC<=dTyo2U0i^Lbe+;dAyvB1kRLr2$j;Dpt5jqIExnF*S&qqYgTdXL0U8({kBaER|_ zof0QJooE7C;NSG&(GW@b|F{GIO%I8>wz@ez22)i1%OCLgs0#m@5;Z!$`RI0dRX0y7 zO-#a~#&wR?xnb`8ss(fW@uh&Onra{K;F|GP8w+(jzPgqXyE^*F9(G;hu@m|*=R(9L zqaDyoqQ9k&Lh=vW2EipZM>~xWTM zP6H^w;=}uGnjKouoS=d--e(5Cmc-izdLu=&0rw8bfNUSdp4}_UeN7UX<@+7ySz)iL zolKqD+tR7Gl#(>taBd>UArn#uiZQ7h+m=%Sv7sc9z4x=Z!eXi)Rtjx0kQG?t?dTn2 z+*j+e8lRt*XCH1+3sKGeTGhaz1Fo*6LB)6m;s#Y*^fFVcjU3}zz~5_{op62_t*_tI z*rLBNS6QBC%8$8sp*Av*@hBmk_*av40ZTnZ)Hoe(d=)fzeESO700GXy=Vuo$l6>>O zz&>$&fr1{I1S@YS2*M7p6up3}A8Bp#@)Wth;6Opj zC&lqanF8}o>zoGk^&XUrp3($dJu?Z|NaCbCU!EY~x@G(PPdtP~6k}4KtCC#%*K=AC z6DF~G;M^6#bCUpvv)zMF1i-;r1G&&dkEQpd*eo0uLC&Vc_l>kPQw*HAqH?H!6G`ZN zyBJm=S%%WpXY-^DyoSnWud#tNQa8QhBCw+BE6HjlSW=VL0LJ(1l7D?YZ4j)j`MSaH zFp{wy6F2UzG5$%@|F3EO%ly7)1Y=hwaZ@C~q6bm>s7cy$Ks|bMA6(78%Flx3U%~j7 z{WUj(YQm5W<)Nbu$1IhI705w*+NS_7y-L_w^?!m(;1Lu>8g;m!KDdJwihM}Oj!L-m z{14k|B?io9g^u*?|D#{<_llSXvcsd$ly8@@$T03eFjJ&Ec;b_ot6XAXxc+%EA3^xt z76X^L6$6K&1y?G2&~qX1(9kP@W_hi{+@h@nMnj1zp86OAJKV6ix&40o?$l|$uwMOh zBCh;`@FLU1L|&~9$Rz3i*bNqb%=6jbz3KL^7VTRgFtumTUul!bVm_>{M7sypm>Y)g zSR(t07*CN4>jl`yB~?Zg6?8%xX6OiRy>ffrSJmuAKIFg`9pRvK00>`nd_1WM{bHGQ zcc_hFPQ$*^J;=xtCN#6WY28!hFr{D@g5AA4w{DFZDYEkYev%ikStu|g9C5g*^RFY6 zCB%&DGj+M2-wb&0`-yi?f$RMPGs33!Pds>;BL3;=&(_vyg7RQ!N`RUrB8R|sxXkzh zj5elgX()u*8S|Jsz+oi!S2~b}D+UGzWW}caDOto-3&xC2+9;DplAx@U{_v9hJ20Vt zM}tog{l6k;Uciwm;?em^j;*H5I3kV)5fw%NsBceWWHkXQKJ1hh-YFmA9wDEhmb6UP zd=u=Br+^Vd^FB+Ik?}4Y{#7FOGI**kN(0#qfB(peVBx<+u7#2_(TKZRDKui& z9Y21Z+mpvk*h?mw0<>JAO#Yyv zaoK6>hS1bTF4xhujlo*k1GxrUEE*$6vZc|Qb@)&Ew;OC26oM=vl%$|VX^tDkd@e|% z4NrBfTwv;1W~Y8udbg^P+XFpk@D2RkMI5*-n^uRdF6$#L_~ZZlRW^nc7o%Q+rH=8wy zP~rvoi!CcOL zruHA5HfOc9E!cHu7WlZlLpA(8)|q1nJ*+6)=^DgUeB{!Bje3FW8Fi$i(>@giCc9IF z9TWfkW3446OMe=GkJ3xky!$v(10l*w&U9)k-2>Qg3p1u{*14&VoT%UH)AECKwIG1v9NMWZBmxD437?Y@E?;I$x* zoCOvu^yL;2Q|r^xN)l}T4bQ`QD;r-;b3-iKQA(09S@YJ$hK9GY1O^xwy9aM_=0Nn> z61io!TX_|R_k}HK4CjyS^+g+G;V8KV|8wA9oDl`K@h+-wQD}V67+v>Xul6WLA*g`fPpB{ivQhAUt~|@ zB(Je!7(()y}qO}Jyk|7P5}IZ_4V#+7OXV0 z8HC^VRb)#d2kxi?QbC!@Xy5O^jIKR~8C4ZUYDLuN(Bb38D5k zKYzPV{GXS84|x+exi|2=o`NI(n0fCEaJgr|HSf!>T~%)-B4h7^itpF!Zv4777=)KBBE4|k0KYuHH2=e6mQW_vrLkG@89fC z1y*FqiV+JyWp_q{zG=wHl%WGGnE-s@Vz**Qb-f-!7_%nOAIM$Kxp^?#b z&m7kahWQkTtn{$PCOII}3V|as^9@~P1VD&b!zh?MmpQ8p<8G;ccD1xFu_i|Z)fZ4Y z$4ma{xaJu*e-@wsdJV!CTs+0F5FYPQx75A8WBW)SJB;$WZ>X8@5$*XxP_W$e^s;Fc zaQlr4z99jA<#y9otUg+P{6*?&fXv6?Wdseo-Fni1dUCst`;f?3vYrAAnyyb z0Z`#&=cWVq^RZ_;&#hZ311gCF8Ne5B89xjl8kp<&aQ<)Hi=OKdFz)d;)?$8@dH>V4 z{5-~i1f?f9FG!p^i4Q*PaDq@9#0fZ1%y5?--}|Ij;dQQW;3ak`&Chu>CdA+Keu0hU z#<#G_S7d+M?FjHLE=FkDUi()<`X5l>Z%8*BN+Su^izK=Vd{bdyE$ULd&B63|5Cd|s z2kliA2?uuux^eigt=S&Ll6d@0PXYIx7;@h`^cj@@uol0q){lexkca<7ifaAE3pBL3 zMRQg_?mMuKn#cWBJm8{kI4_}H)QX~@^ex=OgX88`cCZ8g@hdOd$+rI+Y=7~>7u*5a zwUQG!;Sh}&ZaYB43uXhvePqR;fzKC7A_`jCk7HxRjSUTc-y9jqPT2iTL*Km%HVx`_ zUvahneI))m!}SJQxBGiB)VLLpk#k}jI|IyV5jd;BZq@u}%=~kLU&p+dmH-d^$s@w9 zlXi8<-on73abv{=DJiZbBbG!VZR!;kmS!I46eVTSLzytj$Bru30YVhJ_#wWq$f;w- z_FhHm`3%mm2RG6&p@dru`8$HpOS=)90@OtE;w{r$s4!#^*fwJAndMX!4=uMGH{KPz?DVRMRjWE(se=~3a6EL2+ z;}>R{CKd6HvN^YZc5XJs%PYw`L-}!p)j?7IbB4RjbJ0U0m2cWGI7f4go4Q07H;*!h zjjLrij`5ti3qXUFMmjC{;*gPvI>?z&p&D$%Jd_a#36>PKXxgo$&(PKD85oj(`4arV zV~;SHZaHZUD97Nb0tA-7)LcN4_K!n-PWgj#`Y*Ql3Rgr+!yD5hA1XND9b>DHMz$C{ zt}Bo9R~;M8reoB3OpJQ$n{a>}4=C6077Rtcn%KMrim?x8;XuaOLkssbU0;V_fUJ;u+tJRQxXn=e>VugRZHAYUZ46)3 zeIXUaer>1dAD6|vsgB&V|+07ETqvacI2nB zy3WGEw5P76N>fPG;=ILs<*ALcWQB&RrmP$RSxw69U76rf7nL5~d*>)>)Ox1U^U|u% z!37Dwu%t)FK#O1C{9N_$B+oS_0z|yJCGw@?+EnPF(S5ngC~M0|u*?mumF%gsw|y>> znm_biIN!oBw-9)+T5EyA@1_gFU45wE4hg0U8`t#D&e8GS5MLQS%rVNA`;t9e4jv=j z1k0hGXMRy};ZhDoJdk7+xonx7bc3OMFZ+CEyQ8jwW;2~`bI!X~&lkiGY;FVD+2HKI zRGxomKmTunPngL(kQu*`fOKoqo4(UOglk>DR%gCVB|T-%~wGCU;5M%8B7`?F`?sqEutt8nm4RP#<|sRuL-C>h{09|1q=mP74Wed2T=;tN zZ3fVXB2v7@tR^++QdEYR*_fE+nQ^@#Tvdw5)|V7nQtw|>W-~WMTo}hyy1O$fNzVL~ zbN>9Z1;ffQiZ;Tn{MC#SG|-2+`mG8-<%|cItqh z603uG&)n=(ADqM$j;5h2vDv5slFQd`XY`As&sVgQwHb!1*~}AV-9Fi7m=p1~+lC7j?H-p;FShK?~XC&0Jyhw>eZzR=stXq(0!b?@rLdr z_2q2_9Ubu!AixyM0@hJXD^gXsebb+vc4n^{EDiy@C!Vwhzbs(M8Hlal*f@#&5KWeq z<9C|~M?17}CEyE3hse~%fqXVCFqH4h_&{(9$uI4|8rnMk)YHoOS7t{{NDe?xz}in8 zFln3Nq27-N1JV^E8iC$%so#a85C|+kh#paGS&J8WA7}ynz72WW;>;uDb=6AvYjkTx zR{BUVUvyTCqQz!aP3a9hH&^3aN^=#X>yekq``^C1Z;+89WVB}r`dQi7&R?GR=I^(c zxs&upkEiTyGR|1m;-%d1i(|DV%5>K=ZSU=DrY)&Dj9mBJiIzY9LbSOdt)n~Vez%ei zca>r)S7&)9umY7|ke?BQ9v02;-;+;S5&3|+E}8+WCPiQH7@?x2;nvkntM!Ep@V2+* zkub$*n=cnO+1m|a89zDBzp}iUCTiR>4ZqzB^l*t;FG0hH_I54@$L)7{Q_qZ_Jkm=b zL|FP?Z#A^HkC31dG0J{-psq^>8a16c=~N|5;1 zew)d-9%S2C8l;e*Ra2{Vka>3`UFYKdGP4g&1GYy3yE-w7uJduGCeAULtWBn^3oJI` z@0Sesf4i%0ElfJ2!0d(v?wf?L z!)A6)yeGQIRX2R~N>-VfAPn|^r+&0FJAg4Dye6^8nIjIj)#d`wD+)afSe7k+)Ob3? zOY+8ZA>Pvs1qIaLhH2uz!~2`Aw<%J+<8W2K*|xLwT`X~YKS--qhrg<7SAE>!t4{Bo zmeo*#ah+bfq(x`F4|IR{RsZrq?pmMO*u2<|@*^`dUrt>!Wm0~k{nb;_{Mg?vX^SJ% z%7Xi72kF>*F17)O^a}7LF3Hnpkiz31Kf)u}5zpOd-sbS@aSAZFJJi6Yy0VI zzJ;Rkx1(I={xhWOggR8uR+N2%vp~!!OAfy+p4SEx;kx87=l>m@{&dy68X)Jjp#sW= z`d`oX=NUKfi$&e$_J zVF2LA)q-dQK8f2u{8C+ljg5^?zYuEE^{L{F5A=yDbop;pvelNFw58Kk5zL>Zslg;IaCEsM%3s)xef0Mj2OHroO7>Ta2=v66Wc} zLS*MlwDT*E{ci@m?k;!S*TU)2?OKmkQd{u7{(dyRI1^kW!eqvqWI86*eC;&-RSTd~ z%L7~gvLQ=Uf@4ni1hU){(8XIUt*bl4Q@ucS6m|12gl@VQi_!9GlzJ73TRyLa`vVO% z;W_laQ%kFETu@bhO;m@-Rv}%h#`V5& zQn9<%=^%4c%NEhJK3V_typEOxWLoI~(ls`C^uf2qV``z2CxvWG3rXF=DNz_a2jq@ zqob3Uk#6ah90pyxfOx(~O`SriI&BapqPRZQlE#YIVWe^RPAnV_NeX{Viy93?!!uABDuU|S z%{kM_#q4=!j@S+>D?YU46c?4^L<0PNW6$RQ+rrRAe;wEOYiwht7WO>Fmk8h!8#PS- zi2VMH0#A6|y!S;6#I@qDB*p28a36N?6E(e{2ZrS>J&~?S9DM#0dv}8b)`dC=K0fw| z9CJMsj|^Z}tHk%&3TZ~1H{?R^t^xmIs`?LTivS0hkC&g%zB>7zHVa1@Sb-Pp1XU-! zu0a6fwcF8~Gpst?)hyaR5b|1@5>ka_dc zBE!YQ2?ZaXr=UCy%mXf@emSX5;PYk*SK8Fs8R8HI2enj7K}O;0Jy59zwN}U*u$DC5 z(9rOv>@B&3CSTv^C=uwC_*h!n?{>O2KB=pc6{q3K@mWGbi^ESW7&FUFJK@snv8p*E zKpK^+8@lKgP?t5&63TGI8T~HI|D+Gnkyr0GuzFt=+}p?bMn=y6TnuYqVKvEDxGv-3 zKt}Qe`)LWVA6P>Q9hs7LN?Z~W6O(==(3DC@qrmZ0Pftr4A?NL|Teo;-SH*;7J>9pK zyZifV#`~{;uA$;ts=3L>w-<-(zcFM1YbutcWH_@ppV9&<$=e+}d+B)Wl49D{&wYMc zWT8RHu2~kND7;FuflLWYo}0_`@rd|VSXmiwpsD0}yf0=tv=`Fd+bgYpMRzjztVXHZ zoyz@)@Y$7Wl_#Kh$e6LU_3Pdo>|L>gF{KR8r>`|MH9w`KR1;;Xv}U9xS1~pM0V2#l z`va%;7G98bAsU^Cw0ItLv{gJke&E;GA9^(P&Au&^} zIeanTHhHF&XJ^wqMUQbn!}*I{ysevsPe!CzRS_RR59Eu@>sD7hU)h2p#4{X5=ffVtKokJb3kT&LMtFp;CpQP1W7^&3}78 z*Tm^5K?y}yWPSxfa*dE*E!l@xcuRCVM)@doZG>y)CR z5L(v-8<&~Bi%)c|ba!l<+t`4l%6^rxY$o|Q^=jyCwmLFP(5cYhV<%;Q)|Xu8duIO2 zu_kV@prD{xUb15yn_cqr9oZy}M~lnHA2cm@r5~VYq*XxwD!b-K_I>fiwFL0U_RTQQ z1F^l?HV-}Jgh|`{j_P2PotgQp$nu>Ke)zBiXsfnF061eTqrz6Fq=A2E3f1$9`iq<2-V}EA( zQ(|rB-kS!-X*|NIF8twR9i0)Gj8A#*qBwOW1Ux1+p6~*xfZ}=huUFRV6XfcA`rP>K zzbS(&5IWDmWsmRm0-_8)5Wf5j%&8=J`vYIKpTw;br&lq_@+sgkRw?-AC^T8{!Ex#R zfFFgOiAjv(BBrHBoBCX0=7{TvE0wle$8>ODR>!5ANmJEq-EK3Ubk|{Nd~tY1JqvcC zs)n#g8%>Q^Q`UV|oWTbOwk)5FXl)nnobk-u4jHwT-S&GI3q&1!CK}Rf3CTOJAn4^I z#4|~jsjVzN9vz9Y=;tlY9@_*yVo=$2Hs~^P*(gS*qfj20QgiY}tZEynGhuKb0>)$X znq)WgdE1@+>Zu435s{5(^ie!&e?%;G3BmE$yVI1-NV|D_qT)cBVq=Y7n@^+k5<;$0+v}*aIjrzJNV3u}vcC$ASCi?+liEu7VshxoPG5+zr zR$u5r)O+q1de1M*rAKCfH zkl$h?4qsfL(#U_tJz0RBnmW~N9{z|yEvJFlpH5C-#7(6B67hngy?y5;B~hvEk>e9~ zG+Y!95_J@V24pUTnVOk>6mi{t8~7<-U(mt9i6@Je0Nw)o@|&>xq710GMP(iL??4ax z%bESx!5JtrIB|~S<(F#^M0`z?%ZCua-Oyto>2-<78d`8_M`dkog+#&Si4D|tyrMdr zAIw)W8^TwV>4@nVkm-syKCC>?QmP9LUsMh3RmUE8hX}`8day?>~SyKb^J_y zmtnNFg$f!LY1)@NVxrsuBQ@tKc|1SYL}Ej69E zeMWF1c$;E1gF9)<5h1#N?r_G_L!z1uH$e;?ir8Hv1^WYQh_$q|^m)A*PLEZh!=sBz z?Ss$lX4g2~y+Q@o?pL>RG@BtaZI|mpayyFph9omHb4ZeDUHZ++j-K|Y@+AhkE|zWD zV;7wsWw6_~%lLu*Z!1yss-mRkKl$Rc~_ z%<}Chsdim1pIW)WY?eXMwjN)!OH-d|MBjayckk4RFjUu8Jb$n0llZ$hNjZCgK6&Rg z-R`~>af#?w{hXzJ__f8LP<4GUC*EhbC7{lZ5y}uTtl&z_8pIumQsWf`jF9@s!{rOF*@Zk3Q4jff(2-{0;LX%5{Xy3x0 zNQ`0(Thj#^kYL$viFCQ^2xlNS}lGDkK5@x z#RP%-CAT96_p3lhZCX!?F)|)F(#-ow=TRgV98_Fs{O+mhxViD@x%wIQ?5sR@M3#^9 zB8_&Tt8T$+TgMMJkN6X=X`Hl{!L{feBV_uH~KyHZ*xYx7;k7g$3)hFetS>yggEA)FKF#n(9(?6;ORw`D(2s)_lVlo%w3-7NPBO z*}jgT_2>y03`SWse9>d&ukj8O_VFTe5|Lm1UwcV$)*%$NMxAN*~)1R{yR*na9g1-ow%n$FHvmQ?M zq0@9lHsZM7uND3&h3FEc|De}WU#x2cc{y*!}Jzlk>erTX8U99y>3khYhsrz@&_AdzQ+5Zd8TUxbJgY8R#wc zC_mPcyxQz>=%+f{DW5yekWy$p=2kYgXAW5J7Sc86VOu%No*c_ z4lT`XGJQ|pcLeW>PGZ~JtZ+gJONfm9L3OWd;UX2I8ah>176ECCu4yGn3@5x`2UQx; z2d^vg)2zWJl3y*bCr7&(7F3U}oWwgeD=W);~hEKgc_9K1Kr9?Gi?j!S6mPlzvG1E8qfYi8j8-I|E1rMgoGrl-LT3 zC`JAf*{qg7+m_IbYj}#|6+!$e$0Q5)J@9Yg8-|E;LU4_DOo7BlDeuU2J$x4h^5GFt zY}ya{wA}BoYnS;bO97606Nz0;bwuzBd3w-jKc7sq-_i5eILIKByS*3ZPd9nC6wNPL znx21Sd#wreltBA@(qaKy;pALiX4%3Unfw{h={b^3(!uuHWsI4k<3hjew%a@q@w4`- zC@Z%!i`wwJFT4*ksjQ35$$?+lwwjGb9~3dXFS>+*s#TRMioQV@aN7#Mfm>N|9!_$4 zrdti#2#}JIb$&`m1tE4inI17>`-zb75pjVbH`c|$yr9}b!WpEdRdT7_v^5@v_=!mq z$ukWuPtmsLOgU;Owq9}XC>Kv`D++xSVwL~enXu(OUpQXpu@rN>v&0~Ah=PKa*S3et z)H^Yu%a}R`|DfNS1pR9=h^P!QlmxNre>euC?2x-YdB*A=9Q7CI><~$fGtom_eP1N# zb(#WR$8&oN#-cQ;6q(WspgpC>H^wGobpoNdtPzhTJMzw(%cAef%3WuU4|j7n;+NeL z_xAT^A0p1Wwh1hM@b-4&Yqq^%GmUYeo{2TLN0iKqj?im@~-EEDs zy(WQnE<)!Z`M}wJgRrE6RyQ$r<5d$&%g|cg3c?9uOlB!R9HUR**qx6B*PD4})|+o6v?KHK0z7PwPi=HRX?r*sEVs9j z-kMg>x_8%^rAaBW?Qr|}eZs*+m-3S*)ua}j$(M$0-gj7m_Ph2I3T#zFrQslIGwEq0 z-5^E;yLLbFrz})tko}owQYd%k)JzKoWUW+$&k$hP2UjSWC=TnEr@tJ&n^jcD2th z0)v8rGm9G$bQ7c)%kR7By&i073#mnHY@;k5EVQ}of^^|FOE&L?!LsYO{J!f29P zaQTWiT^oE+Ama1(lGU&bw7=LsBy|OyRjZ7elwh+?+e?+HEMqKNiM!3a_I3Ni1{>5A z6d%ZsHc5t>pPxH_A=V)B{w_^DoeXn=voO0ZvUxPir?I0-m#J{*^BAmbywUt7D{GMA zoyliqTd}MPbbAeeN6Aqy4@H!WQxU)&ZvQPcdY}$rI|FGl;D^j*PkS6(5!_$6SZk-JgRL~?Jlys?ex2ZXq$|xd5NA~u zIyW~(=?GgzqV&W>c1G`Qd=FQ8XHdl~Mh zFOgf`RDS#zbQU;vm3mW1LhZS<9t|Mw^OV!S=kiG`n6W1=yKjX56Bw(3>Z`hOl$^y0 z4}qo^UQ5IYrWcxYJra;iW=Wvtiv&7o%q0sSpyG4im_`fBI}NTX#EQC?F?T8!-oEci{q0T@e`HfzYpjjSG z8=yVkgEp2D@$uT-Jv|C3DOZiqlv^>@fc&ybhn>4}q%Zi>dE9WH z#yZ*6_C4rAd*nY~kF#$n(j7Znl7sL;VoQ>j*^Av?A}xoEUg^lIf6ruT51oz?t$g1q zIDg81?&fmfEW)Q6l=w}lPu#f*s+7u0r;W8D6se|I3dd41GF~YPZED-E)+VM`RpC4~ z=*?DFiq?I8p0r@Gl1&S>&>2)c#4Z*|;4)FyH#5%Zb_Q(3G=FczF`1BVC6hI*;(y7X zzX+NyP^uumHP~ZiAsA1#P>lfKm-NtC?%VAr0N@FXP*!Hvxvz8nt%5vBVzAP!4jE4+ zG1pOY<(9*?UVvaRs^NxXc)OG~0!ZFvo-NU>*pMTeFe)LzER6-CoJQ8+8tcnN%3ph) ziyf_oby6<7Ds9-GX)CzJa}!OU=!;mz`zrTpu&b-7LgNz(<<*-za<}bhk**N57^pVJ z3rZ4eG2c$Q7%%JBALCn~s_hVO<1uJsm5#M4zcV%n3W9Hp2j#YdxRM|VE+NPDo5^{= z2ic1vQW@0mXZ+s>To=GcLQj#Dz4(WymM9v`v`yY9Bgkb11_Knq{@A4?7J_nam^NUk zmKJh1pXV>zU)nEeT%cAKN{>Q)A+;WPUbV_Lw~&NB*tD`AaUV%Rp+p70zlK3T)+19> z*$wM;tuw}vYFn6j%UifvRzg!I0Kgz+dAd5|e1U1}K!8wrxpZ2n`?IH*LT-#AozV1E z`z7X9ZvQYD2<)-SAKeZWLd#lNJ`bv`?y(>9O-$alfvGa3_FRN1Y=25mOtSLacSZOj zSx|{b3*;NPs)_8ZtSJSeJ08F_XiX2s9ak42V}>(*gpt~#*W>BhF-7wwZ{ZB_jWBp_ z+1f3~aPc^PcoH?rmWNNEm|}daTx~;3oA2tQkjqh~FVW_5_S3EogCcA4)_7kdz zv^#EM856*17ugB&pD7L#u7ia&&4z2O?z}G$yV6I_@rRtNj0hB5nQXbfOa-@nCS+At z=S1M1R*GAWp{U26h|4=O5wNkdft(FcTCiwrb`-Mo91LZ=vW0T*duMSS zNnC@fXMkr+Tv7%E^Hyj}4GthU7tJe`%zY!+XIl{C>ni!JXLbI`nlW`Qx>T)KArO{d z-cak9tP*Ah9DJZ`>vtC-B0we8R^KHa2hAzFOcT05>A*!T8s zH%MVKL}Vn*b%VU~Ws~?qwbZ=M!Pucqk#vx5S>&1MSi%9Zc1&B`4MNTAMr;B;T3Wer zOyuRxix#%o3Db<9^U%}w?Jiht#9rA9+?_u_LGIVE6SI(i4SUAPD=MzG*^&HMY7rH4=o4Wm8S6od>(?Ce9|WdV#xEJhsjzhFbK86$-<$@>m$Gm{gyJTrnu6 z>~Zki#@`!gqfPD1f4nz}-}<4=^N454{Emi+ka6pkGO!T=PkqD)Q+>3x{8#)R$htOV z%Qsw%J~RRTR+id<2Gx@O(O{+PMfdsPUg*3GB4huKQtiw)ln)l|kkEpWZeOK4 zqSvB`L+60&zL_QPnnXBG=5ldp=mnz+FS&k{S&tl0 zSMu3CLV<8fHcr5b+b2J(RN}K>^77Xixk45tux0h;y4MnIEsa+!q4sqUZsl(pKSom8 zc8-`6Nclp2Nj*Oq5$JrN357fLcP>2<^;V zrRHu~nN!+r*VQ~FsEP3BBsdy4x&5F7m(ugI2#Q% zubT`+swQ#aa3LqnjBw;)=8w=k$D?6zxC0a+{AhC)4uAg@7src%NV7x57X~@BJ74x^ zF3}yE1dl$cJgq#b3Ttqv_6v!KPLyG;m~bY;=vXStzzpWqFPpzIKHe}U^O~ZRXa$Y5 zUu7EAs7Nm^EhV8v_nr2Jw~ze=)rFxt+==^xc#xO$*wSQq*xhfjboxlPt1-O;xFX@L z$KA~OnG2cD$mM?7k^SMY;Kq`!bh>O4SIg97xO~&ey`Ef;dl$vlG9ImNy)S^(Vhh+A z9qz5{g^|yMmMDMi-(M}FBE;ixeuPTj0MG&fL-ovs zB5mJThmRLWuUJ+tUcglK*vreym%d$^wLjXO&fmE$XVG*DRy%5(=pMTCj61v0oiymZ zRmGS_<~xxffE7>gP#hjiqfkkH>e5g_ACU`(R>=!Q+1xD+_irqAE=(ufL$cb3 z9kKCjQA6fu`H$z<$vfZ3(CP)7TUsW`cy7DyEv5jjW>^%eMjx&y?1dTY;j@5ef zP_RsZM56Qf&Ap?GNA($wBIZVX?i(q_9X9o-_~}MHbdQlPlZtyp*2K|9`bDa~Tcu@I zHa5fnOw4;&@|KEf>&d11;h`SGSDOXu?Si+tMm0>bB$=v9POSFV244AJ7@;dwWE zrEH~2siVP-GXt4tUZ9ojSKvof>&SQA*hvPe)WlvRBN zvnh0Unn)y#jmZxKSTUK6$oTkpKan7*tVSn2J+DW1U@&8tjHM1o<>E}rOujtlRAXL2 zu=(6^x3CqeG;*nO89iInrz3!19h)ySHROGnHR0&wP(V@W<>&8zUem^gJKk}wd^R~q z)Lf+xb~>^eLV+w1I9WdVWA_4{g$Zp@?CmY;@?~LJl4eB_-}XmeUhLp$I}oFyqB`po zw)@Gam^ts;W>4QRm(M3lFu>=LFE+jKJxrAYVae(aH}uS9O#>KWMXX<-Nqz82=f1VJ zPO%g;onu&<>mhz)XJByYaKrdw=kcfh(mf7lqt7udTBJ&RGEPp#V^^64qJ7)^J0exJ zr1=VrsQS8(0n?xNbX(WHO=N_LX$Iy$u2X08-PU*f<3}U1wb0;QL*f-pE4Xia?+2gb zzk!{T!yf0)T?oU${q@&Fc{Cwpq-dB9f%zLD0p?~m>wT)$2!>8(`-KkBxMDM-#3*2 zZM54aDO(jyRvFdMqcaajFl8Z2mD}ZoHWTI@A7kv8Mnxbv%cm`L4Ry-hO@N#IVb}K(JhCnRc!9&X_-Ck996;&jp|| zcmMxKWwbv(71j3GWh!*;kkF`>7;u;u=tQ}n*CKZ4CrV}6U#+K;x0~(`yp(BHpum=Y zxXo&AdWrDyy(A*l0Gf~E$&B}|xqN@)-xWyObR#+|3qzABvE&z$+qt(%tybvz!uNBf zRu5kg=+I-zP;UqBrE|QN@KT^hq!kl#sN9K;(4?<3LB#bu_hQ9!yP1tHrL@Mtz>==4 z#{7_wmdj=rJGfL|u^V!)G{5VS=Ia9uF}qaJjzWurrA>^5u%2g5E1SSr;Wcu8OOIrY z?wY&D7->AA=(v&`_@s6lM5h#@f`Wqg&xC@WZqJuk1UK4y?E91aA9{FrNC>ze9!jST zMCRj3jrnx8^wUe^i2m&N|2wO^Dwm27#Q2H*1t)?Y#gE06M7&$A0ax;hA83=-yj! zV)relj@~QRXm(AxK5bW0_EEDhPi7%;fZVmhc)2UD|7h*w1Ef{d*S!+|AI9@K!0i++ z-#+Oj3#I(aR=N?;;(mm{y!4H=tIyjYk*4%OSJyqxiWSDg$z0EL2p)d4$j{Tof?S-L zNo7uO3q&0s9&=|_Aap7NElb9lK+oIe&sjHDFM+(xyyp8Pzhq%wPI}==U>`ZY8T%5V ztqStNr_mG>V$AZwUeBh{ods=D`OFCzGh#Q{JV7Mky80=5YpFH%{vSE|BwrItLdpCu zaG2Q1=am(Kw0yF1CiAbf8Cq;#&B-6f2XQ5m#TR@W#X>2KB9+q{4``+s0h0^LqB(D@ z7-06)Drvgj9TU7?v=mKDUDZcu2qRlQOfuF?Tqh5R`zr$-IHn3H=g4n2g&{%AOk^X~tP^G>d^H*6vH0zlecSz#RK+dRn_1-?diRX`Ca(tRGSe5i}!Bh2vf(bUl?TjNB z^^z$EG9aJ3r<7n_b_|2T8zFHTLKL&xfz{g+Dy84~QAAGpt#;W($#PLWd(Aec&QR9E z$=vW_R}L)M+y{6$RWM7$?(;hl4Q-!MXnc3^JYfYR< zC8Thu#6x;1!90CSS}kVaQ%!+V*EVYV>V!zDQ7_xx#_n`y`G`9S&=anji@u~w3VRG# zEMSS=pd3b=Og*bT8k^eEFO57G*7h9gi3ktB2~SspgUl&(vC0jf`M#nF z>n_=X3#jK1E3BK>@%H|9KrLV!H9*lv%f*DLhD~#0oZj;JF}) zi_>CjEhO}|f)a6`zpSGtyN{Cuw_q;(3+wz<^!Cp`Ka!mUg#Q!5tND1K?&ym^|e~}@c)IGl=)3d0-wy+#l+;5j_cz2vT4ncq(!U~#m4$Np~>pFFE8ly!oqeV zHR@DOVXg-q99tHD`t<2@;!ERFgtHj)+*CvP=v0eZ?^};-C9oeP!*2gQurIE_g>z}U zO#7d}?bA-+L^yVGGLW1&`4aN+h{3l(wH+Wtoo{4VdJ5&gSJ28??AKAp%?bg}7BsHD z9uk@nXtf%ay)0n5ixUnm2d^ z52PS>xfUkV3YBw6NlED*8d3-eQQ+meeSdd%7gE_rMn-+)AZY$GJ%P&<>)oA$0xrScm@~KsKmwVQXg@{`5;By)<@RLBQGbv6*Ms>Us&RaVedE6?4&Q_t z(A~^$zt6J>P4t$0Fs?W~96ChG2i5#uyuS{fb`q~>nSkycHM%)m7T({QT0VkO!UZ&` z;UE`wZk~?!UgOwpyF0`5v~yXkE-v`Z?YDS%GU&znKwpQ{@^rE5KoDCI?2utCq3LhxqD&ge8TQ}_O5xz4-t-~ z(2MztnZMlItJ2}GP}Di9(E;@a@<6rrkjXI^p{siCeT_rV-oS9YmK3DneK6Vds$^TW zD>#YiYnOm8#w&~F#F%BW?mmw=E%=yEeBBLg)oU4M(sv>+ldAQyZAtj8y45f8(1P5y zv^f}In_(rR>1H@bo8imrpihPReC1RFDadxjH4tW=+y0RY6LAjN-hNR>?=mYaRBxx=_E6)B6dLt``}3&m9!^5j^^jJ_4@c^RAzthpGSVQE&Znt! zz%B_cugNSnGsn-InRz44G|krtyBk3Ax<4TQZLyQX_9Lhd&Zq3u7a%XI8M)2eP@h>7 z`7l6-C!XQHB>7fk zS1a~{{lkoudV4N&Y0AjUSdj-&`ZneQ_wwEsI&D2PkoSM??xIc%Q{?2v4kunqlot~- z>4$lKIVT$+Zf>mMNo?Y{a#$l84RtBG`Vf6>=XjwqAne+JW1^E;17^E2E6X)AeLG<` zAtWr~nfhz;fqcnt-X{a1ZoazyjPSMI*U#sV?_4u{{Q9o!>+=Jc6Q{1RcQEb_SG=2@ zovn2Fw1nAqZ($jU6DjQuX}(QKNv!@xUHA1mi{*RQHj(M_H|oVH9?#eIdi1)sT-_(j zR1d$m>`(G|w}&ZYAB|fd4^Ftbx3K3l^=^5Dc1-4Z%<_5`-gNf~fl=$aOcjODsA~*0 zI#A3lzdgAwv)p)*J*sihF=flcgO6Op$v94nYPP8;MeLKX%Dzlxv=zA>LlMPl{$c#< zZqOraR_YE1QSR{jD=?o0syMB=H;K(`*|K9|qq#a%ulYwVo-@re+iH9Q5=ZM5Cv-5a zI=x}$x2Zw54v~kmu8&h%byTi?H{PBG=a&;UC+4gSzz2Jd6E;BCAJC=72MH3Am(-8@ z$`d0iv+3d+M+oQiILn_VJg`^jV*2VuUH)Eq-q(-Kss%wp^G&UN}+LiY0I+vV}T(pH187B zdD{jgrCad*q))H6-2y-4q#HH0r>ATx1d=*S{0dgJkQ=VPBd%VKZOPmOcDhj>oS$_% zD0YSlBJGU9{kDSpbTy%|=)voPnqcljCQxEyQ#gSjzM<{8hD+qqhU3M-pg zR|9fL<^wNXZx(r)m2z!$#lkz})llF-xU;hE`-gY%mamuW$|S)jMJKMz241oR^7$#w z6E=z(Nmgyw``y%Te2T2rw!v{7I7>c6S*O!`l0+}O(!z&}P%AH*{RQ#rP1k`}UPm*b zl@`KU15GMQCZN+ntZPiA1@9GY&dtx!3T9H+s!9tCfju>K=hVG+*Ci6=K_qDj9JVNa z6?xuuMT?*9>-fZT4$b%SmsRIMcC}4X&auFB&b!RMCsxMppuOf9d@{_M7LvF51X)7U z=@+D*S=$Ux;jk76QN6q+4r@OjB97PINKvJOJa?beUXN4rWZ^CU?j{{%vwc=C_@{8j zKvP|HkBb7xDNcfeo+CcUj-dk!?-T>|nE(ZAhLD-o0bH5-&dr+Z{Y)eZaSGPZ&@H^R z89R!?OU`ga(v15&epaQOi*F-w8)r3y<1%x<`cAtVZ#FSTx;ih0+y_~k;e+;T=NGQl zrzOHL78Y%T4mA3?p(}kv%s$3yjra1V^NZ*Ui^h>#QPQA_kmo7wPgj~sEm_qrT-b=c z*mY6Xt{}&Qa%r^G;pkthx|b4eUBt(4QT1isR8t$i zyl>r2yG3|G+TWFDTJ|8ZXA{2Ovo)(_a_^LOqbhc~Oy%%dm$Ln5^uv4^T_qWPR-C0p zy2d&c6poa!jJbZ+GRE^6A{%a;Cuc5SuuJvnnF@Z9cq=FTyFT2)f=gGM6vZObs#n9@ zl%;8m!gxIUEc8T{e%zGNrdZE|ZsFYs;Xw89sV$xR<9P-iZI5P%Gitx zDD0lt9t9HQi>11ZIH}Le^vR1X7>2VHI&9~EQhwRYnH@;l>nnoMczlar(Bw#)uEowY zp~+AC%|D*&P9G%LcE^`C_CRuQw5+l!NHr#HDDY^fct1&ONEjj>!Ml#?Z<(X!%AAqY)fp2WI_4igoSyYPf%)=Fh@hzQs4RX_Sw{i#;`mgxAvN&* z@_Eh%5P-KNqz*#A#y7_MZ5O?o; z!lALGfxzrs8yM1R_Lqz9og7+7ws$CO+Ufsrlb`qyzd2e};QQgi|6%RT!=Y~5xbc!u zDwQN;DWR-oP1Y1Cq_XeX*C8hBSW-zy%9?#ivW?v^2Ge5ShQyc|OV-IUWE+k3y{3D4 zp4`v<9>4cEe*a~fxxVLhUe~#Q&hr~h`QVB7KU!f?WXg5m(B#V36Um0SmfD4E?b|d_ zm?I_JDx7l*uiK{-T22pPL^vE-V^?pthsG_FMJM5o0uf zCJHc1*hY=w*K;)MQrl1XmvFCFu@qH#uW7kQx*`>2=aZjr@lu+mUTR{5lb9-!nGjKj z-l(t!)LV~9In8F_#v?`Fcmv*YxgdOCsL~pUx7Yt=bAw*dR-V>9;NeB+b5)h5lCWrx zUhr3CiiQF)KHJmXx~JON3u_TgFcwWxxQV2i3{w6x(1J8CZxiB>@dyI9|Etwh9erYhNVZoOG%(z>RSbNv>rCD zQ_RY_8BWRcxom7iZ-__*E?Pg?L%T#9&Is8;hqyoj+8H4Bv)3Jx?LV^ZUOq((^z0Ga z({X2hf9ziryi%tD6YG$|wEKfU&^m!P&PcPk6Irn~uI_vf(!7+5l1KxuvhQtM)rRxm zKT6AUM-P0xAUwHs*DjPlgo22Q`|_LJpZ~e%2X_yEcX8$lX%DZeWyC*4#BYH~B02e_ zmz4aqj2q4xx0*T(>X_1J4eID4leUjOQoaD5qw#w5%I^K>CWFYviP>K9zj^rAX22G| z?g9IiDp7yR5G>B{HL06CF>yU!zdv%oOLfi{8497cr zfK1&Avhc=Pe+RFKIY*`2rkJVc>hHIpTAlVN-aNaH-{4<16nhhpmzeRLF8C>Pu4*P6 zZi6bR7L;HVvh9IftfO0pO)L$(s;J0rW4|WApv*%7%kc+AK0o^VUHhO4h$UwgO8TmR z=d05O>oA9G_0ogcQAZW_np^ZpH1htj%Zyih(9VpG4+1YS=mO7ScGha}u8prbtX(D@n`RN+(xX)@qg(13(iRrN+<&g< z#qa|K#v6pIJ4fv)F6MCtW|=``ol3_)r9t`Ir6__P>On1hX3@HxE#W!1H! zP;gsXr*Gc$Bl8aF-C z%>R%(>LD^*1H3)u_aa2ugW+pFIKja|{Od%dEe=NzJ5W&v*K4{#{|;S@vf(}it|WxI zTJo&g*Ild4yaq?>XR7D%_Ii1#k8C7gy2{ z!ZdileEDKp!NhuIPcWVjTq`f^%a&ad`;`OS>{Ue8#J=D3$KQ89n1O+(B681JQJz!+uy(cW7S+%KXe8{9w!R22lgMw)_`uN14IaF9kP>(B^Aq^oJl$ zVu60|=n!k2AHMq1{Dw(^DLY5(_VE0m)NP(U!Ru$iYW4jwF1rN!t2kJtvevKR$iFb~ z4V8fhgk8_vv87oB&S8s-9>Kdj!o$x`Fy{??Wo@;k;hm+Uqhpcy-5j7e@>Kx~E7c{K ze&5Yr1_xRvWe1p(M@dxYElx|)yUiwd1(!nn&&yV#lR6QNl_&_d7?`I_Q5qtow92-im>STelH=ziK>4yzS!pFN1TNy?_)wW{1ICy_ zi4yy67@{K*UqTklzC%9oi{P>|P2D|_oe-4Hvr5$Vr;6p$6Rdb?HsZS-*J?!l1sykH zHmF$E8f0geW?ls$rbJ(HF*U;U-Eoc8Z*dcH(8dUdv+=*>-6t+SK=g_zF}o7a6!Wz5 z#;N=nL6^dLpDH-royH@sF0O>bs=vEnme8KR&Y*;Rv2;Hthh%@o7GRR?PD!cL_}dqH z%kO}{RMcsqwV~Rj+FqA5`>kuTX$n!feU;?8bCFbS-M1MUrtsa6x}}W8r_~Nq#pdwQGHbC&wY}3xX%OWkh8=s8F zYT6Q{*x0{I^tpt-I9gOO(3O5rpFug}Bm>~nx(Zwwb?e{Bdo*;-0@cssR z4uFVD<7Tft{O!kkXhn~M}#Qe>u-z7f-0e%RFubwq#h&_A9O@(mJ*MpPh zXs!}f2fAssGW<@HGMq|FfzXY?U7PspxzDMV;MC|CJB{8spo79o5)aZGeI5%wRCgac z^!s9aXjP5^?McIR?O&AMonorCoNbH7s`658H~cb1B_ohZaC+rA=3U2Bc^l{=crnl7 zwf}8adFa5FtRIDIFr@4Q3@7eMy#P#&I#?}|mKP|^-}%BrL&NtJ@xICP8tpusu`|I+ zNs3IDZYT*GpzOQ*T$WY4sLemv%3IF4o(08GK=68BFmnYNBZqV-eO6h3tXZT~rVc2W zvB0uC7HJnubG<~{{BJ+}m=wN{F`Km-wUP#vIQ%981U|)1qI;ps8JEVl0)z69=a*5- z6a;M{Y`>i zBrYh)mB5@No<7Z;+}%&rJ>c6;_4O4%Me=s4npih-!9?3O=L5bG^!-CR8zsyWF*5p{ zxfK05*TS5-l3LLPJJxpvZ_S#T>E69ZmGdw(S|qMbEX_QtO*e}ke`u^0x<1)9`TDW! zt<)<}R4MB7CwzNHV=BUj5H{3%^ZyIw(HMAcHv-w}U0n0G61V-ASNI(j$n7}EF z#3Z}@*c-VQFu!lEuR}G0uTbHOX{=}WRJa1GNIg$g>X?v=Xxd_%|5cT>l|FwVFB$zR z&Q*V|psS*nf87n|HUC%LdKR}`ix#d=j?obj1*s9@=^W-62mqFz#EJHx8DbxZYyTI`MKv42ZL#kW@JHVP6i(ZdL*3T1n@VL0s`Q0H?~Yt zVN^F_<%iC4C=TQzc`M9bs5_YWi3;yt^o|KtQ2YIkiR^X+{!}~pDnK~(E=nArwGseY z(5pcc$Xmm8@S)~?cgEjEZx2l{h?EY$c(Hf)WB!!U+#srQ3W{v~VFmOD>{5TC@R>VN zR0_uPqnUrFAQ(?oL(egC>?8*rOj6ZWQ*S{Q6 zDOEc%>Zhn=%+NYrbx6Mbe)7i;^&?R)ZFjz@gI*(Bm_0UyyJdSjlj3_`|ABoF7dN*? zKGFzpZ1N5cR|WH0vgbDsLz&ZpGVkiRCs zi!{)k1=y+f`Iy+h9f1(_2%KbZPSG%{XZ;E>`=t>!cCI(|^<`e8fyablhB^m+P4<7D#}=8cFJjLP>faEp7>Z? zKatSc2$72kJHM?-FOfY6>sl>(;Ysu&yhQzkE=FKWFO)i&UL$68aytyA44$4h7JW^) zHhI!bG!3*N^vwnLx0YX=dW>=IO(Za*no})_Ya7jr#3NBFbt=gkrJ-F?-8JXeQl^CF zP35;Med>gg(OEB6JL0$#Wf`5Y>&`Bz(-`TuoqQ__tb$k|&Co{hN*C9?P&rh~I+uV; zQJU%I*lKy=higs8e{y}DTArBtwCWt%-Un!g+1IrWNWKG+tgUjX_6fx_er8AUCh@T_a#@fUfYjL`Wzi9Bn)yPPJs?GfG_M;x2&{9(4 zq^GY8>bw~zNnBC-yuwf_<>J{kTikQo5sYYSX`ZIsm9Jt3qEQ1Omv$!8IXJnv+Nb(o z3Jb$q2;R$9%_%9_%cTwe{a?SH+qYHcL7L%XS<^53kcyQBQdU(?lHZ>sW8a`z9 zz8s31?(nx9))@3rU_N2~z(Yt9w_H+6%UQg-)+sVxLt8Jpx7R1C7Zf0}5Es|> zm5zH;e3zZbmw453E!OY!Up29wh!RAeC@PSX?Dc9!K`0b1(Xb$_G!K>ZbGvi`ti3VS3~2S6Cr|nAw5{W`j@x znJC=AxW5Gy>P~Q#uSYf}N7xThGoauGH>5It^jK|}_vxKC>f^E%WtVB>x`I_ko}bO2 zgv+r;1&NriHJx`6vQ~hyyp$qdB^d`r!X>tFb`{8{^+c6P_KU1k@v<8N=`~Cdc=_CJ z_3)=3{O$3v^WZKWJ_{_vMHPYq)rlSj!=ZyuF{Ie5nrzT>2o(h=C5`)^5TOHBteu^mUz};14fxe;m)iKINz+%-@4o>K@DIK_x(?3ydK;Y1vnJxJUWkhB ze*2ODH~hfhB^5%WcnCtV>*B5i(j#TFW56plXum1`FY4;~GvI(aTprs`L)7{v{}l1| z^Hxsuys_GSIf<(C8#!&B_oB!M{lsc{C&8hY?cbD(D-b92ky=h)8}>aI4Qcq85cCVw+$Urn7n2esD@}}^y zUNI;)M3WIGr)OLeK*4dkLJ74*6v>MPkdMUT$0ISRsS3F5MRW%ei9iQAOli?)I~EK| zx3=6t4(9yA0=6)Euhc=5EUN~j_1Y!Aa&TQ~4U`^q%r^kQ$^gmkmPBV2M zi(}FFkh4dty88qB*5^Kj%Li=h>tp+Ey%&^kYr{YE?|`22uIG+0l-#@GDigZ(&Y%E= zFV=Yd72|35hbi%$a8Bm-9I8OoP}nJldxvpD3FG6|eULT=-%z@B%@BeH$bp>Y$0Q z>KB+h7xcY6wAN0VHPGxEI5X|w76V?)IAHK8JQ&_h-kQsjPxljG)F_xqkuDm|+)LT) zO$K@@oBV#?uM{9C!2O*9{LfkHQk??Z!BhMHCgC?W2G>yYHbn^u6QW0htDhnePIJo% zy-PEs!aOUKL9~Ol_1l5`N}%-GZZN+Uzt}A#k~bB-H7l3y}$A*sxyeP;_-cbPTC}>Vf{OzHDln?33py0y1-1;LXrgyL~GV<^j z!w~IkBLATWR!WU&qA&XV9}Fw5Xw0~$bOjB?tKxNeOYwqqomz20eFlTGuN7r4S=h#> zze8R?u00BX;IM{d2l3)!Ctd%RF4hTqk-B=}doXSrCUXm;jyCBd9Y8nw|t*C^HyZuFO&a>cM;99cNa{610*)$}I?M4ysp) zVhJCHy0(jK#W+sg58GS0xo#z9Vs%%j+Mm4I2*n*ddXn=K6qjYFVgbr>?3Op_!Ouk! zzsa(JeTcwt-(8c+(ayMbIzAH>2j`HZffiU@e0?o~uV7XVd0CAPmR{zkTG#H9t`!H7qdnE9O;@~~H zR7D(Qk-gg_IA~F8)N;USZfR)KL2~d))0=h_k_AUlYP<9%<`K+sr&BG`U`TSbbc_|`OZ8m1Fx^K=wjd}sq*FX<)g7MJpq zxHPp@HXwKgH*U@BTu!-mz4cnFLKhZ0_@%}LvOrWp$>YURIpIhI@f^qj`lNfB5C&eq z>w}xBU)wSh@5aVC!?ZWCHz)HOXRJqt2G^Qa($bQ1C&Ge?igQ>on|oKMCUSSUDgOP_*BG{!;|`S{`rPp;i4xxR z#1tcxK$l$y=K~x7VXap>788oRMQk(gCsyXUua%Z3hy-AK=Yuf&cS`4MuML(fE&%kC zf{fM2{X4LG1OqV68EGFd-}-p}c|Y)@&;rcD`$L-CaxkOUK;Y+W1LloZ>oQh0E`k~N zMT*6qq`C|)av5X$Y+@Vy4_C+sAz0AVgcOjGu9{5Dv)aJxmR8bSHnI7raIdq|gYuC7KF6bNL%XWmGXE^sZ&LrG|X#o>_uJnksk8Nf{*=*{0m2kc|thhC%UoZ2xDZsKWB zm|ZsiXf6%9p4Se7QTN66q@fR(G$3vVGT|2N+tO>n^WX18QH;+kWx~3E63n-8D^l6?8c@`%PW)H@i~qdi9x606M{qRPt@BKNyy+PX1Of{$z>?-dbQ| zBMWpC(G?WmnG9y*0KUZK4;%+j984x)Lj40xCP3;_6deq&f%a!Gs%7uyiw`(uOmfF z?lf$FYyr4{83g(V4g&mP@tqTE6zf!PhdG0R_NGvPXpwjM!Z}~;o9S=-@7>ox++9+9U{6B(S(|xr=&kNBA?c^@n5C_ zWpK2t#N&;6(jV{MSy{i&JZF2nk%jt)@H}r=^0%?q;FpbjbE|#;d18AM>jQ@3zfw&( z3OLB(t^zjDaA2{+5NSY#lq_?wVa*Z7ERbXPb+{`<`YB?v{NR^zAW@bf2*iVSRN{Wh z)To3Jp(W^v-kD|u@Y-rUZq5&FxA@QA)*fqkA5!W>BrAB@LUhvVeT0hN6DPiXD`|N} z$M${UHT_yq`-Gm(8Hua(0RDCI$)DU~fC$-lg*FM=zmLq`^H?ocTn>h7t9E<~z+eTF zKIUF&?M>Ixs8Av}AaSu|mC)WKVLfRM&_S|t=-2KF39HExFCyz)PWk1`<3{h+{Jc>n zwBn5JAKqSS=Xx?#P>4Ei><;x__|{?IMrg~}wx~<(%wJcEit4pe6~w)*d}q}3EXL?q zchhABlvO?eNmb6#uNS`*s5<*?^UJf-r@3rfrS?@@&Tqx)`G&{F1+1c}k<8)|3u~c}i#? z#;+r3O=KhL=bR;4bXfnm`j{p6*onZ(I(SRk*JA0x!C{G@figWk#nW2~oKw!+F-8i3 zAmMN_UZyNF9DYi{W*8OiGcY4h{-{n?Pb|*lkU=v?`_-mfNLkqWMl)jc!?cW9Qe7U9 zpPYqlP?R*y#bIwwmM7dC1F9fR@Bbz_92Tln85%5~vmGBbW`f~BP{F%AIM?{K!hgr6 zZ4)*BVIMLt4fU@{y5I0zbq>2L?y#(-UrJo44lYy-K`IOn0{p_4f8` z6Ywr-jf^T*FSmUC6r8tz!3T3`E<_*~Lj9-1p)t#d zCLXRL@Q+cax~xmjLxDW|RG0mYbph&&MO|&x^G1?bqibVQphaCaPQrq8LQfRmd6#4w zOR0DeKuU6JoG*$XkUQW%msg^e9!r3VmYu2i_2nQ&|o9?!5qv(TQ&7*EMO?1L*;n$K9z2307_4E*n=-SHkr6=&Vh_ zs@oB7k5DS^20M`JC8LN&Fr(fVSYbVS=0JA%z%cR-brUJyA4{=}uzO?Y5egsAFZ-_3 zBQq#oa{xP2SF|9Tfco4eMepPcc7hO1s>{J@S?Z{{y6aU)rFSWA)M6m0wdZzXysTJT z3Iya5yyU645OwHXtG=l(Ait6nL~mA|6I}pkSewY|U=?KRtg`ZkULuA3cM`!tvC!nF z<pFJjS0NHW_mXhPI*u}GIAK(FJn7HGFAII(w`Kqwk*>`8VUfZtN7U%1Wo1V zoIR+3PPad@1$N;eg{%|HtJ#zM1sd>1ztkDvZ2~+*)a9~zbD?)P8pMG8Hg#3Uqm_k4V{oKoyzGTd3Y1%6|!&zNg5vpt$yW=Q^TbH zCH~@h@S354zoJh4D5zE);JI^Cl>kCN%JyPxt^d}r!?>Bd@7!Tr;5eh{LwJrZ4ECwND@E_L-7 zKK{t$lWwnO1_&$faeRClBjavzzEabxm6hh#|B*ZXBLfhe4+2aRmJUst;DH0QEcp3( zQah8jMQaSvZ6aHJKej$i)b~g0VWc}mB`JyBI!fsRb9V3a3!jBqxAazWSCK$rQJ%?hvO`Hn` zrQ!mW>R?+cVXqW;s`msxr`D|)&bj`B6zZcgkB$8&g8e;rvw8!>vs>^BY-XA?SDzxp z%pD!Kl7vFa@@>et_@Y>eYA0)qpw-u_7>Dvru^GYRNr%m z5;8ywL{)*Avc4Z4?4@C$a(b`iv)`Ws&Q%!X6`CHiy#JS+%zvf7jc6u8i^(*z??#|` zJ#0lqTDq$2nuHRBkI-6Ry~LP4^16O_UIGz;zi4b?WHJ)#cDOiCMuO|mz5sH#5LXbmFn%@4HGR?)D zpr*-3AXursJ#9|&o-Si@1Il|ZEzxY{;VBNbSTU}__@2?dQISBF9)TJtyz4pFZkFHS zq>--7wmm*c`?Kka>g@H|L=C+)a`1M3CqZQs(KEIs1K8L9F#`9MBUqb=j!fVUPt12i3 zA`)Lsa-W)7FM4k}I5_ClZCbfq6yzqSm}jH3axN&;`%CsoCtFiUQ!rW z>a}tw=`+-bF1%oI#S6d`3pCOAhhh3z68mbf(x2g1x>`7f(V|SgWU$^ZLtnRfy7QV zTk_h1on_-PN3xu_Liu^SH!ofuYH7KjP7wLzHEpP<39zM>xtV7BJ5^`7uVfrOG6*mb zv&O%JE+(P{a!Om)UhHU6VKk(lyoLUBBK;-gHr|N9bI9u$$%9c>vEcWrnsMt7sE8Pg zzYsB13SEPyRNQQGGT}&4LI23AMJHkxSN-O|J?V?d0J*3Cc~NSK4dcjs|N60S+^(Db zf{$)9BWBCf#Lun)fA(#2@x;W+IhkA}(#X{ubvAtj%?F<O1=mfZ5xX4gMpInJWwa-`Ta5;S`PPfoh;{O1)+}VU+nEC=NG-i7bsXP^uBBC!wu7Uo2{_g^=k;RpO(&Yxr27J4} z8wD7gPeqOB4QkT;OBNN+LoL$whn+u@aqK||Lcf{}KlZpwL^z!d@77Rh;qRxTn07kh z8Qs$i`){-kDQRhK)XO9=BL6zFlQgK_{?OmWu-@l^$ul}XC{`B0bZ!AlZIX2OA5flL zQK0DiCOcjJjWGwPjIl~&I8GxNtddFk{s7$}R%G)OK_425EX~usH9wRTi&3gOBO;Oq z?t>ujeWCq9J3hDSgO=JZw-{7H+??Z3RmH9Ey%nYPARI!_uJa70JYY?+ZmSr<--QaG zSwT1AkNs!m|27wQxb|*@$_XBcYYsR6FA68AfKZSmm7TrH&7gZLCW)F+5$Ss>R>*yfUP5dCZKGr2WsqIZ?4Z>}HogJ$rPG zN2mfK73YMNK}>Y66aojzw0OSg2xYD}*@M`m$6Kaqo4k*CX<}tX*Ss$EwbJ@}>0Hvm zD%{(;x=vlDdj2&4&C21=$J-%)Fw-@{22>{Y7tO{ zK+dLIzjogmdZRvIMI}vJi+EaETC#28#yEhbLZ;^&FlIzrP>cfCcGmV2%isL?Qzu@g z-g8W-T>0+u#h=2)(*u+Nzn?F|5gJ?O7BK%wiV)IhD|_WiS0o994VZu8``hn}6I=I2%R@wRanb-}Gr-08IK(Uv>RjvhV`6WKszZ)db1>oj{<nU^9ghTkSZaFS2F2Zx7a z76N@PM5Ut@C4SB{yxE+HKv}6)f%kzcyMw((Ku337UI2xl`ZO~V_G-Ji^QX!=M=jMf zh#lLjk|9j9404%27B!3{m7;pV^FeKRsc|b=S5G9uYBKfq?b|jporRmNGTJsk?Gkg} zqcphQcv9^>!$6u-@Vxf^?*HTVnKGG0=8QVQu(2L7T5r-iL#^M z?K{jqN>%4Zt@_ibR zmU_{$oaf@UFwrC}BLl)E?$!h*SB- z_l3~Qg8lk4L|Kcf-Fn+^{Mf~fnQ&#$YC*atfG*bhGI!HhjOrMiBj!)WPYetVRG3Pl zW*6iMAb{VJxArDdk+xKPt#fIOS5-h-DGETXkPtZ9x!4Z8UjhHqY3jI_C^f?L+CJax z45Ih*)(2+W0i+DIErlW|bs+$77M4;VHASBhyL;3tvUbJ1wXa0nrH>wmg! z@;ed$5f-q0EdHf(gj8YON=IMSD~;8}1PSYI&z|)J347B3s@Es?-{@#^E@(F@T20Xq znLH`252@W|&;5VE!oE9j`gGE*eC?cxjb@#kn5`#|pTq4oT1n11NhA@d>wf3ceLN-T zp!@mw`uI>K&714zQWMKEGw-^ZCcjGecQ-ILzSqa_M3(1{4z=4RIRI+-3o(nk0y4BY z;m3BXrF?ZDs4SKeEdNs+_s}|p068%>x-j-s+3}b2-3eU6>e{5)uY_Jci$OG>j8a;Q z+4#9Yn&}wkL_dX?JSX5Qr6)gdvAIJv@oJ&;;Ix5WR0MHnd+I;D)SIBoL;8ZyRiL{5 zr$$ge3gqyB@gbF9<^8l@K+LHqB{Jf_qj^NjmH-l>2e%67y#X{SbB-@iKll+v%`Y)f zNi1lolNl85+d2n+xjo=o6h%0WWiZ{_(=mYan9*Q3+?D6^8`0LgpJ!mwaxRK z68J;!%9bF1xc2r^pCa4xu|ZeP)Rwn>W|X=_EnkNQl$_iRzAXeox^<{jlp=&(pWIds zt&mbRkd=Wfm7gUjZBwje6}Ilmx|~g{y&{VKIa${bk*=Zgc~9`)T^PULCuN?C;6eqz zzVy3g`OiIHr5eet;!A8z*X{>EP3(yAwmU!6>DFs(U2K#ADsU{Zqj`4lQ-SJiPFSY7X3}khBOVn% zO52Ok>cgXV9^MS}K_?c3&rVO6mYf|XlkF%PGW3&fNjph%AzN)iM{LQZ>7@o)7@u+|7AzCE^Kvo0q-qU4zDQOYD^>tv2%gT}5FjgVbEMMCBN!SE=n6tU1Zd#J-Q~oQ!}M=1ybLWEPIMvyr(Ln)&~d zS|@kUX8mM}jp#Q@)M#(CHrQ}~DCNrT-C0EO#yxdvPAL#z zh1B0^J^v&QIppb1;93Y*(%v~Qb{Punr5EN3vh>O_a!MHj@Z;3vx>Heb^xZ24a;&zB ze8xfLV*Z5-e@o&riR8o1Ay-;rvvsdA+1nK5jVv zb>{Y9<+&712$xMm3DXE9R^*w;3)IIG#5%|P?(J0V8h@$v$(wo$igONV>4t$2t%`dE56a`I;z*~rj1rWg$qlz?jBG;+k<-VdU^&0NjU z>!ZdWuS{J@mAyOvL?Ym`bSx48*VQVQM3+t5xTQ_dX@5)6yNGeAME$&Wj|bTflN7 zhiED^FsmQKtbXx#PvUp8Klz)ExiVAgq!5dw8u3~4as#P^N61uXz*lyeNR%CR6Xl{( zY2DQq6CrJpYZLpiZE(J(8WQCV=FSJjvZjFSkQB;3bi}M>EI=WRc<|>`U~lO z9F8{nGes|f{J*5=L(N$mgECAjy4p;QMY&L8V*Rjti3Fp{1qX5W`UN3D1MAy&9cmVt@^+iD>AV7{52 z4RxI#s^<@yDbUW&Ydx>S>`{37bi139$?K7zQq$Kh(#dL2=#$MGGIWy*Y^Ct6-gdMv z`V4w&>+vymZd;V@O0Pa*Ym#tniRyEmKVs5KMsb_BjoTMP=jZC&iT&9isDL4zQ-I#q zt(fHckJ|dfQU^}}gPxpH$#Z;{X8+5OpQD2K8ie-;e?1j^Ple#ZE|O?&m0~;s|;rtjNT4n-uk&&$F4qR za9|e8|AJv%=Vs!@6W}oXRL*cvHJOwuL)6;};=9&$D@3%`uBj3@b$YxmWrZW&5kLLI zzEx6N?I3X0o_~os|8Dg8dSuEsGSSU$l^S{7|AhYY{BCA%!IdS5kE`|Heen#%ACv0#~7^TTK#YafQ8m`&N&= zV<$ublpX+jBu{1mS_BN{WVyC$%Mr-m$z5WgxIM|^Ff{v9vupzK0kbvuL}7YTTnMq{DRtL@RO$ zrBkqk2{eoye;XqqnxqrC#BDm8u(Lg1vVxFIEp?1!(}^Tky|_b;vVf;fJ4sb0(8*1p zrGT#l$)AY7@={xSGCipjz42i9`F+fkw0t*z(Cqy4P0Hf@z0d76fe#-FYg^oI$8amg zT;r|j27cKdZ0c#tg`?O(ajv6>M%K3+jZzbb9a=bb)%dg_@4JEyb? zK`zk~V>Urc!@IO7N^N}pZezg#8m#pA2 zGU8u$9%J7{?!>oKWTgj0(c7)hHxqll^tqG=4!d%Cm*DdV^3zP3hNDXIOf^|ZZKG>GxI+wL!}~g|$cv4uf(ai^jGr}J%9c#%cy$yxpp8VQ8nt!~;*+Ao z?k-2cMx5ww$;-Mm-i|H3C0d-5(4hFLB=qp&xX{$cT#LeRrDJ?)Ru?9UC{d}2GI6X& zmMnTaZT*$!uFXY-MFYc;AeQ1V+fi+#5Al2p$kj*h!5SS3;v{q1Kc$ znO}_Qnf2Som}K}s*iKDdvRT}3-NAo9&hUo!h)o?hLl)A|+BO2+S z%N`Rsv@G!pFKXH^<85mzveW!7xc>HXMs+W<)%N3^D|x1sh5>W1jZksatDVof1~&>Q z*I-cxL~^hR+QMvHie%>H&?4-@Qe5D@PA!kV&D%e=wkFGO`)TBPZw&{#G1y7yVLHmqh&$go0O5nqZU&k*) zJY-AJQA(#f`2`}cBHSv2j2DM*encOe^OKU6)|Y!xHdVeBI>c+o#PL2-Cb2p1H0Pvs z<*eJnKJ@4MBQAjgWQFq+mLsD{9sU71pGYlt(jQhN3KlEwklPg#%#6%pWZXuQgCZu= z`HmzVL|P1^`C<&jLSD25{gl(uBQs4QCRV3{-;W!7PF+eUT4~#nL-V0m9qz_smoQc? zL`7b^Ef(Igtx4{JCj3Ffj)Rlxwsx-!T(^8xQ~$wejF7?-+FzQVmz4Lopi$f6O*On^ zt!HH_@yK00Fp;XUKt^IoKq<(oA&9a%EzS}u#&OKjJ`^*e({)|9*3!a)yu|~POxobf z0|Td!JMJGh^vkSSn4Leug7=!vd7H*>`0i9-Ufh;|tueipv>&z(AZrp&l>}gf{n0Ms zXyzrfbLW}4#gTUEs8SZRNeWqgrgLK?P7Zsf>lt2|!%>flVJ$4X) z!e*gNln0%I=89e@J1}<8vS3SYkhn_4P!=h!WmBiD{XkAvZ0L=q4YlLh=1ip6pQ!Y2 zW5O6=HADaz^A%IJ2JiaHn-1ze^|abPU^o=l{_NY#@iXmYv=WUpTXy;a$@pf`)pS6W@lcYXH&Gp!ioxZflzgQCV$cKsuH%>l=H|LZY zt9i;LHY{wjoniI4oJrjE_Dg=rd#}BrLOCAF<_<83)%oRBmz#%t+--H{#L#o@j@jBZ zTTc~nq58Tq4sl&pa_M@|6{0B8x^QW1p+$NQIU6lLhx8*FUv>cD7MR2(VOUn@ytko zxl!i5zf*@D!nrEeUU_xFZE>y7O<)?P!$kNV94(Ygi=*_u!)4J0O<@j{5 zg*LQ5N|b}1!el|%Ow!bARSL*6+1AiGMqZ0Nx>m&{@&?T}FPK!T#v;*C7irOp&Ez2LJ%?5UQ-*HkRxlh{KUD!F@e_Lh%%a3-l z+F(rhymNT8k6=U@FXm2W3Lp}{JGdnrE3Y>*8-0q{+tbZS!}|CUi#yZG8a3fJ;;#gT z{uoqDA`8Xp!z1Mr;HOfrydstfW`$qLxRlFaV)Ud8W<+3%ylT|aHuJP8Ls&CdF7pz@ zi^93R4u{&*SaNw`IOXcL`3`f0i*B$Szq?pOHyAMYjRTpo*X410=80OSC*$cj$P@wAtG+g2!9chru!aCc2m?i$wEv zt`5b7N)`yb+bc+ECv)s$up(tCIM1Pgp_8WB@Z%#8HKxs`box048HjW8edN8cZhtM-vYL0t-gd&&zvW@s; z^l1q>t?eL$Q3&tlRgvt5V?QENQMui@Lp-vPn-P0a4m+K4+a*PM_!Dp5LaDUc1`7To zH_uQ)M#XZaRn{Ac-{=cyuq7aByrFNmQJ?DR3Hh7k)GzuUAQB6iBoaj2Cg0CFgk^54 zx-_gCf%m4z*pBmd0jTQ0*@|Bi*MRDQf*DdOk^r;qaJk03`&9MyEa$hEp1-us6p*9~ zk<5~_7vtd6!0G^1!vN6KHEWLNAkrUS-(R_G$vk)UcpdpOi>7huItNJvhMVKb#})F}%}L!E)XT_={xe zgPCx(-0A>`wZ_y*{SIs&cgs`C!Ije2d$n(@5!ilqzoEaY$~w@l|5S@px7FNh$e;9c zZm?`_J{{hle_Ox%<3Yy4%PtwkCZMAXA~I!i)pXM6>du@a899evf2N5}zC_dK-}rTV zn2R#@QERzxI-z_BLn3l_xwX5o?p1%~q(h~l9D z=)ctA7vU#{Le%r=p&ar%l3R9>+t^ z2UH?Yptf!l581@Y$1Wnon{lRtUYYhv${CHgMddB)ds&j^E$^c_;TZ)huAGRCmvnjObGbUD>0s5fz zF82>x?Oi(@uC%i@R}O`ljC#0RFa<-Q`wqrAe=w~;jv;PP)(^5dfA?IT7^^xNC=I=) zE5`~^)CN7yv)CgE1t@BU7aHwx*XlrO#MsDAK#vhCbqvRd=^*MuYp1oe7rBg0FwIk^ z-zdOsDWLdHf1`Kd0c=<&GwkbZVdHq0cMfS{rXet=0CJw(jihU93>)GoMBbx7(*dc5 zj*EWB&sYB<_2SnQI=~m=PFjGMt6RZCQ84$Q_86W$*z!Uq9L7Y~)p_{5ZqYkvtLFH+ z7vZY)0XfAstU-&RN^vr1e?O zN6*x~xq{i`9H$ji$4ofJr`_?hzoC_%-G$|TIVZ)7l2(G@35qEL3Y;t`ZQ*{smD!wz z@i6p{$Kuj6rYC}CoHH&y#Q0X54q^jWW+&+8KwEj|Pj}fG2u8QbA_XHxQ)fWiA#z_d z6WbXBTA%|FXJ=1%i{b;mwRRqEDdrS4@HQJn*iW6C%xXA(g|!jAvyoLU3LyD`^~h@P z;F#oQmpS+PVq_s0(iF8YEA&@i_~(f+xqfBn6uDvE!*d}<7logO`LuOM25xX|FHJfQB`eS+^`@hiXcb{ zNU9)>AT1%S2#9n`cXx|`G>Ax-fYNn{Lw9#c9=Zh%-TAF^?|ppkgTwb5-}v4!_+xX{ zK4-5z*IF}wbI#l{X#R*?ffc|N zXh&&Hd9hd_b9hDcK7^5mo& zS0KfEcomrQbr^spa`*8bx&O(3;0+uP-t;J1@pK4Wv}zGggmGk;mMR;BL)PMNB z`$DA{lkUm6Ymd6BYBoS(V3d1oIwQ`@1LBBvezt~Tj~&B)Kgq$zjfPJfhNpVuMCB?= zTpr!L*?h`QbiTH%=)9;H?02A93;T50>gPC_RqPXPOPGWsYFg>$NEt|cYOU0ePr_>4 zR9SlfJP5v`--w&FnoB}8t0FAO_@Ywh=i@v5w`CBKSfXURXS)jzY>++CK~^vvRn>C9 z=YO5=Zyp0jQ8r4f(UnN>FYA931R;k{Z-;Agp>*JlLy2eC-g!tr!ZV#LTUSi-0Lfua z`}$M{ufD(CiNPLs*UB2Fnk|qwyQ~LJYKJsIGj8~obPTMocwNs``sC6O8-;>&+<7jtpDXe4cJOCsDsgVWVc`?dQ{ zv-;1C)jRyRNXab`)mEzO0;N~4_$stPoiOXRoSSG2I|?7;R}0*T|6DHBlgZm)sqZ_VQ?l* zc(|wwMT(Bar2r|f)8o4y(VxRV6jp{Swk}51R8a#B3cK5z7)|XpSP!P9ig30oj;%8A z&cSia7gu-eKT$~lB?B}eN0*GPL3wq{j1|u`7@X5m2^H1Y@AYSzYOVd-kmv5k*=aS* z$iv}e=|-QVH(lv#_l9_lf-<;GMvu%WV6AH|J22^}g_um?IP{V`t(lRc$F3=27fam~ z<-?P-J}RT|RGeeQP4SVl zVoitSxFK#MN4{oQ(*0yJ8`iucMPTLyJ!;9Q;tDpx-L&ock2 zrYL(0KpoBUKICGLV#Zv)O^Y>S3$Z;B)~Iog!XDp%Z!V|BS6S1@_5;5ij|0Ok>P>sh zMF-8iHnNyk#lF5qn)SJO4F~oh7S1w8?O|7_>8$b!UDg9y^{`e)xN1ggN1YlwJ6%;55tZ< zYjAS#5NM~T+&8WUKHlF2(QrP?->O0UI+BZsFY?hj4>KWw2IDcRJ&z2VOWb(X2ej!% z@gvoOx!l0V?1DW2`9`rutXe*Ha_YR$37GDDduO@HOD-CcxI`Vx^N zhmXx9reYfd-nj&o9mvWW9T13BE(~7S6B-YSblUHI#NOc3fQ5V17BJjhF4dcqE8{)x z&sYDP*Ym}d<)nV|+!K@VsXMWbTK3OF^qp3Ik9FlJL{6d@cw4_d_M)Y;yC}4X3PNwK zgRYiwK;lOfBsZ$<_hzEeysl+`rZ&`O zhd!l}3wd?wD6jBr1hhXkn>a}mQ9n!m|FwRWJsZJeQjRlLGlv`)-=K2WA>+r>^KZe5 zHggFWj}w{84JV%cm8+(W9v;{lWAkDg4hoZzSgi79Lu}4bjd{uu$>wB6K$0d_ z;Z*`9A?d;l+PuNswhM>v}U-eob@8&N|$|dI;3E0*{#AHQ|A{RL~xP@>u_y ziS`$){U`6TJ}6Ius0amp5wdWZvI8sccfH1O%o*OnKQ&I)>?GIZ6+M+*Z#!pKt_jzbbQ+A<=G! zlbPV`0)P2{$+WV(4Bk+)q}C2z&37zv=+iCCRTu<6QV5`vLqkqa<^yPSP z;co<60ts0L9wPyR;?RaN$79mziDF2=q_2y<3L@tZLi2ad-w`6eV?!=>vPde=i`k5t z08y<`+{Q}#@ZFnr2q+)7=|8gh;Xj4X+>^7|n@g$jTa!Ujos`3_M7`Sf>3QlHFXnYM zOIMS>%H!QYQ{P`)SgMecV>GukuS9?}%4boH>1w?4K&88CX=Kz*Tg<=8XO+Sa zvu&+_7gZ0P$NiNx`TunvYKk&~v*THq!ur2r;NKV`8VN&mYP26*NT(B17yY%dc&6&# z6zHK9P@21BwO>j%m#mj=JQOZ-+s#5?V+V%EKUem=v_o5mlSQ+|eD>w9>XJ0v41X!x zet^)dS1aJl&eIDY=1`E?UV~mqY*milS8A@3*CPN)j#g-(>h;xF_+Jw%LDUUn$i;^Y z^B}24Z1;!L065%3>U3)UG#ELV2SDJ=?p6X!sPZP-y{IHS{>!sj8z)}gxWL>oIl>w~ zCuP3Vg*02+;>EvktA8wHasj4svRi-q-^BR0#Q1OZWm>FJ7|*BHUX9NA<^0D9Qp@@e z$Vfit^VKrwJoEyAeL3H{${3O3p8&?IXZDaoOUxy1qQYH%V=DHGLe`z-GE3w?)}pBk z1!)!h+@pWco342l0wKphj7LI&#p9Veuj9nS%QPLA1=3ek%a0Lk8-&_e<>hP$xcn39 z+S~nKSI2atfx700*1H&chaKq-`JF?Z54E#l2!S#SggZuSX#Z8Rzd?k-=G4mmND35$ zMnukBAw({U3=M!U4VweFc%b57d5p?in&b6w;+=AAn6+GJ9Vqql-04CAp)ZF7qj9^a zl|QEf$n%GjlOzK_eneMyNrPlDL7AV!c_}=RRdq_d@RC` z)+Al0@P?O@^YgOoAizA(a7isUCxD_ror+15Vg0igN7uDJ-tqML&IWP;(m|>FFAoQR zd%|HY+sAj<2#eq-w; zfQJSu9(T;vCj;6?kR{f9o~*8($N_OuSLc}MbT{$Uf zY4`Yy7YK7ywg^+m%WYsh7C`)`@68+|BT^MS@#EyKXlQa_2#B*Z24=0am2Zh+81xAw z_GZ%3%UEdvP^uQr`pi0 zQaSyEea-T55~6S-N5lWm^1=~H$eUrf9$JF(t;RN$_N8zs;OM`QfliiBLRl4O?5tbF z#^tmzsuhRM#A1WyUI#ulue_)6ZRu;d;rT-h#;>f1EV~MH6NhsjBj4c1>qpFxn0;Dm2r+#b$-oNJ8lUCt>XMr4n>wxOb+X}Ww&@9sW7qYK ziHYg=Z)~~W)b%>mK)#bVHZyS}HgThWFDS1=IwmhKOWx!>+d$4-y+~y-aME7hgSsX* zH2Ae4-6_?G-f5P7xd;6kt!6y5b-OP z8z0|`{a`cto#*1!Zr734XlVFUYQB9A87qvvy<>BI*$Rsod6M_McsI(;Hlv1%`GtxK z(a$V5L;UO-qWba&l6jp9 z@zBnL_#X+!1A{Q>o2x2q%eyj0GDt&misC)dFoL8ww{s!6=^uIL<#{Pp(H+WYWR=<* zon7%#FrDS{{z6&J#ck_JPMx!!wwiXkF;@A?3I0gC2qrN6vr-)Yit*_!`Fot*6J!Yu(e0Q4kcMz^6f)E9TmM~?%S+p4{qN+R5OFFWoOl9_l!NG zLXgZx3Z~~GwJPOi#XaS}Y2V7dFV8lW$1in~?FxbAt!_3crt9cUFI1Rn4ly2v>ZvaV z4%(M&0(K^U)033^UtNi>TyIlj#q_aXxHnwKie^HgqN2`(lzZ93xr7rYt6z-C`3Kxa zUwP7FSm|oC=vt2*#VMjc+i2IlM`BP!a{s~YqfZG5B6Lv#(OQwCu$XDj^-+$jBy63UKOQu8XLPDzbh>ca{F`D*t zUe!*9_ic&48OyHfaZIC<6&CmV#{O*qQ>2-X%j#q|_ zv3hbHV=SyiENuqI#g%o;4?xG$C!hsf_BC()|MXt})s5XV1JP3ykNpnvuaADa_yiie z(c!!xL79^V-JtJs6z|OU-OMa1@=ZIFMN02@6|k}*nQdeR`rAkE30%iid)PNRA;sf9 z(M{-cip&n0OB)Uq5~-B9KGiE|Q~n_%a1CVwH2cowd7y=g0{;1*Kk_et49U;m{HvAm z)j9ip2Diw3Xk^CnqwtJ8VB}Vtew7-pEU#Na@_-1lD>5-s)I@P6T{fU6Ue7N2wb}o6 zko~)vohFs)s)W^4;eEJL%+VV3cew|>s2H!{BGhKnQ(B8>#1 zqjP4%X|vSd5_0-pcR+iPXOX;VzmZnsS^xe;SiSw&XIhnN?OS>VdWCgd2}QSd=e~lK zD?_vrRAg>I`>m7ndtoqg3oYwU69S+2Bib)=o8L!8hCJ#Ut`}78F{DFD%qjT(F->80 z1Ag~4jc}p_0n;}f_WXX9oEt=zGk))}PS20l__&ou9?+UHstBwpFnkXvyeFxfog0`M z!+am~q>KhHTK~-Q&Tpic!3W(8Cn<07{BcUmy(yU0IUZXF~6SA`PJlq}NO=rOqh!fF!e(#6K`4H?nR(Hlwe2$4Nzb8@2qFPcV zm{|u;(weZaqB&5uE?#zhZ>f0PQlXV_PbcB?n1q_wl#==ocgA=%Hfq&1B#V1>r>${o zDLc2<(kK_~U2FwabHZV3*IevxJvwB2;tj>aG*zuufo|y<)l7XanzLob!{}9fz=RU6jMA%^}vP)Zl$moi9tmI_1H?IepY-|)5q81sWTo1u@ewx1V{AxsHAR{)0442a>Oor>kxJ@Vj?6p z^k!uhW>?kxN^%qY?go}PBRJ!)-~E2Z>$t!+NnrIxy?V0$)g_baS~3IUb*wE?Bz42M z@Pu|j80wdVh!;ZfL-w0wcD7~7kDF#E;!VfP%(-$ktG{?};Wv{aQK(Io95SD8b!x=M z#@;517aWSvE4G4LceMAU?Ai9{$Hhp|&^R`zV?BEC;XNIq!87W^pkGw^bs-K$BHn+! z{oDTjb@H)Dz#F8_f0QA|l0dHLW9Og_?2te&d7ULI>uzkaIhT{|`^@uf{ftIVEm}Hm zB>$_P1RVu50X6mcz1M($4)i1)z6IVj@yode)Z)nIPCUJ4qQR~pTYOlW&)y3_u{uyD ze!QX)Tj770<6pc|5V5~IuCx7_c%DxXw>;*&bKUd)J+Qh?@wxUgBDeJP^!rASIQ`eN zJsuc;t3F*rtl+i)nqcTuRcsbPgipL!bG(3?4l(@5io@>kz}NPbgk30kActnc6$ zz9OVA=w4tGV25G7&UpXc1VKNH$9Fuhv>UyKhJxTaXg4rlT;c8i`Zop9wDm7hsVzdT zWT;wR;9Xe6YGi8q;mn;M0~2Gg<~oMl^k~+Q9hoZ)Use`K9JPy;AJ= zj8_Dog!=aO_t3Obj-;0G5X{TfWQ{L3h?Oo0(3^+Zj)WMi%fUCC=euIpv(+5*d7-KD zHQZ*QxrYZi)UxzhZSs(;7MD!*5Rp8WcEvG*i2N-3vBapgEG0R(Mu6mEcGjc>B*QgK zCu}Wid)xG{$E9!DFN@OK`*%xv3{_-|FSm5Ic|!~Ht=-IBgU#_H@}*#@yR_`7pK0*% zDCBdpwl$2SbYjw=AsWVp=IK@OrueRrZ(g`FN=hCZnYzYPQKuIteOzK6udGe{C?+cS z;ia_1pm&OxnOf#8VId+JEvp^0^NLe)_>@aDP&X)qtz!-Y#+!?a^|8OFojeIv*4Ixn zQ8s(o=^RJzarh~}9P5snOiAZ?wOSOIwEsfox(Q`71A@WpAyI8-ii!<^m{Z4V~XXZYikYuZip94 zI9fUw)eR777RAdpu8JC8R9dKra*c440m~2tcPh^d5E%qCJzgzVCqeYS8hY{d=5Lbz*9j9i zyCqCj99)~Ubq!?+2Z<{+7i&C#rJm5NwS}59J2xpbedUcCEBrJygmqHNd*OeFN`ld#5aLl|zOy%#V==&`29 z4cu2J(xr&dk47TICaxZ+Uz~A<1#m|78@Fx9XONLtlXIu}B?alT&`p}x$ZirN6k17F z;^%hU=%$MK8OaR93UBQdL@fuao|6)hCQmErRtB<;NlE$W7w#XwHEN&pDc0&{c_p2M zJ*>ZFqOX6$pslz=n}wj|{0~2#l1Aly&1KPh=%-?i(`~Jar>?>~lU0Rhlp9lunlW2iS zwl`>TYQ!J-d6Dw|tuXk>Q0J3}I#j3mZQ68&V*xqPCxAc@1dm%M)VXox=~&UBh(^_+ z*&)$?1~(1yLHrbofS!Qmb%;%5HdpKN<;xQ)%%`c~^NB^FI{ zhvfBC^kF*#DKlwKRulbW68skxp+vFcF^U;j%GWZU&?N_(M9I`+QxsxN=@-r@^qTT8 zkyD6c`LTl4nyKDX51Z|ms#_BfEv5Z>`!PNneuXBwNeA77HVD^Cr3 zFSxTz3?COAnMBDA?0lD3SyD-m;5I1i?h>a?VmdB5Uwt}{hXM*i3##Vlpq%|8&3`7b zK>3cc7;m~QWJ5;u-0R^Z_dOuNgq*mPo!PpwjTuFF_&WkNr+gsUNi1aiEZkD+)n3kG z9o;?OQc%l1D^71N)fn0+H&L3eme}syP`eizPs`N4Tp_>ix$%^yu9!<#bhHw^ zw7iqdk2T!u%R;ZA4*MpdqJz>3Ul_mc70Xo{yOt=W$Mg)F2HkkbKM3O&_G+XwX?RVu zw8rL}uezJE)oew-bl}TbDI`7prmo~{f?lOgnK6ZF$)}G8}{s_5qC;07jon>7*s?!)K zS<)Xh+RV~2X31S~6FCnUaBp5}X?)$dc(DiZTjvD;Z=|S!x3WfBh+GucDgLZOa|stF z$!)S1`)}oCz8!g`eF&Z_5=)|v9qCC#B3k4hUi}`=ufuv&G+fN-ewm@omY@u4)n+nj z5vw24o-BxB(^)-xeo&~8)E{6nJZEFkb6AMKNd~8d7`AE*AD^~$As-YNo|W`(x?mbBn+Jd6sx;HU%vG(H>oliBN%Pkbjj6xz3f_Zl zcs=8M=5m*cGf!=)+}H_YXjty!1h=@fPMBGmpsvYw3?Hl5N(D-9wsF#Kbxw1Q%I*-Q z!n$5C-P&->aa9!jZ}A-4S6!U(9`r$fl(V$SwCyy~>fxJdVLWmHm6y@z@(9E^oHhW} zZn^y}^Ow|0rtp(c!AtcB>yw}#6pnU+qN*FL#mD^p<%}UB(34#R&~>ipnu{_j58ZkIJCpI9*WS1^8 zp9{o~iS^E%kQ-{*OD1(HZKNyQ%Qpp^Na-~g7&_AD8fN%Ecb7|~;b4Xa$rf;`x$67( zGBV+Zl`n@@9K1In{Fzx?TtWZlaJ;_$#QvgjIj2wIEN|aR{JNe_BR=@w68z7d7lvjAD))xu8si=m(hByMP=m6( z13^&kK_k7O{;NO7rEnC z-;idqPSx=W!;zZCA3p|?^^P%?H8jjI0|TPo*x^mD-R@9{>(Cs>yPU$y-=+oA3js#~ zqP2FQ!5&FyW~Ir_K5}iNv*lxULBJ{a9CX<=ExVoFcfaW)!?PQ}82H!!;Cr(H)uxDX z4Nxv!!?3eK-awgNr<8n$stoA-i@*j$eh~Lgk(nsy(H>Q_$a}#%E6pDyE!P!L<7P$+ z*i1ig@nm2Xxj-I4IVpmDpx-r`vW_1G;wbntl_=>ShiX32m_Ui^XZFJZ2T@3G&6ULu z#}xIsZvsVeFovlYCz6Zuh=5T13{eM`ka-}EU{Ix6y~eQKSFtWai3Vh zJoI(F$=N5WFF#i2s3+&XW2R_=o-NvLAEyw6{e%=%h8}F>r-tN>QOEv-pO`4#z4V{4+rg%I)Z@5U z?>092ruDzOVi*p-T@?>OP(L~FAL{wpgJmnB5kmg#{<35f5$Y56iN4^( z1mj2MD_LkFBO$~U{Z_KU4N)y}-VLQf!1vRs7LVAaU&28-+~7WizWDgq6rh;|jLfjG zu(X8ATYPWCV0hLv_rtQe^}~;e2~!m{WziA|TCRE#?C;;3nL154$(qZzw_mQVtS1ZY zGpO8vA%z%#9B#GeJd8f9L;7zB4OST#Xy$^deZDkOYFGQ+fyNL5-wo47gZ8@KzP!~X zo{REf%m36m(7Ic0g3Gr$ zhv$JF9r%*osrhj7Q_JwB90tQX`pRW)3nIau{(bhbI@12M7c@0L*>~^H$7~yA(gd_V zqFI`=_^hgLAX^e%?q&rE?EX$_lEu_K+s(II{w$hSlVQA>W3^e5Kfy;_iJH_X_mp%< zTN(3hlXks)G|3`yK~c=@G#b`~+GdLwz1}g`$mAzP&GU6X1L0is5Y@Q1C}k$m0&_yUE4G`HBdr) zi9hl}>1$Y`EtIi-GapyO>rU%tzW6!jNG~`3b~zh~ZGvBK?pW_f=7R@nHd;Aj+>i4V zttQhR9Mg+S?1r@oYpWn^DX%i`q{jH%qX$??H!Jcpr94KmTxFWI`!^1yO_VKdHJg{$ zx=!g_fAsXm+6Rrj{0W$M(!pDxOiikisldhqJnu926M+UFOuuJWc0XNOfs^jI#6 z{X%6r3R#*-dgD?Qu& zz5Yc0)y&jX-_1<#0IPlXIksSt4B%N(iG+!uOK`23+&HH9xV#x^f2lNqPD(cz z;cHL)6%j^~xP3hpu<7@dU7lQuxkU+w1e(UHwVt#~=<`|&={aWL_xF|Gb@v!!SZWS` z$eugbDar3+yHN%nyDu`5W^!lG#Tu}pCKmQuhHpM%j=R9wB> z24S7@$5>{fs*@5FuM_SkeYLu<4#hG-iGo0^j17&`z3e1`-t%BWmlL1R41H%e!&!!q zA&+)MIGa*pT@81(WJ})9i^vlriDsD!^(m{gV;JVObex?~cv@ zr5~{p$}vCVDcIFJFio`U7K+=%`S|Kj4DbjFvkTnO4aN4z$AOIfSZd|0!i$b+4#=|c_uKz0ebjaqn%=Wp?=riyL zb*QP*i(i+XIBj=0t7`M+QI(k)o2REm+OLv5(8u2RVtAm7-7toFTrMZCEG3WL`3&1i zOfi4S#7YYZk1-m1JYaNSVDQ-s%dFnzcBL6yu*I>xp=Gy!C$l!#OE9H3K9YYlnWKFX z_O@?e$R}RuIBKE3bL+or3tQ*!mg`>_|i!;~JlyJb#h`p=w`yNjLaT+t* z3Fg~>bUg?NP=Zhn3W_||)-_KhG_(Bz;5H5pmhRJyUWcZHV&w&}bf>@&8)I!{7^M{W zYo4)i_bi{Yk}S%a~F>GU^QI6sDlAQ>>r%e@m!^qxExqSs@0Bqi>o8QPUzNs;CSGLl3U(Hi58&u zfpX8Zx4)FM;X#Tp-`R?sMF`joL#^8~(9W(MBz zFRUZ@Z&i%5s8WWg2T-BT)uBF61`ukJ*fr9j?Fe`|`T_|FOB~eA8>edFu9vtv74c`t zvp&$da_LBpkfz*paSM8yldPoxJD&E7_Wha1CC2mam~ME}tEE+1)Uc?v`aI*-+a4I_ zUeZrmXqVWVQdaVH4V2Q~Y09^<>&P4#`$;BhJWXW6CDq!$fEY)O%h@znsuP+pKc|7t zP+2`+hCDfg1W7&})}sGt(wEG;&ql)}YB{Nqb7R^|(qD(Ed9IJ36{4b{bHmb=a=aIh z&7l=?Ux_x4n5*hjg?5fs-lzJ5{HGDTs%wvqQ;4!-RgE1y64sAQY}6l3FUCCZz|UCE z9`)taWrco%sL3496;EOXM${^p^|+O|VPt7@G*LB{Wbp(JVFh+5%AcyW0G|O?T#(FD zjcSVmZKjgUr2vP@T)S}XqRydxCA4O>#K9n1S=9Q>rffN~6o|hjbnK< z3p*Z4)jZB&(_KhgN?ga7-r&H%5w+ccFKRLHoPBAuLNGFObN0o;Hg+N1RE*c$I2F<3 zN@?Xup(i(eGfPs%a25i33kpA@ie0GP(-m%Jn1Vy|>K~$Op|IHK_ki`*A&k?`X;f;c zuBE?>OpEPh!7oDX?}Y^p%~YC;ddLIkw*xEwkXpdO#*{mV8>i?cGcwSAja|LX+YzG} zxcxy^^OAgs!_H7bwLS@Hk^Tn_GVR5UmR>R3SN| zC2J{id{UEo%qiQh$as*Ea!SE*9-L3E;81HzRiuuPd z6OazKk=yg_Ofoj|Oy@1NTAc^($C6=kW`(V@M6uZTvTnyaXQ z?EY`%25~K5jR@40599P-9rWr}z(N`lgXvdoy-9O<^R+I=y+8xef6&YvQ$n4ORW*Gw9vTc7uBcmkr$kld2mviQ&ejm z<27+baArtlW^cq{aaqWQEL7q}=6YAKj+w~PJbb8*Gty!H52EE>An;-PmuPI^UzIiY zd=MjrZ?|x+j{Fj&&!vDa7RrP*5f_D0MOi#F8~D1EvJ(CX-NNT+c+()pw7^(lb7deK zYbKzpBvY(#BtVe@%0`DZ9vfEg^nd2ofEMEc^_qWv|0js|uVA(`(ZJb??PH(NK03d6 ze>B`nsTLN&uH?#-+Q_C~AAwpV$WPaE>#125lf29RvFmKwGv1rYxim!2-U|o<&5WHQ z@|M(9pnyOFVq45c-od7Pmio0>3LA%)^-o1u#kl7bhrtrW-OsvP` zmeH|CY(XUJa6n4JypFOf9ZX?}qF5eVkO$2%4iI)qgUs>f)idG$3g{!k>Rd+{S4V!S zP^1V5M=L(c#`|kH;=;*h&j~OEVU7c>6XY`ph*b|^1M+Vw{rj-@{(TCr9Ii{MGc6Qz zL0PZmd(PCVN`JlLWv(? zHpWrTD4lPt*i8*90^gMfB2Jw!a3NHWKC33cJ{^+LLZ?%5N6I*UO$m3GD?n09wOQUg zYV97EREb{oa)2Ivp&0^&w|K0J4_#%<4}V@tJ6s+l!WISOVP$>Ihup3X1$8ae#q0^j z5saEAORRgPHiBBJ2uPqTml;P+>T^$d^?>F~CaG3ffXL1yR$9trW`5T8M8b|_)&2L;)VCJ?8P8$;q7)b3Wy0rK*TTFHa`B4cf*4t(1409 zME8PHSVkaEmTYk28lVB$6FvKX3qM3;I7>}Q5U909&lfL>7{o%rvrcX%y$OyOm#^V8 z3$;|I#2J58bJLe0B;h2Bh)j#VP<3`KKuOLf6L=qp*R#)Vk%{OU;6deUI^fomGv3;K zLLNNSxKIQ>@Oi|beIs`Vj?xfWe$y5=)ku$;SeXHSpFTm_#FXXfuXmXoe`+<9^4}jSoX%vMrPnUC`Rs=Z*0} z34yAU4iC|e_}50uN&P>r8lc?Yq^ZtQXG=2eRZtI*M<^_M^n<#T#U*%n+btEXAmbOAK(Tfik}oa*buYhs31oH)O-EKRBYhMkUxlD*a+5|9jE& z3EcA38-0)*>oMSPa8IwkVN#~O8%X&GxP%EEvd1s(`_BbA7s8Hwu;%yV>d1fX$PI)Y zd3vu735yv^oa(QjbhvEznfM{@D`^SVrqz~Pz$N(=jhGyZA4s8=P+t8Tzs%{sFFbWY zP}z(npHcgdz(h~3M<9atprJ*M9E-wJ_ue?>9n5g7{>4RoSu2?r-YDyK|M%YoKN$`p zf4~6Cs802L6+rN2vEkm%vFk_2ghW6tnioMgJ&*1IW?pmll;nn zwK!c*!7a=8In%CtqMUpXI;peS(x(WHo=03K%E8wSgLJ73#=_7 z@P%q9<<`xsLh~~M-r5cc@k72k@@v`VfH;MfF(Ey;hIHLi7i(PV_#EKlB!HQN*Glt1 z&q@YKUNKU}StXW2pPCwAj|A`Pydb|oEbS#x9l+oI?~;j&B2x*%j6&omvSI^MVkP?d zy5TemHMA|gB7UA+xHY38B3ew$7WA07Hl2_*J1>dbE*~$<6F-3(Py=d-0V1<>G~*<# zDFsZ)HVX3Hcx(0sQ@$bgE7@9;5602$dKP0B;_4loxHD@faw^g=&J*G-5tc&2k-0+- z<**Y;;D=!KAJCI*pvaQshwJu6=G*hoExk%pl1owz(JASidg)OLx_b5cXLmqA{Z6~E zH6Tl_%)q2;nm_CKv3*EZR=M`%Mw^pSfsiJ~$X6kk&kh?3kEid{bQZllU(_FBGh5kQ z@D|d1(7M{>P^p6l=>dYlbUh`cz(ZG1wVk7N?a^3Z-^fY@&94~*o1>->FCJ9Ttcxt` zdZz*+tTp`3ieK2!tfTJRUcO0G&Fk&qWafM=nVSIoUH3R+!V{X6%_Ke)j>m@Hy%R7) z&XSx90>qV7Qa5UG=jAu0y?Cjq<4@*nt8k_lA((DYbK- z+DR{lq}mTnysezK`@GJzqt2%ERFS1Q(4bSXG6Bz~`vpDlDpq=a<^SV> zdSB;?0G`{|$O@j3Gnb;=<4uJF07OZVQdvp0YNvkopoAW_y0Q_4JOjPni+Fh!OgCZO z{IFYQ4~u*>fD&XQeT~p;Igv~MDvrSOSO6TJ_48brT5?n+FT=)eg9q(0b1l? z^?DV6{)B@kd|+VUN%$J&eCkMN-_{d08+KTYCxut`m~xDY0xYG$RYZF`1KAmhi3w*bu&3FQ&8KW*`Tpea<{?Z?FMOIg_# zQ>b%v%@&3t0Bzj1=zx^xX(Ic@mIH@qb%u&ux1Ln;H{h zFjHShN>s>8ZPQhKD<>cy_=<*?L2_(5>$*2o!M5)P@)U4n=N^urk^W|(P~H;CEcQlv34y(UC1fxG@B~G?B-+Cc4>VNg7#pZ%SHQ*H-jJ==-e#_cL@=2x80hG!E1c7-Do@e)|iyw`jL-?Z(&4lB6xUV1l`}&^^>x(Y0S83~C#GvqPZt z-0~E=+Fi4h5=Il(Adp}^Q`2}ARn<%g#NXNF)G*d36&3w6^$gPm(?(j+7ayk_XKd-v|sTc_7nGGX|>?>;Yy z$D5L%hh_2Rz({#x+5iSsvBbspWkcD}-FXGY`{y?^3ed~vMZ+rKO0Cd=ay zdCy}5U)IV0cv-}e&OA{v(e7nlFS1iGj!}Xf0KP_zIRcR8P-jhN&0`ySf802PK~$Be zk=L89v?QD3@7k@EP*v`%L|~B@xGqnb8;;PbS%`IbZ+SyozFOY+BX1RWw{Z(>k^~q2 zrw`G(P?0D`$EyvPc=vzU?7>T?jT(A0GimV0@7=P}#SeVUVKF7nq2_^su31{}q$~Q( zTrkH}+Udpq*QE`4Ma>uKiPrb3j|Q^$dMe5Kjz*)Y#_<|dD8A%msR%1-I1#El)|XSv zsTT!7Ii_uS*@~17`&*Mz5;sU=cTP*3ywQrjzC%i=+^4VDh|SK>)+&FT=XLXL|6p&G zK$6FW4;32Tm|=4gJHR8+c2#pmy;YY6Rb{*_6~S92V0X|MRh*l zv{DH-31(F4@6%TNY%%${5H9_rr(Mc!e{b-R$0O}<$}P%$;`pH?fFbJG=uUbcIl_sw z=DE3Nz318bvrHRby1je%e#&L@q4QEXL55dz@dqFG?uEsrKCb2Xmr?4@Pu+HY671~_ z_Cox);_{YEbYQt0glTvqu$~0|ex0h8O8d=O6a5co7c@QUpBvoMjpydWrTILeW|c9K zjG0e^T5n;A3j>c^97q;Vy2?81P7!?kf~a2TDj)yFt;Nw0484h^zMYGlnVb8Sru#ky z@9{!WvBRc&qKvq7W7J~_6D2=qUNhchdZ8O*ikdFr7Z;(YB?c8FF6%O}1qXplwf#*= zvpIMK1cS{4Nz#fMR)i4|5yt8bx6Bla-pJ{So-amCXJ%*9#nZqiAg!cA4%2qTxtg^- zePX&nliTNaWBqnZH9a_rZzd@L`TQ!D>qUcD&FJs%{C(V$tKG^rT&{UAb7BVAF$E#c(k zq!E)KWtGiDVGy||;H;ZtS_U)FB46*t9!cr+y@A?VO*DJ{uhhyblT%Zq1Nds#$O|PV zBYg~|69Uu;j#Z88(E3QLJILDr1!?A5rlW9`{NnZqs-NC|$ai(**TO_U1h@2H8@`@* zLe_LUXW-qcYZMcP3j6q=uj~yUy$blLO}KR;*H?#NoDtq5lQtl>E8 zL;?9J2z$|Eokc)VJW-&K}ew|qD~IHKwHQYe03;Y)BF$KdxUb*V+XqEN39 zAE=jCQM~ucQSqQuvaB?(50w(`891a?!;|^?EER1=&jrtpWV%4{6hlkmn z=h_Wc7Nax=d+_k_2Zn8W2fRCvot$DFPs*1yzFohGX$+?>WZq{woN89Kk212Oz9c3h zN?A_y@XwDEL)P~eIGzh+`U*6;H#$N%ZdwUS79)Hv|us+7Ft2nMcW zal{5#D6BWSx&gMHBh;r_VN0w(vgdmU>(d`1wZ#HOsi>&<`7=E!oj}9Yhl;AjXm=^t z76y&`xsqCnQs{GX?mk}aa+mjHG@M@iT%ps!<;2J%rE;Sx!Pq1U<-r#pXdov#yoCO1 z^-&7?6KZPJHEQ7qJG=e(@;&9AcPA9+3g@ajx1X4%@62?osp@?%4T|CQTC_YVcoV9 zR;?(}ckkXcvEn^AlKn9}+{1@EfWe`bs)sX7eR{UbRC1?be;-4x+VSb6_3pmyEb6jx zO&}lTZ~~7<%1u&NZ}&y|8f{+lIn$;nO?#{NN#>m!YtsDZf`^lrSm!&t`6|QHti7DU z=C$+qSxb)l129;+e^!#y2I}hi$`7edK~*c>vz7@m$1RzYL{>}#eZBrn5AK(pGpedQ zl|7(esEX)>7@11|>g*|q>c{10@BYlIG*6$HP;+}#_2JJh>p#1>e>tAsA0nLD=WHK* zA=FzymJZZj>|?P#do~b&*ZK1RW|7Pa43V;(ZR(_cw?p2H{oLH#p{8WYwOox4K2VUD zU9mTS&b79Z5UuS%rUjOhYT3xehv5D>Wl63lT$3J`jVeJV!#Tr_XFtD$?=k+EoRlQ9u^)mSU~(^& z%|Cfa$Mi{3ar4L6*bB0%)5ORz=(pl8J!8&{3AP}T6~ z=0a5gY}kUZ(kW*}oFWaUMLpZzNf-?;uVmb=*Im98kF#B*)pyuyk*QF_lo?6l5!5AY zc9257lAh%Ln4*RE_#4hMNG|8*H?%YhD}}ksqtMIb*;(upKnW52+1OZPuQ8+^^RqK_ zra_^*ylJ^Uz`---EyAt};iHTzXmfYv2s8-g`smaCHYPTn(yIF6oa|86#f3)`-Q;Hv zytMxob(cO#b zM$SP+-f7>z_m?jx3c)tZBJde=(AL`8R{W^+@sP)GdsdvUqYH0N)G&}MVc?JF>4&Y7 z(2rx_XWk&jL+)18bQ9|QOxF~>oKPBZv9nxhXgqF!HLkC(KLB`Y$}v8pOD2}P`^gwV z>^mjhPCV^y`1;6pJcWX;pxbV@!%DI*S!!aUM#a$_`pWc$GgF|)?uW@+4+6JC`A!~H zpHAJBd;2y;FRVI}bzwEeVn4)7=;4ovaglQ`p_9zI>^9xg`qRz+s3eb`7{kDobsOkF zk`zBf9gUJN4Xk!mGTzO1jPtq{6q|#|RC&N!i=k z{%t)cNMKUprp|o0>!A6gnYRl1+>6WlsH-*}bq+h6;R0opg*R*ud#2vKmXP?K@*&<* zo!2U_$l!ggB>&ngWysUU22&H)Q0G%$F7$f2I{!J;a@X(?f(+ujT_f$IBa^INji~@N zg3YY*DM}=UaMt3}4Q^%9CdSBq$SnXg!stqDOuAlv<}}mH(!Ms`IO3_nG9YX8qQ+rb zlVtLGMfO>%H!dyBolCJGfpkt%+d~YaP`V%LPiVR@&X9!pmm@|z>t%>YlH5EP+IrLO z^yuGn^PfC5(Y1}g;oFLwx2SLMR?42k;^yI+Z$Ly-9Wnmr2Ah%fRkMz9u+?xEt zZ*+|H{+8$&BUUX=l}d&4&Ev2LZ8QB>Mlu?0WOw&>H5}o@_mj8%+uzgqRQbMKt_~sq z=w2y>=CdMX7iDU-T#!;gd@(IO{NqRNXy^Y!+II#twKZ!iqJW5kG$~T0Hx=np6%Y{+ zk=~TvLML>PDo7JidanwBK!5kaH#L8{p5oFifH;-KoA}o7j2D}pI zpFsdC!> zF#M7)KhBPhR_uEF##o$bT1s}4OD*i}-vh^uypSi!xMupD;u1oU_W}PS5Et)kalx&b zrhtEinqTHBv#Dk_R`WYXeBa;Pyk`Yj$yMmO#f4iiZSL&+v8e{Lv%**3ry_awq~TFO zM=qd!FZ6uLOCzc5&L)Jseft*VxqF?L=Hhyn)ww<+G6OGXm7br`E_h1H1adZ(S#m$D z{pIhplv)k!axT*wanC(VoN2!L6P>WUkf1y!noUddWaTCnQ?GLtT^hD^nxJYvbkE3R zm4{~!Y7d9RbdcI=?Bn)Lb8&s=hmz;ID+teh1CL+dT(7PG%ax!)%+1>ZBP*N z!wB+a=XJC#s_o7h3)fFXYU_R9qW~=!}o2KTf~;R~=+sw;Vt!p3SiY`4s_{ zrPR;mi+}?Dj=%BNI#61-FT{!Pvt}m>PQQ1T!C?;f!Ih#{4{ia@`kTgbQczc+XyW7h zo#PeQB{#20(s_>l(i<0EX{v>-$mo_F5>Nzcd?f3^iMlF-r;R%@E^*xH$OtQ7=dm{~ z)URL+On*x)iUSQ|ugpcZCyd$sEcw-^k_b^tpr9!+rJV zyS(|Z{CoHi%@X|GJ+y5`zw&Vm$F1n9J>VS=dlkU+8vQ$ImR?Z2-Yc=+15ZR2Tbh?f zH6Ax&#>_m4tvG(#xBBY0)y78Lxw*OCPu%OZyRkH%OI?NS4WVvs@yj>p)8SfEVTs<;QetLxt?d(vt*g1OG)A*?em3d*TtkCG|LgQj^*So0s_D#*rIN1z?tcv5 zKCH9h<{z7`gB=g&7l(j42e6dWbzuEK0TNBocTP}e@>ku-@Adq?>@@+ZR5(e%n*X;T z;y>jkaI@f#Lf?Q3#Phai=##4ylbye{wnfr9dsq$^egn0_qS9US`#d~bW@g6jq}+|4 zWK5O@aU5i9G~_7Q@Jq^x^*u{&34Y@?+P9h?Y@}ezF6luIgvGs?kKtC zlVVJ?^#@(G={;;2ipyoBzJotkjObneTG%Bwibo}J zD5mlp#g|sVWRi>-@o`CqBf$RrI7Qa5x^8+dZ2z9_XGc1{?-mt-!!kJaGsAdMUmYnJ z5ngXf6VAXX?cArpX2H}lSfF8L?3}SC9A*HY?I=N4*kvWtZa>R{*Bz47?o4m*wA6W* z*&JRyT1l%=Tig0{C1dSq*SZ{*!*hZyeX8aN!XIIk26y>LDMyqD9F+brjCTqv}NhSv`@YGfFzv8SXh zeu{}vQcDh(39$?6fvyZWEp?Q3XTF^5h-s}moTu^ldAML1c)7ZT&X-mnIy#r^hm5~U zN!G&@J-GLSwBx0W?mbsebD`S(v%Hx*eAZe#K%`K^`~owFI!~RvZ5xQ?T^={ z2-;||-5?y0ouAFq!abcq@<8A>TL?H~I(VvlE6 zvnhD$d%iEpF3>5zU@M-qZd&51s=B%n1$LaRz_^G|+CIXGv#iNmTa#BSOZeixss6=w zx$tS+@i>dRebWXf2M-ERgYv(JwHUb2_7{KY#Rxxa-AzfHOLMnX8Rb5L zccn9uu`$OLG)fTtMH2#dq=NHZKC2*CPr}48RYJUHvY`!rg?0FK&*Cj zWu-}}SR0p^Ek4=-I#DG2ZPcbq-k5JC`L!_NNPBSB^a<@AqKhg~`>VlFczEgdNW18a zx!{p$F7zv%*E-$2pEF224N4+x5RYh(7{KdI<>+4V`pegaxb(*+M?R1$&upX zWCxYA3O~OrGjrC?4u5w)Hns^3wwu%9{TYs|Wy)Gp>)z}x1;Q6{Ep$#~DPC;~xln(a z`y%|STXXFeb8X}&WmR-z)f+cFP6ss?-`*C(QF+3}%bTf0BV-}d-y|^j@A=Mwk7^ zK@$i}?WKX9fn3x6l*C&(vGa0AJEd?D^eSCv9i57fhiJ-CUX11OZS-d(G}K2lf0*9) zBxwD3I3RJv<91lOEX5dUq~y?mhPOAf_*tXc&JcP-)u%EXc|%;T{^W$T5dD=3vQd+w zEDR0%!m}CQ4g#2fvyJF*B#1CSJ)WPv%>5$L<(q*ZG;m?tfINLQT&S>|RiF);6c+3fr+vW`=OpV)PXB&EB*w$c; zzR8VSwA2J9`J_<>`^(IompA?VUMF5}%h!C*Mt9q+JaT@8Y=vTzeTBnEuhL-4@jg-1 zNgvwGpmUf5vG?2>YL%5m`anYD_^fTd#Wru-g~mHnpBs>C`J;Tq5UW(lEW*f9!mKD+ z*m+Nn*3?aMD&Fa&)&bF2A0OW(Z7x}4_=(;o-etSG`o;>6Q?F73zC#i1kJF`FgQ8H3 zGPi-eT#LfEeUGBD#+7rDmgUnNKte6*HaT}mo;1udCiU}6IPnyW@ttfg`fPO1jxy>k zSz754OJdiv(geuKyDIqf4aG|VrS;a{UWN0U0xN?|UgW)tERu1PhSK$(yW6Gk`I7Fv z(9Y-)JEbe)%WA8y8x5Lkuyt2Sx*Fx!8rCOGn3~(3+FV6lW1upxvknI=16;9$kEEWz z|HZC%%%Qm-*2$Q)S=(s@4u0&eKr6>pcl(3xo2#aUm5CLyze|Hp1k9BM5ES4~!U^@m z=5h%YXiWRNXIW7ad)cgd9n-M9VM9-H$P5fg#eG+Ri{9se;B>nV?@LvccDv7UoaCe| zfLqJfQ9V%mS8uw+?6^)3C&WamZ4UC_&o=9;4SZ*AdxS68SzBk#M2f|peW!v@l6|5I zM6$53IBzQr_X-T_SsvN71_#S|?DVoNt+`GZGcLVQiuddiF}Kn-P4hfs@i^JcJCulu zDym<%LalV6pRL6=0cUB$_ZNw|q4#?al;`K{vOr$c)I(G<{{#RT-(JJwl;*yNk@ z$f+Rknk`4v=8?5<|5`^qdeVL0`)K3*kd5g2H2`{c^&xQD1p~i52|`A6uIW4k1ynCJ z5O12BSr6|ed6#(()9oETI{JA`f8aAs9HvUyGsvAy!Cg2ceCJl-O^?pCN#8fWgIkcG zuw3e6DU0AgOZ8kAX?`u=wTh`uqw_epcQhRaXRl|Fypy%&cj@f`wbwg|lV8kTRyE-e z%(I1LZ`7Bz=*UyJDPgC-K*G?aDJSU-W@GbsLqG&X~pbA>NeTpNyA~#cKb3v92Z$9lZaO^L4 z;lG`#gALY!9z8FA1~p5`vL8V~)pXJ5VwH^Xt0rYogEbLZ3nSMwhhPh)cQ@F~vGwFG zGCe2QQfX}b=;6S(g6bKfzW6Ui93bQT!B0xlmHrg5a)WbT(g3bw&|sLG(8?Znt%MOI z!+~5LsIZEd5S8->2;4OyqJB~piB6;8yfSVWWwNg=L$#IgM$j)clZaa2-&XmGV%!?a zlRKStrOK#5<^lnjXQ=kHkz%*|km1$P+AN_jIbt$}9RoQc01o?%=5&5JNMxftcPa|1rO zo}NSi{ahbi2qZq@XzS=OQQa~fb0MaERD1*PI;~0c2I-Hw9SS@{KyOuENpJzd}Z0pNA(k+!5d9DTXC38O>)NIpGW zFtkc|e1q;G*#`lQ4N`#PEd+kv?cSe|ZEBMBi2J$%uRl}1QF^e8-he*$@sYr|&6GR0 zcM3iCG>1!DaJ>+qbK0R$VnDfXH@_h|O|PvDNHw{)q{vsBFJ8FV!LOXTThSHj7M*mFs_p605={osXM`={$QD=%j+1QK-B_vf9&eT%_5BFVndWfPH?jsNU!ralWg}?U7nE!{tZ+CR)4f=Kc1)ifQJEs5*}pq% z*!isDg~rfoKlJg?w0*4*-vKEA`UUl+N@f1Y@1Y>?ZjNv_2+e|5Y&>vpH#Bl$e z#NI*w4)C!pzBemzbJqf}U@_h}@+yhwIykEMLnV~cN-fks_A84At=FwUmFx?SSqUME zPoHYN_aM^m95oE!uctG)w*ss~D^stEMdD=`Tk-QPUSv76)9TFVS(K_pJL$ne`+Xy2 zMi@*V^*HSVD;wKVVa3E?U>RUW=x7XD7ghOtS2N$uBMy-0x>tA7X5A=V;s(9c;#R;Y z7yWa;e0XA(yIQ61>(>jRuo^THlWjUjp4lxl;g-~t;|ps4NJO{8)s{fMID0ui{|(>t zRL@UQk7Rz_`fePvdS6a68T8qik4JP+Q&wu5rWB$SJ(OP=1_f5P{inJ!VrbS}pkz%)JT$uQ&WK)mRMkuy4<%_nUv z(sLuk-G1H8+1#}!F<&?}JU^qP*f(3o{JM%mfTc49>fRUrLt2plTdEhR#VSnje@R!r z*-V>k>81$NXo#+-kQhHRVzBn65qH1YIc;Zx{W!r2Q6LMGo& zf=q_^!Bkcv!~Ld(tfu6Qokr5AtWR8V)|pC-HYa=N+jnpgGPkNt6o|ly6H(@}GRmm^ z8VkVo5FcvAb2dgZ>8|B=(kw3WBz;Lwf1{(LJ36#qX1*bjm>kc**j&4gDp*`D;LUs1 zRY|REk(3lyV46d3#t8d?@&u`-=d!XQQE7J=yG~v&C{xqY_B}=}IB5*7xsE^0$th)0 zlAZ#&gbX}7kC!Xm`6?6+u_ZlF!onHY=kI*cO1okdS!a!z-M!HyJp3y;aR%80j@#SY z4?@IT&$0<*d=KY@l!~i82Cs@Ptd@SxN4+48y{c^Jb11MjdH#0D@Pto;3L=XfQIR;+ zYk!Fz7=V@NmYR{DE~&6tYkLM=IGpl(bmxBSy0P!$T+EoMq9x!LlysY4X{@{`51|V= ztUo&vi)f+ur4_y}8iYXbbMOhNke*+^e%%TO{XJ9W%u!9Sd~0msUb{8C>M5zyikk8- zmtWuB@+W)}6Ba9R!;yxpeMr!lk%FKXU0-^;f@n2KSFAXPOiBzIcPusUVKvs|H2&BO|DBS6MPfD2F zxxKeq7lM6`Lb=Zn?c{NWPr>7&$k1RVoKaY;uCA?s#Q;LD)tJqV7)QO{oP(74oQgi8 zWW06?4i({M`K7z&#^sz$1^L8T*qk;6kIt<{&cLj0@pD9Mj(VeoMj)}aNff5s+O;DP zX|(RpWx^GI4)7k!=~w)|jqcI6_pWsDaz8F&5`*i?;>U0JPLWWspMRgUzItjD6aNT5 zix2hdp$|%mruNr#`<=)AAnmY2^V*^G$1`r5P@C@>rn}4P&MmhqdN|n9X05n2oHB`U zjby>2q!k^c|4*YCKZ$)rCRd^s|7B*S6r@ZLn8S7ho|v_rvPpz5>IYUkYLF|Ap|p^N z1I(@?c6LRE$yH_LrSMf{V@HQ4-4xqjj*a$G8GSA;e$W4vE+>>VO4O<}R$MUqk|szV zYU;aCrFaifCAw{4_9e5=>dvHGqpP61%b%Qq&u68rNO*PY5(Km|%u9B>iFJPlMn)cE z5i;{3@kS~gbKe#|JuPYT(z|;#+g%x^<%&v8aWc=j5%9X*JVcv#xl&e#;E^(_D>57PQv`zxb*z)WY&$Na$M_Hr(LR$7Uy zu72xtHm7;CJ3J|34M}26>@=2M+cIrmY>bJ_%lv+MXWWU;(%PK0j9h}CWG#w&+I@W4LC;_UOcBX% z4tPX*B&9(9pF7cp1*kT+akW`2ePFrMh}39(Zkn+Mz_HxbRhwmVPe4oR4Ma3GH6_nE zC&Y4Sc>R>+1teTPwj@r<*yk4sWdlH-CvYCUj`0kN{1{YTUS`s2)YjfkxSsovj*c!j zx7p0f#wrsSyhzAJ9$n-|&bD?A0ReRpg9FCI|TOqGMw0%=`iQ1)P@m z_$d`+}R(P<^dUEBnyI)n-r~Nw$X7rfk!KT+Uj2h%F>i zbF;?45QP?TfaFcXsyXtzmdRAt3aeGQ-zSi_b-4sr|4E+<@xb(1h7s=|>ed+f-pgUX ztPA8$?R9M~4dYimov6dUQ>t_4@5MJW1*FKAe6Acbpu8+bRbJrIH15a^iiyI$r)JbA zv1M1O13eP;6_`y0Y0_-<>(80`#!yd8)(Cl*ESJh`m3RuZO9C%T%Rj!mh5E7k>e5&VfODU5 z!7p0cVx>6eyyR|VNirYW-p#g<=az0HgZX=iO1|vK(V=`){oNqEs5Rub^d{y4zeGt# zC1W?wFpIf*$>%ZSGTsky^7-5B6y%!dmCRR^bZ#%rBV^D?2m4l$RXidTMHMc4FD?v(SiOFr@Ezv!D0YHA1gVW?lwZ`58)w$cVfS0=R+G%?DK@T zBIl({b$fZi!V>XvtWq7JMKTaP7n;}0MQ41C$wlK%Ki8=3KnMvkJ?5hP-d; zV=y~?Ver0fzM5wMZKuUJ?L&DKOMcAL=*h{;FLhQ-WF2q#hFrOF#R5x^+Q+!|#C9h6 zSO2_)JI`~`q%5UEG3x6-?Ic4kICvvC3~u55-&!0jMbEF1xrg!oDA1+kAB9>*DP50b z;AajHw9}F<&>XPWKws-}ZjWMGr^!x9K13FkbjFVgibo8=4de||Nam7e4)hx&W^#lh09tzEie=LU-H#pH~2=j~o z&GROBA{AmLCLFVNLlW4H$h!$PP6&~hHBOz9vNneK#T7~;v^UVI{?uq3HOJJ51d?1? z$;sSR1TJ7c?f?l3$W0zrnN3^}@0rIjjs_t?OtjNhVAsdrT_+Wg{6&KcNL3`oJOYRB zgNF~Fole)d4P>y7BVV72qMVKeMb|5h&ANV`11m>7HckCsBIJKxgb;vlHufi%`{zPo zUByj&XT%S1P(4HUH7D5QoibiDaoigNlB|8pb72a!?Xn@x$474$@uEj#n~-X1YK;1i zV+9z?^lNbvAdkML_O?8k}UVF*~bV!p$4(SHQG+<=iqqlha0w?be7DX9<> zw3w&GLN`+kq~hBQZI_8BS(uIHfCk`XqB6t}9@|a60W_zgj0n~|8GdxG{d~C#Q|a2W zjtP<|IM|r@2@{q|*lWZ@rb2vhx{uiz9G?8(+oqBv2uU}N5+8f7ZZKz|D}Mv4xkPs^ z0spHkHJ>rnChdld?nMK1T)AscoS~1BnD0pffNvBUQ$dmdcu-iAtz=T|bE?y3_U*Tn zF1Aejk$d`;KccoN(69)C`H9c%$ed?xS;abNhk?+ATXdO^`|>gjXU1-dqM>%`=rwfIE%t5a2mg z?TPm}I;eG;Q06Z%Q%VeJ-jp)oQ=bN+afO<9u<~j7)to>(tZ41Os^@<_@196%{((rD zOEm1%-hSBaG*~3Q;oT)6f&3=5A0$|oa|uTvxPb5g??mcHFnugH8pq_0qMU!MDXQrc z$rH21I!Wq4lSNM@w1h-M>VkVwzCQSp^5f%7sD>=;NBE~`k_0O4-R52iauVyKp;AXJ zs?BDq)iB5ZXaQ7Xy@{__iPzfAM}H7N!G3>YjT5u_%CqxZ>)wtOrHjjhraK6MfcG@x z!y6BCGw{2ROvFnYmRZK)_DBK#1_^vxY*h|ju)3C_L|D8JM6NT*+k&6~P>^{H z@cvwvPzGXci}rQ?lP6`5Jd>4`m*z7QYf#9WDauw}%OzEOC~qb0`s2)k?ja%llX>T~ z^slAx7;q+Zu(x|pJM;KRuf@?bl;-d(2Ob=~|o%E7X z(+E`>@1(sg^zmdqHr!humFC@B{%O%!)4Ml3pr|N&UzQRMnN?zYV0yY9RwQv-S8aAr z|F2&vS_@+}@WfLx|A;_o-ApN3E8uX}pLpDoUoc6L_I+%ee621Q#!FGLggQaiS&F@C zn{qOAE?Mr28Kuc3Mhmv@IJcIHQp8 zc{=uzq!<&)-je0z3NXiT>iRh?H4Vxzw6ngC?j-j&tLt9tge{`?#8nzrdvspDS0Qrw z^zwzC8}Xy};D$}Dox+aq%QMmP@^EA}A91eG%BUHfr?z^$@6i)mGD?MN3>fhEx*E0l*#XwVJkrK09m4Ux3F^{k(qbJnsR#HAz|W}62X z2VZhlcPA)+FsSpB-KHb-yX9+#gkZVc@Gnn!x{a+k+dH&BdUsks6>7d-a*N1asiGVn zrn!_l_grnr8fN9bJ90CO)?&J3PAIMC<6wDVZb8d@u8CpX??o>cZ!dYFL8+M8U+yh{ z2XC}h{&4zx-G?ZZYOGFTjg_?Zxo!Jh4k6y9xCJ7=z*g0AS!!Jk?>E*vu^bgzvktx<*E z`ZY-WXJALxHs{A`Mkz(Fu37y#P+J-{-OFCze^wMEVjN*R>e$g%!J~tavFQ%~Ey?@) z3;PlLXT>pVE)A{F$ZA$f?(0bZ6XFyjHeHg@cT+>{tdTESn-M8NA-lSe zHx@?~t4j+9Tx;rMu6T&COG>^gg*=SNyaq<~6dN7gT(uy>rNwfNLt0|-GYW|al;23{ zU^O=ig9*R=L1i7o>U2PYuloJ-6F^{o59dq@ z1Q9g|IZbVwWB(LLg)4H34FDNwH~ZY~9-}Vu6R)s1P};s^BEs z@DOeKjUQ0RW4>vUmX($oD|EHCW*FD54WL=NknXV$u)UJ9v3J^UoJ>5|i&Yt`-VE*; zy3IFx#V;MZMi$KeZvWgGQ}$rod-mbX9vA;G^cQeQ2x`o@&`VTMMD5{w*4$NPu+skx}HOE+nTgZGaRtcIAn#5HQk-{9Yu-|Gz~d zj{Zs}Habz+po}DivY~5g^hCvbl*IKr$)-&Xa&5 zJKvT<5W$z%-n`)h{`T%=X3mQj4Y8Z|IvcQZ>&eac-ui~+-o1_HmMSrtlwli7iEi8_1$Zb#qH~3}Ly{qprdT8rCzo{nh{@K9 zN_mn`dO2)Zt0vY}fH%>hXK+qHL*HHZ80DtKcMo0kzXos=2P*vYF9RsP+mw+c_n}Wy zpF339bx@N9T3!$usjgXH$d~9gc)-(=2n_0Y?#dSW$c#Y4>0iudb{(g)_u!r^XCm_D(^vKDx8n`2mz1vUAqz*1 z#n&G6OezFjX4D;9)EAn`Y%fq4ZkiUr>}h9&wp?#;miv!k zAZwi{Vx`md*$!PaCCXSkxK>zX_gu|eU~uqdJYk(>VtbM=%`%u*baU&3$%*;Ly5H8a zppLVofcWO^f+8PX!v~xBo4Sz#rY-^IsS0>|vz++YcU!D#)H-CZB66 zurvkX-NXIDm#Bpltf=I3TJ4dP&tZ`r&@z-g%y>9?d{f(kt22Hh^x&Z~UhN3Fzj%tU z;^{-=)dx%SCs=cTkXjVlLW_bJYHGx+Bl&E%t0RXszB+%`H;nAlgWCE;r*5`Ufew2w z)eU5Ll*(CcYgX>s{$VI#b3F23WotEW8{JFXOtiH&q=e@9%oH_Mi zzxJ=~1a6xwe?dP7j&+LG^WjfdIm7;L9A^R$)z$Eb6=ug2vvZ%s|2Rn6{)4o%J1jZZy`v>J!?P`kzJAB5D~D(!KJQR0247 z1-uwFLt2#O9S-lorVoqG>(<~QDx!b#FG2N1V*CewmK3A!j8{h*9~h>g%NseBk>-*6 z&sEI%0WDLj?}K}>D>G=qK)cZX^IlRZFqMKtJ1$>G1rq}Nky2loFA9%&;D$^yyuSeK zp$nb>qGyO3;i5_J2x783aTjPIG3_*kAl-N%|H{++t(;um;{gGbe6xS2jS``ET+riT}FfxjSUVH6w6A9$K;p; zwi({jVLys;kogFFb`6}@(Q9)n`xd4y5!fbvCkZ}Qrkb`@y#7Rgt0-XD#a?oHivj14 zkzOSJ74fxW6-U2%_g6$rA$OruF&OhGsrUeoGV&tH=u>B=>jpXobCvYHVT{$K5Dkr3 z#{+qpc`VDlyy$>+N_kL2h7+zsb2!Y(SY9M@Yfk0b|;VbxMqF+-C4*&!Z zg8SIy*vjOC1j;K(umU+T+nV0@K}OUUm6k|j%^cgH@VC+V&018gKf0%_*z2~mvVdytA6wwbt&0wbTCh83`p1JYt$X8N43^g|GRKpX1DmGg zo7%aoopxop8J2gu3u$(D1kdjR*7!;V_&t}JBEm*&wPZj7 zriHLdn!y5l7h@p|bYMm;a2s2pZYKUdTboK_7)-HbeL?a3AJ zH8IjukpIfv{O=1X9D--hN@94z)R;v^DT;j+0~VMmMYkQK^8O28fJYa0L~@05y+80$)`7O;9zhrZ%M)I*1V^|^~XXc=@IzT z;1LOV{M8;YhnK@=Sgq2|#TAXv>RJ;)@2To42FyLY{&yGS12!!@TOz0UXH3d4#pO2) zH|$>>X9989n`XAA)*%#@kFA^M`6VpH#z`wZQ5n5FCc3}EDDEj@M2dbY8M*J;CuN71 z4C%LgPO=is091>jZ<#sY?*xzUitX2bnbwP+-h|k^J@_^a8Y2h9z_@OHaqnztk`3Ak z-Ddk-2gFwIcW{jS{djtE#gAP^H=&2c8k%bvW=AdBMdq^9Jo|vbySHf?#YYV#@V;z0 zrg5A}hc@aTFmK;jAjpAWqdJVRbw6fDDHNmeGNx!Hj2AOpH{!3Ue5aZ(aqr{e`0eH8 zq3nVgaG8HE_OkiFB3l-HaAJx-fs5#K`z?prKKtbGqSSLeEZ3)8T%{!u>FiySW4*jh zR!~%&3lY%R9nq-GmB3h!X{05QTA`OqUc?pgp>_iIWJA@5V|g|7QAIuiwBSOA-y=os zJ#>*%)9Oc#QGzS0b0u_rBvsfUE5M$vG;1fV=h{65g0qRv`i9QfNQ$Dyk;%b3AwD^W z#+5EwcuJhYyzv59s>=1Sd6)DW?i2BWvckQfD7M@MOE>2a??&e8GKxL` z;TI)F%Vqw#9bZjL-3Wb4``^KD%XX>==U>rp+l{#dM~>Zu7kf~bCC@4&Q0lzgmu-F2 zMk=;&%!C>)E8H;nYh7xbW!shdk)piIB|L&k-pCVM<;7))X_ znO`Qmixv%-QFSAIF;vx8W%`le)?pfX##u@g>WkBXU{$ofJOvZsA#q~d+WG8_><|ztnC6D(8PADy$K}t+K=S;TQ{y3%5sg-AHqyS{; z$VhQ`V1Wau@F}6KV9O_{fDU0*Z@q18MVRp%;WtZ#Q*jP=Qh>+4XbTa%)T`>LCC$T@{d9M9Uo!pNZdwMYo z%`V>k!*EHVNQv>#z(mzMATZ_5Y>iCl{!5qvOhO${y1%~p4fq7W498zFj6mDU&6zAb z_qC(hb*Z@7h~yLj@zEA=1d_bwEl6;&THAvph}=gO)^mQ$#7~64`J0OlVKg8XrUo`v z>^^G2q#9x6iYR2~%dP0zQ8U*6^z+B{B$xS66DRYyJ^c%KUer6j$HIT})3x>k}3rC!`f zmocEA!A9!K;8ac$-Ls&=&BR(j>VzK)pm|8gWpil;ee6fP%t6A^Q;WnS6J~7aXo91I zW&N@7@iJ$x?p9>{goI}}a3#1c#j2|x2;O@{Z%{`nZKL?|rB<;aFEexh3yS}PbDm+T zCBC_z|4l>crp&7s$u=7Rl9}aRdsjSI2CPh9!VG4hfAkq5Ed=7aCbHIX;yR{}QiKbc zFYO8vLR>4fjoV9#@#7DgmF3JRR5h-fnk=Zvfu>m$Y1ym!=Z~q}c~WIQEK`m&&0)={ z@I&S4b)yMHX{lv;MT$o?dSo;8+2jM&D*G&g$t zw%&b6l?EY=b7TtEo%#5H_U{180oEg`56%2Hxrtv1Z-haYx^60EWK4f4a;&LocU-{% z0ZC7$g?`+1@T@JBfoszB?G4oTb&V@g4C~lkYwCM>h0v~)vr84ad;T;b=#;zBG!HFY z(bPna>N1+4d}K_L0y!QX-4jlR%w&fdF-&3G+f7hqULpR4)k|Fuk@*7?v3Dl8#WWhN zfO1~rEiAOtk_w4|XeS7d?x`sn7qTdc6Pu$Qpvcq3HvL3Htrsyw=IDwp+N{`I9Rt%J zyhG*WUkU!^rukK3op(w>vVZ9V?KevjZxmf9ToqXwv$pa?8Oi3cmu%zYe^x6DeGB)#R$99DHg2P5c{vehH==aS5{iWQmlopS{q6LeqPaL3grrH*Evu@k zrGLfF*WxOaa@r=o{sY$)qHjyK4w*h;-n;@<@HjD6^M+mkXpwlSmTZ1&D{*em+CkNa zxPB92ejQtbz8#VqQV;4aJh$+6Jk<0Pd&Ks`pNq^5)XQss zlI)&F_f>Kx8*1eyxu*7ny#`=she*>XG##E&-#v3I{;tYKuOX8sunI<@sz>GjATC1I zA`JUC7|+KEr%~=YUYefCcWLK81qmemFX*)W*FTy2fo@R(wUFkX;h27s@o}k9^uGy zGPrn0zse^~W9a(&5&?OYfvSPdvxV-RQud+IR*f9?$)wljx`&t?TiKw?&SwvX(cE1~ z&*4c2eT|&i$r5xG%$KJcPC$KWzr%>bugZq|<8-^z#|6YDNmwD-Jfg(GF^SMgyQ0yk zoBnZx--Zl&sfr~rMY57WQ%zgOlx35TplTs@<_u9`=KMAid8bze?PQxi1)Q-!;7%Foz9M6R<#8eEFSHpZ~@gBMA61}}ODa?YhYcS^L zu9P5#l?$k=7R|gU=xyQXEm7{`?mL-Y_Tk?h%$ZecgaIenTapaj^}UZ%=^5X88l0Uc zJO3SMnsV;yTq36uM^71$#ed95KD+QjO~2{PVaqkMg|pYJ33FYY=z62#hqL!Z<#vMwcJJ(`o0cwMcGFQWlr?CNu} zFI6?je1pb5pz0p080w?5HD~ZL(~T%}hlf8}>ORv8UMy+5F`X9>bF8#5Z=$LjQ&aC> zB~G7cf>$4aCyPQmx68o}Q7DA>%~)+nGP3d(FGjsN5p%Av%vx)~n3{ zZy(^jJ4+l;y#bIS53>p4Q8_1sIKWU*Vu@NNE0d41;KK%e^9APt(1rCr>ocF7c_W$> zsGOOg>99{QVnsrQ%AKf}Urr%5e@YrwAEx%{FzwvMgZHsR^$9SWH z2K?d%U&VtPTgJSeU%#Ik>~xnibebB2I!NB6_>ve-6i1$qy55>cNY~;mLwO5^YZv7t&vthDZox{LU%jp`?YXs@74n+x$hD9xxS8Qf zpo58D^H+kzZR@@zClcyQY(*1&cjI;iV9Nt@C?y( z>{-k!SCv^7r)vWW_F{yPCX8@M669uwkpM~IWrxyG(l*fTIrT{fn`a%v8*;tJB+=pobY$jXZ8KQ;Q$Lzm#fQ=#tk; zy;B1}aDxyMA$EZylIz7bGy`J#N|WSy6G42t9JT8H!reHRZtkI*@$Jn|+w|+wJ51SF z&4FIQn-rS`o7=>3L;Wq)pG#|7hd(hxHR=0?3O4%IPrNBcb%F|z3|_*~(FwBJ0%^I) zsLAy3=T3S8U8P~|yJ!`QUxUJ8pXp&2m_CJ$AmP;!mn$GeDUf?{5!S+GL3iT@nci_d z0t>Z?|NCzvkf1(yUasLN)AiepYj-<#m&KD27eF-K(cjFuq&N8jj$U z33V=O(i5C+@7!+1Zn>pvMeWTpt=_2(cjL&h7z~+y-8W?<7hbc1%*@wTWRwoIOD-_%sJ1q~BWEoV8IPNE*jSxr5c8_3mm+4$?JY**ddw@D zn}*7-Zmtr_>9WM*qTe4tabjLgKG)%Vx%Rz+gui5Y!mDgvJ|H1AGoxHw z?!;@3ARSZ{jEWnQ0O>M&#O^lZH;gG%mkM~SL6o#H4zsjm{E;b#fKBauPf2>)%Hm7w&}pfkq;XQLNjRYIN$)S5ULq1E2V`hZqVpE z+}_5WsS|Wui-^z{9$r29P%>VMZ)8=#^%;d2(9-@fZ9$j;xfPdJ4>+LT7qkx8yTSir zJS~BZnbB=jV=8L*_)b}FkLot%I+R!>mb`HCEl2lGeRoGv2M1@{(?v{0V=J52zQ<4|5EbluY)enQ4L98v$QgD4HLRE@dmEPYdm#}qXuY0W zl`IsxJ{_jUGh`~fVA3<7&zoH{*4mb@0FPo-?0}LykX`blXOGdFJwd?=i`SMA-}^Mv zNuQ)$@IJL}b)0PZz(iKt)F__s%TP_%vUJ|C?aI?ftXT6Va*3s^-|F6r~)NZ_d-P z7v@@?3lBY;_;T&DT5+Rjdz$XnA-RvQdMr7WB2+=A2iY_y@FDE@r`8;+p{*3AaCk`2 z(tUU8l!doL+GUcwBB82j@O0S5K>0eKY65-PPoe4PoS(DDTqkF3Z5^{=hO&O)>i!=H zqu{QG)q9=hah1XCm#Z0Uw-pP@%3H4o*nQ{X;>b>3g)sy_1-^-y*4;RzYnoqxWp6B2 z+SSuoF!8iX4?~U7DBxE3K;RX*mevPw3-kH=wG$<%??;2dYT{HPhadY-(m1M@OB=0p z^I)p|kH=k4_l&7&=@vvj4@L+jEgX337Y<#`xW*7Jhtw>KT)uX{TJDNmAo{e?<5x@xAX*~ zWpq1CPu;!q%W*Av3z{jGZaIxUd0CUDxKIVtTQShn131J6P%;`RIiw-C#NUp z@;x_`h8rvEXFfdOQvRx97(UX7d;$Ezm~)rL!}oov9_O^Vb#%FPixU^WJ&BUFu#O^| zF){b&Z)LHsGz^d?9~)~Kai>Khkx!18&Yvp2`&?4@PDx^Gb#vE;Agvlby6Z+x*)AO94a6>BcYl20=6z8(p>&Ucfd5LPU#Itm)$Ev0O? zxKF$+%%1A;#X)uB=%da_GUSMhZ$4QVekIysd;9Wf@9X82*UMo(vwcE%&8?jy(iSVh z6kC6fCI7;ev&sDmAyCbQIp0!u_4h_l*uHxDGJoi1t2W93B=D8HKa5Wa*kMz{E;UIg zZz$rEAkzHIaE$JdZmmc;A?aD057wPguYV-6TdzQsA!s<}?1=1a?aG+2bwGj^976s} z$?U{}?w3;!n@k@)eA(D8J{_%RXh8k>jsos9=@=`A@PkV@@*ky+@F6L9?4Kf$#ABjS zL@%Tnp5WeGvY^TKVWI#K`T!}h`JSe6jPu;lB?At~;LYc9SHwoQIGq<%cGc7#?bc<% zSYlN05c%CdZi%50S?dqsds()Qr!yx@K2~;+=P~wwuU?w+2hl6q1^R5BgrcQg%3< zR3`47Fw!L`^6bD&4FC(Kv!7I<4RAGRQ}<2NU@wR#$o&*yyc(4?vdTJ*tX*gp*V6rb z9FV&e`sKHUTDC-q*%GS`O%vl&vmzpt>Zmjy4X&ntx|mZ)^YKTL5f<)oyU_Cx|1m(u zA-L?<^QJ6TF5oFJyvO!rR|=4p31P6u#}D}dT^tnlb~{8uWK#et66DnKVg3%+FllqM z`664KZ9f1QB8v40J&#u}2n-JY5}?vEDZcpqZ!vd>ADEhZQZiuD|B)^6+qqNBS7y37 z%}YpCdY@lgFF{_N+kl&g<3X~m8m2Uq!vW#l!KCYeD1WE_D1$gfWI`5mTj^t5+=}OC zxKQ3`>mDO|tn1Lgb@u9^nX(2+n9a(e;U&{w5-dO9>Uw%b{KIiIfmxN+@j?#BH9(64 zX?`OA5ok=@_f%c2+=MDw9Yge8g91l%K~)K8*}DDpwImM~YocffWQf8xGs6%G|C#)M z8};U=iCCL5Qiw?mSnaqTUGt;Q8N4ORNX}76!zlC}uR*m+Sk2Q&m-Z>V?(L=3RtaIW z&bKN2|4qypVY@7Je188Y0L6g8|15*HKcV7Y|44I9Kz*)x5(b0Wzvw%A7qE0kEY6_% z@cnt$*ci|IoKxl97xGNWHju*GU8IWb1;HUAiN9gB1~4ksXHBd^3y(hvi-@bNtkCR? zk>LW*=hlc47k1qT?HNayv3P{*C89raVPAhTy%HXc4DW9$aJ6)DYVQ+qK=AN!We}Pl zN03`_hboAUyfz2jN+ti*?pnE@S3-X6|S2eO=dQ+mBU?-{mf3Q&33c zMbo^bS%*6o{xh-JfLU}fqV|yK-viMYLVv~*TnBL~^F48=kD5wv^cf_;vO01(>Eo%^ zOg@zR60rJ=Ak4<9oJ z4wdTxx~ef0I?-1M^x3SeC(mE!*m1$XM@RD$X6LN#nb-yj*EolQ_KMZ2ElaFX;->B9 zN7~ZT0TyH4fAZ=rF_I`Tb;^G(iKy4@_4RcMc_9lk^S)am7ggmYVl3HfC545r)+l3H ztEN3DA?Fs}NM0cp0obm!%@YxhZh{FPu?k>YA>i=TRM#-V`MPUe{4}bOZ*;xGk13p3 z@Jj~GpAQw?HkK{;)L`H9L(jTqJ91^=Q;QIA77yeOgOJ z>ZP+MC%ULQY$1|HMvt7BL@JGRcOje41fKMEA$OhQbS0x#qHn4bW214dqb)57#(brw zEl`-T?8KXUJ2W@{TtNN*p9_e6O&koNUq$6jy`=fUbtJu6{~bvrcy7~q$o~d+@#)zDC+#YUc?EzkI57+OfL_sx8j3r9CN}=B8 zZGDZaTtY2wD!Tm#N}aUxbM@m$*f<0pn0GyQ27L1RDf7kK9e|AVf%g3{7Px9FFb z@Lg#vFsy32(d_QP$R`F_syUrVZx~7k;~1gB-V=xmKX7tXvQKD-2joCQRDvD3c@54Z zvu90{>FHs15mUIBPM`BdYu(EvOrbKfmX(Rd>n>l{+_Og|#LBs0UYX)iU~gFtY|s=X z>@_{#b8tZS;Y3#CF+DolVf2~)9-ZeA7{kh}AZ%`&M=Q`g>CKt}jiA0iR7H7+)e2UV zJAi3-_$xIH(%>05Ii4N z{0i%kjZZT-&zYk%QTnK*Y=+}7Z6Dh~C<^&oOv$95RyLvxQ8d2_z)1~{x`<#nIJb<1 z$0B!sc9zEC8=Dxgj}KgG6V}Fk4ueWU9xd#OzYG`$u~Au%V?U4AS39&KZ}ncD*|k^A zMR}Y=t(a<`Q6Tv3Os-su97soG51SB7V1~}nRI|xVvAp&ZtgX-%i@?rGk+mw&)YQd> zkl}w!RW@3aIZ|jPWFUy`IrOi4RrZQb0_a_9c&^sqd8PvlkbslQTXZPdVfa_toXrRs7|8_hk@`pd*1We7klQ@BF0OBfe%Ap8wv%!=nxj z8~E}`TT3g|bp6S>j^%eG+%MsA6L@ko)h>4-!%UFz=+V(sWBYu>?DMIS@uJ`|E{FL? zIM7EnzelGrkcnemADmDcOi>Wb_wS-$MFzMW+_>auiz9M**J61HN0pU8wRAG~u|1o< z)#^P@#hd4KT}WCDlq^d&@Ez*7_nhbUyRnky-8CU2_{VA@EKDKk`QR4T-xfXwq%7!s7GgV@|e$$|`1ayMFsy9GNN_aTepRpFU+ySzl-6X;jl-kwfAq z@sGv}_sSw>^2l znNNOa&`lNC^fS#1QDDvQDUVkU5AkGbMMCnJk8N# zCN}*e`lJeqJ=5Qw|J|wNpYUsbfNBDDtrZNN^n)XnhepGo!AA>@aOGo1zppj(I#N0-xi~z56^OYD1mJys z+fL1zV+slf=Yu-|LD|Mk*lqE@7A4&>ZeV%I{W|70C`_)jSXizOH~ettj@bFPI|AcH z)7+%j=I;r_wgr<{BqqAcFD)!k;W)MI3jgTf^y~X_t@O^lJX0-|3iiRvs&?6lWKFww`&`KPiFd zOP;t&H5{e5hHUJLs1ar$QC=c8(ry>5^)Mo!tQTV12UhI?yz7#lzv3e{umpZhK7Ow9 z+~UPmh8`1Iz90fhEu#8EE_PgmV$QF3>grfo&k$0Be{fi#J23t}R&GKp=O4N>C#W_U zak(h|7VLO~uo_C=#hXN?`ZbT1O8FFIeR;D{HjWjZ>L@L9C$p;L2Q!FH23iBV zwA`d6oa|y_-yv>wxoXIjy=2IeMaM&-GVVSFKfeuT^LV%k`E*@YU!{$*BBP zvD^;zXzhw{_+gry$e{6SLu`kdT*E z406&1ukklU;(R8qURazj_>wkGaMVt93!|btV-8@UrrQc$qVI3FRDUO|QMNoey=aj` zx{5Sg7D3wOD_F zKmhomqq#n7PA`+>?zlq=VSE- zmd7^sNl=~~AAot<6cw)!TOd*v(_9?^kxARE)u^ALU%WVtlL_q3kpQg4J*2 zLtb37qR?DgXa_82p}Tar-JGOqA64KV*f_q%x3e1-nstRBoz{)eGOhL{7h}UUZ>CPV z96rn%oi%c}hrM0~l#Ba!YkU?6{kF1Mi`))%e9S_Sf)2zyXwRCEA5>6=w}eWeJ8`B~ z#)FnsJK~p*bf$oGS-#A$uJk34_|+#<(`HM1(z3@+xJwI-hiWVLVaqEGY|h?|>qW1# z%g5RRX)!9j&Lc}zALOnY9m{FZjVl1vlje!qv&(Ok&*Ef>`<+~{;2$8`i2;*JqGpPNnY1Y zOmY$rhxke7KRR0H1P{H*Sz2HW(=ei;h)#(T*X0x_dn-`cOU>3;k(!tnBS*ESmyXu) z-_f}l>`F&qdHpk3fR5Gp8&yDef7_ps2FLLcm|)hkK1)c@KAd+YojnS2r42l*EFVR= zeKK&h_60MDmacUBrGX?bSAMsoSbj8xF6owYve-W0J}vE&dF+sJ^7F5jGOH{Ae#uJg z)H<*VZ{62?HPFnNl;e_-EXGEZoLLu}z;9Od z3wEok&MVzKW<(qe#UTSP?$Iw9o9DRAC6#$l2+$EYUbnd`()}>2N;g)Z~rU#`;p)=N3ZbBTUYPromp3w_k-5B6r) zY;GE!hL2R36UudTu=NC^Lyf&A6q5oz7OTdEB_zoF83gw?g@pZv^nH9?wySrD!0yKV zy}=0kHn5OW&wJD$Qa#Y8AwyqNYGJQDB#5##HMfwAL2A@CaUM9`RaR6VMuu;qEKK&K z-Asz|fz1$4QQI~F5`VVp{;5t3qGn!En#paD-c;R!_L@-k%?X%e>0iDy%THi)&t1Vr9$6A)A;c`mB4u3c2%#_!3~>xGj0~Z zdRkRmSD1E~pO)WNKB7DLeHh4OEc=#kh+%6rMyq=SnTow5K1gY^n3|QZNNG2@YtC~0 zC8;YgdpVMn;W&2EZnp!$2kgw-F5{dB75*J=%ChLy^6i}l&byLoy!5qOl&j2{Ddjx_ zIcdU*a#s$67z3O{sfBdW<%K>A!Om+lF^Fu=ZI7$vvCxrHUU|%oXEGkwS&L&-9-dn) z1P;-Vmr+Eqm{x|L+v*K@#SfxNwg{Wk@pF11N~)LdZe*!G7_J)@&VlUjHZdE(SbP;c z$DMO>Gk?aky)d=X4ozy-;hb~Q;5@)aakK_$-b^%wNQv~#%|{|)rrHZ%;32a(SJJGA z!!~-dtxmUhp=W_SU_73{K-NX`@--4^(0A-JzDEJXw*(DT{V;nZROl%)>(8=oy!S5! z&<1+^8e~YgEkEH|`Ge9QO;4?JV@~PGc2{!7kj^=r#2Gb4I)iRoz_Oa>_7#yXt_g{; z1y}5T)dyAL>@}-B)dV6$t)H|R%Bm-IZRD7uil{QzT-N#Lsm@(3zOZF*2UL=F>@$qp z56Z#KAk9fD$%8UX*i8*A!cPbEv_rX|42c}zTUT>P1pn{IWsF!AGWAnZ-fwxQ|CJW0 zqxab(?b*ZJ8e|*6@X)aG1DR-)U1jm`kCB)3!Z8c5?$89hejCzQGjphf+53iiwobb$ zS8D-*xA0#R-1H1_Sf2ZI1hwD+d+PV(l_eh+sjwb_C|eo~JAuA|fLyJl>`LFL?L z`XV?(H$!CRs1xewJ&mnefx+w}(C_h$ic`;;#eOQ>KnOT2<6mv#uV9NDd$NVRj{C;f z>#|iXseN@iyfTof7+^%7#^0!q>Gk%#CN7kiAWqZe#nrt8W2AsC%m)VuC{x{>_Xfb}CGN zG7q7c%tJE;o9D03baeFSncmwd=ebuOnSgm}f3IFz$*-8swiD8X8KpdD(#C;2PL=0sV!IGjk&ME4WA5Cm28s z)<1rDH@L2Te|JVelPYZ9le)r+c(UQ))nzgnr%~XEadiypLyYa zH8DP(B61QTlIU?(=CN04BI5=C1AwY5k#IJ?v~1|UXqb_dR2LqfbA#M3bwLT$#X?;5 z$sv1#+G|dCMbX(l#ufOZH4^p38t(zRf zoj{P;p5);>-n_%eTl`Kr5n0SK{gW$pc6JCFVe%vw)=RZ1f+ejp#_K;Lno%Pg!BI$q zbRJAWwjx2tS^__^Fjb@`DKdS;O~BiMr9(2dSZHIcFYy!}MM8<+>1b8JwRhh$eY|{h znv(krzo?+jItBsVdSiuT1D?*kbQj#RZ&ak0V7T}xtTER&f=xuVq!darD!qYVE!tQy z1G}Mw!gAw?drNsK4fXZg5;#c ze*5=hy4q$xNyg>fgR}E5`zVH%KeO5q;?beOkEg48mA{WPwW=IHpSv8alHlUv_Rh}I zgH>;R9UVaoAsrp>nAzA;7Z(j`l;M(WY-}Ha;A7YwpE@+8ETff=4aVD{`QxdL3nZzi zd(7<2KZ|G0&>!+sX8y5xDFg#H2<=i$P6w9{{IKJ+5OotP7Td0@YT8pn49fT_msHh^ z3uivD$lPOcb}}SOJPWro)A2Q*@_3V6rT1<1m=V{1dwxH_+}_PpC%sHi%ZOb0+(qiY zEC5V7|G%O2se~v~34Ciiu!x9sH1Yu+a#l6mUv{>@A6gL>9qoj=I%a^GKjK3#_C*s5 z`4&TIDzkK8pR`kQL5iY$b&9c+y= z${N9Bqs9)gjkT+0#9%x9H%UY*Mi+YVBpH{$5?Gr-u;br}2^^Yh^{vXUk;9v#_ax_0 z@A;)Z9iZPzLt*{OsuG=C||=RV`XMe>Q9&N z|9Y2f`DMaMP+`nB9P7Jx@7AknT;U3!-5bCtx>9c9&fSJl-~bt^diDAjruhEP&vXWu z3>;a)T%noRo~B{Z8{o;~0J57fws( z(CY0JkT=qojbBE#i;Tsrjaua=fCj%m#{q{7D})_$S2ss!2jeA)#}*5IAwi3*PcCZ3 zCj0%@P={v2cS=e~Nqt^gQu7~o$ZF4(QVd3 z|ASjFvxLHk+-(&eC!>t?`c*v^dI%v8(_C7Z;5Y+bSpGpY=|E?|tw z&2Uma^Kp3$MiXo1KmP3z#UTYV_A`?>_QDo>U7LQQxEZ~67P6W@F46Y68f8wfzi8@g z@@Sd%a)x&KWN*p0z}^G?NCtLE)gs;iN^T&X@ObR;tdzO0m1TU9DBLj<5UAvQ!7V|n zQ6tN8{-waK{b#t2JyK{?5^9MoP5S*mhS;zFWoST~k7)^&ug6y9>C!=F}qwAXok?Kn!%?qa_Y=kCY&0<^lG;nZT2y8ZZC>I*FsbiO`PX_FUN&9_6r zNqJfLT6X1?D9Ko01~R9_Kk6@5*$i*!WB%Q0W**y*hG=6e${4;HcE`9-O&ZSevBhiN^^YXMemmMB6$2&on&UfKE=*4U2XESC1;#ds_KD^F2% zOgqiyd;1m5^FNx0<-au#FLBYl)_cG(45!35vg>4~=ZZ6PYD_L0EmU%cH5Y@!rT3`z z%I$QKr&bCq#2n8T^C(+88*gCZm<-QUXGvVN-j7gL1de1D$9ViOGpf6uo{jR%(!}P!J4;~x%oa1lwBYLQg>3LvidE+9E&4DN*cA&OgoYCRBQ71V2y{}mGLiG+|qsUb1l4rLJllsdu`BaxTk{0$HRwLO@ zM_2jp?8q{Sl)(qNQ1*&(W|H*$qxPjdiXa2}Rm|zEv+agb1#3fBoAku4p9@|YCFgTK z!;V^t)okE?qJ6lYau>Yke*F}JC51nE_uhZ!-RT}+)yW}gH7lTkSkMsZJjIrSB>8Qj zkQiQs85tSb3P!S7hH0PE2RuY0ot8AZ8aK@ zaQl=A(5du0)ShXcf>A!1y0$h?o>M6j*{4!_s&raMR`ZiIcm<5(B%9M$n8+-`G;|Bi z*UcawMVA~)>xUNkO^HJOcgIAh35fmaOW?7la`Ln*eVq-MjP2}VeFQoqcGy;z+|2JZ znVahA!%?^1lBGR42>I}k zqZr&Yj?%Ir+R@b5^t7d8sVzUioNt%Wf@scQsq%1Cx-P!P=a5R_zsSlbJ{a*u&w!UO zJp4^vO9&~E_BR6tq@(ki(r991!vX)r?HGrFXc|pX=`|z2 zb^;o@^&Li9ZJq28jir3+pJH{1MohGrOv*!=QK0Pl-x>@w zeX}^4ra!)LeS57GftT1pmvb}x>DF^Aq$wlNI7O|d?YC>z}Ws$E9H)sRB{b6e2NlV?4-K;o!{2|RAC1{X>G1TlcfpN z?wFOrtkrrDdp;v@9S_?=wW$TtA2VX2hJpvOie-?^I1e4?cwb4TO#g{yidAN()~UK1 z?x@r7zlk}z>oTA-O=w>E^!o77)-AY@!=yAUlnVfRQelI3DE9c4YX6O#H1o2;)!ns` zMpE1F8tmXM068zchS_cBK|56?hcM_*7Y{N1r8<0a2)Ey9z3&b2M~eRm!_AN|CSd}G zK{2*|szF&GH{JxuL2T}Ow`JAx3$qr082iM<^7v|}>x$E@&`Oa)MOQHtzCL!6m?u;! ztkNv44VWw}`5Q2zP+e`z_aaSILhmeaNo*FRp-?8qTp$$(#=^naaj}#p?}md}M@z70 zSx~}oz0l*@aNO` zB4eA zu2IfkK@A7!4u7w43~n@aQgKtzDLYV%*!+Wg06>G0**~P5##wI7sHq_yn;bxA(zdnB zF3fB;*+bcCx|q1-g}?y|VJ9YUqun%+zQk^jMejcuFV7ODXD_(*S-p#o^zvLk)0$b| zI5PBD6&&1&=pfx`d=>eqxC~kIO5}7qZRhcxIac9@G3nT$L)i)YU;Hn=^ePa%z3#aT z*l3&~jNqJN#WL$c#xZZoIBbffuHbYb6M;(CE%U&>a75WB(H&^szk07O=Y=(CDH)Z1 ztg2AT9kke;bY(f8a%@ZtKs08*E5#yF$XA%CpCQLct1<|o&uoSm%+37#CRIhDpqCB3 zO%DE@Btm~FBg$OM?|ZSatR?z9so*6%xoJfK=B;#pNkSYrd@#N5>T8V1IZyZn4AwD8 z?YG$1>5HgcfkIdGaxJe&J%M*rxhP_za$S$5&Y1%}J^gcr?yP#ttvln*YF=Jmn)V4? z`?-d>i?eeTFn8qOn9&M3zs5|P?@4M}m6Pa_kFsl&i;{6@1*vmKVr81zy82FD9UEX7 zLXtr7T=S^oH3Eb{KT<;mnte@m9& zDvd3HrCS+sni2DLINV8{olq1QkAjRqgPdzD>EojN7fxF28MzC~{8#E>}7awQ{vo>}Ttu^O!*g z4M^b5`N^T~VG~gC^>dAu~;R71&l|JOQ1_2&9+tV=MhE&S|S1>dC*&N>eZA_B@#sg)oyAt{SH7{7IuAqKJ0 zE;{+VfW^d&NYXwOjf&qu`-Gyk4t6RuSaYJ>k< zi!MDQQk@z}QAt)T0e~i!Ysw$&lrjwyv!>zzeZkr&NVv)tMs^K3d3GC^L1)kZ0`=x; zUx}I#y0`aL?d4jn+|GDPUQQnKX5R9`7&-6Mk%^GL7_D%p8-<3n)XP9 z{;(UyVbsrr%FG5x8XKE|`SMU&4vxO5YDckdL&kf};pHrWg+DupfvatY>LL)!5fxLD_)L(UZl1mA_Z zuj6zC7^U(S^ff{E=f?!3V_h8Vii|M9g~Xx2-4DzhY-xg*xrkNSyuy2-@3wDL;J>Bm z;Ii0#md86<(}@3!r{D?a%l-uTy-qQ-!<5@FL1kBGXD?<>*c41@3-I2~+tb&C+)lxo zrpS(mjiuTxN1sm5&N9o&q9&b|sQFzEbF5g+%fJ=}8X=F%ah1eeEOL8fwc`d&?C{7L z-EdY{{A#jXjq=xj=t+2wFipT*Mw0yBO@R7!K!{mcL^SVjx5|u-j}^^#18P*l$vinY zZ+sic2m;inpJ318oG0U3^Z=!Nqh_)+g?nhY=c~;PfR{7k3k6EL=KzM^QF`9Xk3nk8 zVykd-=jfnEDAXq!nP19SvavQci{PfVVPcPms zD=%7js_zxs&CR8|MGrj7Gc+nM{I%|dgtKZIPrlY;xsC>-Io{Ej-=Ao)h~9zI59`L8 z13Cf>&uZe8_y46>fwx)Q!#yq%mfcnwFt&P!bb?fo^omjbYe0a%8Ma^Zax#kpeU4+q zZ+i3xl;zl7ZRhCik zWl~r`v@@9NDf!ifXu&^lQnxW9m+L>1r2iaJp3}q+Vt*L$3<wMnPefx-cCe;7S zP70n0VLr$i_f5X>#jqR-)mATb9Mx5xk`LPdkY`=bWufVYx@Ivj(qil~(e7FKxx1aM z+*C3-z|VO3`a-s(M|pN~1{)#inA!px-t4dQS~ZJ(CGqv-{F5VXX&Lw9tXPcH`rpCO z|4UH+naX8821Yj7Er9djz7zKaIr<1p5Q40PO(r173r)c7FNK62OIc;FAq1)2XU?sd+1Oq8gwmZtpV&e00SPRh5CaMgNw_)G zvLShS$WXe)A*=mSjz2FzPGznTKV&5+&Eh|hG`XG4R0*;%ez^YQ7*&nhTU-Z?yV2$p zPxOZ&+GYS@l_gUa96^*fm-wGIh#Uds`EIQI6Me42v8LY|@O36sRkoGl>Ed%`a;Az` zC9OJW>dO$W)3%6+mC>81qiw#db2duoGm`{!1q z;>Dq3W5Wo79aC*PAva`VbO`+WhtJCAA>1$+Yf<$cZ&E~VL+{`u;4^m;GC^v78&+4$ znU4$Bdf4WxspRv)%lpXw7T)Xz$p8S(6on$1AcI_>9HG?D5Ix^ZOZAzVD=`dBJ2UuV zu3zt&4i2>0(8$isJLZ_tUQ_mKX$IBP!WAu>SV{}L z_Sx3jcjSA}HNSu3z0`0ipt?e%krQ?Lhw3@X<$(lpl?w~dY6spXzLw~GaM&%U@rn=wG01pqc7a3S36 zsK{)_!w%s!%Rpi6?&9d%`~6&ZQ@gPa1)u?@$#@H2BXTCWIA7?yN(}7^rupJx{lD%s zh54#k_P@QUthR;+`|9f69+%-}+WOj+oyp?R${+(Uy~oNg~0nTOx|zG+%%J2)$8suk~mym`Z@r1ZTAn597^*3F>^w@jaO zjGK$A7vmo~9n`*1%F0y|_O83>ddYHR)YR0pY;kpHu>zSoB^Bso@4<}GXB%O{Ww!4% zK{+@tb^@0yl>c9-9C*3I)HAdSnTWFutGI4#v-1Zb2 z2F+%!-W4i&z9M z9?3+<(|u6q({mCi)M9HXj3Gv!FAdKgz6Uujp2D#Q4*?xU0!<@I8<0pl%d@DkZ}$w*a}zFI$aU*j|BaPhqKnV~1?Q4yGO)F^l8S0$f6oQq5DlO1 zmX7IIWwq~}V(Nrtk@H`Te&&Q%C6 zZw0}xF~&bv|LYo$82VYRkRMt@yh=-1eI8xy1+5`_erzJI$6^)DQ{RfrX|Pm=nrA#` zI;pWB9rI=3018&Z)k#9S_VHKkpSsN<3gY57l$4b}T&t{h9-VjY85^U(C|)fsI1`l) zp_d2RS8(^^dfL9Wwl?>{0MapOacdzX9g|4mD%YsR<5$>r5!m(J37g5tMdum=pS2gv zwEw*|z*I_xnVp(e5wQKaS6{HNQ^v;b*W>5)&JV=x%uQ(wGEE78#(7DH#ieLf%fYkd zzCUA!?r%RyB)Ax;OwUB3#H_+?rfx}tJM9SQX}LV^PjIidGScw`agVh2S|Z_1YG(W| z%S0V$1z%of?c8qxhaeKFYX~9z!Dxb>r+nH@6vo15H+ zrY0sCSy^o(_)%fCkSgZ6K+hJBYIV zZn|~vA zZc7H;5(RxBsN5g^|5ffB;A?>|?n=>?+7|dhH}#cTKvO5*YzpRkZnd`DcHfM?%l2*w+p$w6tjK?Ctw971J}4 zlf5q&EiQe*K^o3j0zW}8dH%Lcrc-lVxW|FwUs7;ALXeTLMQrC;1 z3p{@%J}zj-OUpJZd3bca%ACCFu`G?qV@RVHq{87FJXM>-5bzj+Fg%8QVyf}2FxB}< zZ{CHPvmvXjJn6}5oZ_Ct35Tgve3A1W%M=nOb;4@*tFx(e+KXjLTd*fICO-bqNA^?| z?70@X=ogVqxZF=)!8imnYiii@#{D}H%<_lSy$i<*BL zje{B<#zE6ZM~4KP!?GF*PX|QFVDI~fN0qT$hAo72n9#S|ZwU6)ngKeJMG~;m-YL8* z=ja^){egAqC2E4n6jE#&kzmDPRNdFj@wXCl5x2X(i1HJ@P3=)urVOj-kg{(;1Detil$TmW)6D9!q#vlm0>V<6AB+F4i|)$xTgf zvT|}b$4#@dvmYtRmsw27MfWIQCnDSj@YK`kS!lRl(_n5%iog4!;!;LViK=Yf|7JSC zCLIs1v?nb+7I?;jFUBzTYuT4gl-%Ea80PM6$Q1(m)>`N+?30GC5JhHs`fZG?yA3LXf0+}y~K#H-+9wqcRx zE~LYzBuH)U1pfg3l1x}5l3r9c9SWS-!1w>QTPtMbHL@=hL}A2@Snwuh*m#&?tw(Q5 zn!my1N#0@rnu_(*xn5r|Z7O1Uq@S*&^yP1Ig11c9Gw+WD#wH75@pWWpVScke;!BPP z6U!dwkcy&|m2DWb{EZXA37h&_SNvV=vN!wUP3{ zhz0+_JGt(@P!W^_Or{-4Lps0IKN{gOoM9FK_SF3E>@XJn<&cRS7g3%hMKI+^N*qH!5Vs_+w)CT%V38Mc=%y(bE{FYoMa@2a?YEVM0=dbl&V zP*Nu(fwGD_a_vqTA|gW9-wZ-wT99J-Ah6pb3P57~Xf>AZvh1DnxokUGp1$TdIP%Zl z@Z5{*mTlHVoSd;NPnB9f@7+I;cy*ZvKZzV|yfIa3Rr{Ll<{Y9u?KNN?<>;@U3%;*4 z-MQTL+hm8SdJ9Hz3833FlyyjWqRv9KA0$EGVy|8aBMc1Dd53T8MQ=|Yra7*>n%Zs6HGDfe43T7k-n9p z!`@GcwceDv(3z>gne|;(9qy~hJFATOqZh#*ZSz>iG{HNRGt)?&pIgJ`TiZfC-ZFdN z5fM`4=Ly45T~k;SlcCzXirGx&=o_RYJ{d(x1J7PRZ%*rfV77a(6D6Kpb*D>QeQKnn z;UWH%vQlL4SDTBEDvHKZG6TOA$i~{v-JR{@!C@P9nGPfx4`Xy(3$cz7%O>fBETy<{#G6O}uwp&;YLn zsqd*WJdxO;<53H6I|@YHRA_DqZ-U2uw?Y`v$y@BQ!Qurp-B z^G#}5ZK`tVh(FXPl?CyX%F-q$Dz1YKHqV$JHF%+&J!7YyXdQ?mNxas(}zm#t_$2kv{d?pZLe5COl03CVGm0e4KmqbZkd3FSVKv%F;ODIufGdQuU$ z<}S=Bg--K}MWIa)wD+Zcov}zyBl{l_+msZc3O#C4YwC&`j@-o@B{5L!`lU$)!1e)? zhT6rrNs*==J`5tA0y#76PUZ1D%I-%#Ulrrgdr8_T+aK+1H+^wy!b-rVlk+^1Yts}0 zze0jS`UN?ZP&^j=jtT+40DxGSG=rP(YLf3scu_SR&V{nxOMLEuo{9BZl#Me!ML{wF zvfTpt15k8>bRA~E!y683ttm;Sjo+g zuJ}q469XS!o>W%SYN%^X+WzcQ+q*W_o+CAU(D=~J4jQ2q+`ZZSQR6|nwWY2RW#_E0s@2`K5|-C4w|%2vHczzyf2zg0 zL%BD~#%)IfX0?joW6J>05izvXXA$5&Rum;`=_-M~AI}e{!y8y&c(QI?^ z@8{wzN{!hjrJRGzw#miBzdPz?U*HD6Baa$41=K0uM&}t>o+z%n&^_^rrutVTuGIXe zq=3j8RDUKJ6;felyLx(m$;wI~YEVnD|FWh}l8Q|-X|agj%#Dk`aVpq;xX-BYM|b@AQ16Su%eL{_8_?86k#UiI9=~WG2 zJ85aj)gGGGzVX<`_7FuN5Ufp$a0eozcZ{{z!^6WXEB)#F8x|h1HAmH3~*B$%q(_G18yK%w07>bb$2JvRZ|ZP_c!57wl7Ow1rr*xuWis|?49v7 zvA^jc9jGu%`IPwF|1zfE{f&StnJzo!${^_)-_p^dLVUZ4cEp&IxGfS@k>j?XG+Y{` z60x~``MgaaMVH-_Hh83)HxzvS@TP8$9g%hGj4&wSoFOwKrpK~~m=_pmyvj4lY}fksxZ*v< zWLLswy5}S}O!QHlZ|x=FgGCsWwkWpXWHzw8$8EI^D0Hy#SJnyzFyf*q9O%W|jG-)e z8Im=o$^QNqW<2pIGcsFBW+@tqJG1rxb=Uh989+(cp-1KFYqldn0=HlL0~5ymn7;g4o{> zEjydhkNg0=MtQZ?mzmLPaC$;HGYa^dBBi z2*(u%sa+2Q{ zkaD0EUK(V<4}#B=(CMH}%-8BFbZXWjLgkQ>{qt9{``AbqA@p!D~r%pXRJ^hMgcci~$Hd`H!W345$lOQ!9S ztP0==zw=S&&@_ILk0C?fEs_=_$YVmCY460rTA9@b^0jFVyQVxKQGV?F-L zEY1^&Yd2vQ*R0CzKJYv;IE2jy>5hTLym5GWq8ig>eVm)vsA(IMX|7wNkg^*8v<%wIDn>FCtg>9DEKIejtQy zdw{i@A$#GW!xp7jL6nc_2}kqPDtsabm2bTZ`YshtPZ8qxGKjdTDD3c-4>BygC<-6n zc4Oy-4S)%Uzdc{lpaHLfvhs{!L=~`5TwEWPls2=(j61SZ;#O}DgNp{xWAQHF)oqJB z>P?vihecwpzqI}fBQ>eSnNO7O^h^v{S-N*6-;8s%CKR=r_|8spYP=!}Vy^GDd45MU)hSz*!JX&WO5pr@aVNK8 za~+jccJTucW@;ZP;SEBQI+%Ez`iNq7S40Bu|wRT_aXwTKOomC!}a_i zc|9GxcN2;l3=Bgpr0xbN&f3i~%7~X82Y4x-=qD*^()dhmD7z;LTqLP5&MU#m06&B< z;vVaSu5fxvV7Q=lML0EizUvO|DOL%XSg!Esz%-2D<(!pY8^7>Kz&N_Qf+xrr$w zw|MH_prsn?XBCEY^I*1`RG9_*-bVeJ)a*D?8&gTzfIV1+R8HchBlljzZod$>90;)e zK#lfxo+BPFSY$xD%*|PD#P#T?akSleYlY6^;@Qkj8ivv5z_;?6}iJ_bP786mr$SZpCAZ4m^cdg>e?NnV}m~HvCcI> z9|q|giW|WS&CWONgY@U>?b(C%^{XCD-QN8mRny-0L391bcL~IV+koYz$y-A-8!J+? zCZ+HB=4G{;w{6iS(S(s1*Vyb-@vLaEiCXDQ1B;AIOf2v;Z@|f}qfQIc~P}uI2@KTYA;Au++Lvwur6Tr0a%qLpFV?+(e1F z6NT$$;7nyTy~JubB<|MNZSSuw`P8kCU@oy+RptKCgG~2$(5-)AQSxA8uEH!x^wv{@ zhoSm&PfG@a^%3)!H}#D+=mDZgATn5?^d&Q+mabYT%nbVqy5!PL!z$`T`@J)J%|F{L zWcE|`V%eUC^5jvAknrNtCxNc5Q;N~;x%IEvkxO^zk!(-9(lsG#$B5UilWJ#op=IV1 z(%pi4_cqXFq3$Q`+I?W^fxDAEwx~+Iw7A%JaWo|#Dt!6`_=J1OYL6vM%*=wadz3G4 zZ7i>TWnJG%a2M_`~b=##EmsaZOefE_Dk5I*Ov-x;qx z@N`F)0ekZ^cw^$v0~(zsRJlp*8nW&M>FY}LspB;jDKpx4`4Ef+63ZpM=0Kr1SLhe- zRhD=yIt!E}b!7)M+Cw-OB&aRQuXEaELlr{VBuv|i=R+56mzo16eY*m*x51=b+AyU@VXfSZ>0f%PpxQz+KY)Us~ zcVJi7IVT$;RW`xRrJ5?p#h2C`gIZLC*w&UMnP*>wL|6214_%}^?RM`s(@4yOY=AK0 zhln&mnM>99_iM_ba1_-bscg>w$Jkd!MfrVg3!DIqN&IfQf$-6^7k zlyrl1gF_53q|)6r10pRg-SVE%-#^~xc|W{sxm@B0=ALuTz0cm)zV>xFT%8V&mwyRe zf2FB;u*Oj*OCfS9nCpCeFj^P7Y11ozGFwOZ^D{MCP*ktFL7-!<{Yb347xvr#iGV|( z6nxV}aDMeI8*TSes(`+c{q6es`U^VCL^iVp!4Ua1;@QDSRy{Xm)QkM?(l*=fQdzgx z5azE;^g~3H_;DXRH+xA28(+SM=lmA3*ye8>;)#NekL6m1=5ECg48_`YQv!8;z2t)e z)MLd>*Ya=|unE(6gBreyvsTT&93bZ9^Lum>2|at%`bE=oHWF&-rBj<`8t5;#HwI_u zKFeV1y&a_m|>`q->oH4J=3n zh-fTi4nyA!J3iWgTl7?pQT7rd5OD_u=duiJ@rtn6+(M>r@b`qs9*FEIL~lkxYKD=u zLe_9@8S*ad=X;^mN2DoBev22Ra!6oN7UP@(L|yjUjQ#GHubuh7rr%ol2Gmz zjOjP9s5c*^c%f?@KRP)nQ{HsONG{|)WS{#m2$`Ar#C4f`-kjgIwQk~qt2|2ies+&j z)WLysfTfvP9xMakAGHe~jY}^G!6;J9R$mh5!O3FeXtnj^0)Ta@7nd)|e z21iWjE{2MBL1$Cy?%e2jX^xD~Aj5KdwSO{#U??760#yrt{NbNAnV7__v3(A4b2eS$ zNvn){O;Zo{S+7aDp6(;R!q`vtL^iY>m8U0bq0YZY!rwL(XzMBo)|6&%GMft|vP|85 z(Yh+^p9IXXg&%X_W332bI8;A`mDV|D35jkl5L0katgmlZSFwe*^FVk34sNt)8btd7 zQ>jZHAe)V>)Q|{+*@<7FNe|_VF;m?LX)4rd&}=WU94u-=q_j>leTKe;b-57mkozFr zQWybO+6wA=4_6AOZ~zmTZKJ~)GLub18k*E2;w?#761SnIhXNko4OCyZ?7ZRVdYJ#v zLV=MwBBA-ANj0TYj5$tCGV&*GGv!`J7&BmNvo24$+5$hlXw3cSMDIXC$If10N_;6O&iIzD>Jp8Iv=SHA5gsSGj>U zj`sTc!uV6X-DGV+63mV2;)LjiD|SuJSXcM-<(!JHi3DP=e`9x4&nE$LD>&(iyZe{8 zDXH*dc``yp&DyJ_HMSmJouUpV9 zw8f!4+Tt*6f+pBpga8PTQ@`o&QQ%EATK4ecz_BH)_Gp6>0)v*k_`5~K<`7XDq7d0s zsJz^s<>Z9R>z;^uYRvFB$Ji|b^?;npUuzWnXL97^&FDK9R|7y4s7iw|8adEi*bY51xk0RY2 zr&CD_llts*JQTYi#+=V9-Z6GF^k;fKj~Y~+pUp3p?8p;PUv9NU0Kge$91<&7=jOs49WX0XT;=VW$^pdN6F-Y;cfSr1tzdZ}{RCq4n3WQqjX}UOt$a zrNU^>Cna?EanuuQw@(H$Z%8AIyJG6A#*Cp;MVkw^rA9K-plDx6r`a_^!WicbSEe)p zuWq5`ORiMtsqnC^zC$@M?t)FN)DLN-+6Yc{yIw_ku5Yj1TQ`B!c#;TC#}8*&W>yb& z^W4~3GIEH?#Qk?;P8$rhZk4!UVE*mY1!MbVT`7Cgh|WAM>Y= z^a$P64CJ)J@SlE4wRqDbGe-dBN-_YS3=d&*+g7;oJ~2IAI%T5tv-+k@3Wd2j#ADZI zp^p~P&DKD7*>Qv56CWrSwB_Zk7#oz}9NKca&?gmmKRL+WzBNYEey7UB-{2&IeK-=J z1j~swc}fMtYLNWHTMJ2%SRL-PX=Ujci#rG2zB?QcOo$(RkGXA&A|JNvuw&`LGa|HQ zvvGI92GU230*MfArhU}_oQ0+I08Bxf{yx6PEHaQK>~%B*+_aVI-FEU!d*fB~_0xIF zw6=r0YMYxg&}3_w2(nCriv{8;yE&2Vl-Hie^>d1IzmICN%aqnF%%iq47gup%r8=L{ z-$Y%$*NWIHrq7(;(h`5#GxN>AjXvKDfaZ?tfZLPDf4h44VJ*Gq5mC%|T-?iqF0Avp zK|9~;qBuNm)6m-i72vRbx+)O?(L=4T!{#Bi_Bwyi{AS z3_jK(ck-@71DrFx-Xj7#yW2TKokpT9O~r2tw=HX!=C&zzd3|gjJX|dsE~KHl6v3H(Ty;j>L1in?h~ z>>z1edXzP9vPT%F;n&wSo(z))%V5OzrU!p)hZ20a>7e3uAlj_V0o@7K{gU+xKNxKt za`a0a$j}0_(YK@M9#j>DxX^yw+gp&dBR53bQ|dQK?l!j6aHx${Zp(#t?r*oVgq;^iq@F$w3=Yc=6M2Oa(TzEm7vS>c&9 zj&(%CWwbXA+CEAYbt~a9M3AorQJEux)~Z)91O~2d26dc>%l~qWi6K@|cc5!D*2b7s zOMj76HpRL>HZ>-Fes6NLWyoIaT4a-@vVvI{_JfaT^6MwSD8LK3d7J7v+wDYo`kqiC zr;P{ZD4a$zZ8I7{RGF^ELnrVG&ih;(NFmydF@d8kH|+?b~QAFl7g6orYHhw`XB=!|A04@#ZM!vFUlf;@n;^xe8{`GVXuJf} z$B%ay85ucdY?o6v&+Ya$b82cPPk03cMrob7}l(RakqP;lLb4JQ|;+AZO^N<8t1t%rzPU@!7QCedtlA+jm*~ z@h8n@GQ?t(TeEcTshwESFYV^V!%kXwjDPDWY(b1`o+ zGc}~n=n}cSX;Pn}lJ@zZmozpOfwCA@ zImfR1*cRcqXDSq!0v%=1ewMoUT~P8g<7gWxdE*qO?W2qZ2VTZ2yEg)LyZ|u7WYD+%8t}!DS*NF2PT{;a1 zUF=o<|C*+LBSMgfEdjZ|uJu96sj_m#39_P!Ld#sPj?C74LRNf2t}l7Ln!JZN=t52m zaM~D%KJ&W>bt;OLja`t-4BAF1#Vt#*dvv{d@HpV=FidfTchGIHCcXYzI7v&))em;tCZ&D9J9Kt>`djDv zDJj=XrQGac^7Sd{qdtj5z( zwtefcoTE@rvRxKV91`@(ir^^TQ89gHjzV4Rd&Fy=lBl6oDXaxhJ#(b68EI*0H0uz} z>}U-?LRMP`?n5CEQWt0EUw49N09j2?^6ot4Bn%cZp2ewC8@IWb7vcr9ym%**-Df3 zwLgywboJb_;th{HeV@-6V(lTtbJ;#2r<0l_(a8M$a@2>npx%wkh#2+CKO%hKG$KR0wL!85qXCzNKhS&GI+QR1m&afI&n~q7 zrz2Ybb3g5ELkuXtfA}qaS3eROfNwb?=A-SFGc55b%u$%eE^QYLQ(&l^yQAWf(4+XmtkA`slqM1r<P zPnMNbf`HIp=z+(ym=Ttdw9BG^oEUCTO>8OWwYjg{QdD}iZ+8o}vq9!Vip zTWLgSMct+^>*&^9{pPXQ)P`V@e%rcZ&6QVYRoCd;v7*v^E{7};o{b@G>Vq@!pJREF?(Xg?vtO45C|FUvVgooitk zADBeG$`#1*s4owhPs9!Pi}U)Nz9huMyCKpRwIO*6q7o}ksRfa!m#bh1Z!fDzTc^k? zPqoU8ptwKmC?b;3h6y1Kb(41-`PsNB;`PPlQv~nP4VSJs@8apxqt?w=Oz(6PUbmro z6)z7cSCNG^bL6kP>YY3=d=O=^a$2dRTdoIVH?~tqmyRIug+&!%u6718)7mg%aT!v! zGHm}-^!VfHRIvr&ttlERw%D1EQyTixyuVHg0}Kjg>InJrq7rB!JSAD`y~PX!u+oOM z$B!Q6Et<2A970%#fWmF44Q~lVyjp!3J!0;tYk@v_*IGT6cf^=$g*kUb;O~3_o%dmeoeLkQ`u4$V{00g zeh0^qxXtO#X!lV#&EeQ2?;E2%Uo-Fu_2hOGNv_Bmt5c^xPrFGEA-pZ}Zw1B`esnJ4 zft~Gv&T_xt-zF0t7E37Ojt+j=2W^jLM7A3#X;08iptdsEAE!06%HLb7*$aEnWA=4p zjtrW0mM22AdQ(5Ht(b1ErXo09S4Gk^)lCOygT?(*dxL=~{mgch1M*e09f=OlRw9%nYcIv*6}h+a)OVxzjxWTYJYc{Lc9M`f^V_dNkkjaqWc7YY&yRA zcl)qLQ*phgCyU~Jb5uX6#>hw7P`plU`J2szjTaItZArb(m9X&z6Q+UZE}Om;VZBkN zH~LvXdaODMt_AXoL=u2{P(3$CpJH>w9e-BfZVhk`oBy3srHWG}R&HUHH%v~ADS^@p z>miDW*drC%D<7IV9Ly*6L_3zPIz@_l=OUy-9AcoWTi+l z@i}>ZggESPr2+nqK;s9C2rP`hn1`hNkMP#~wVU<%-7g57P_JrIdCCoB*EYL|`guC2 z$2P9pK2~WfKyWNiw~nN~?pdLAW<3rcnIo%}3J7SL9(8Q|DYtEOJf&R5l1rVk4I`K| zptQ`9X9*z6ED6=K6KynRpVf?dvDU2-RZ4Qs)PMcpQ0?mngrAEY%a%!0+1fj6edFW( z^>8`??+da}f0>2^qK8YvK5lloGi1Qz=oJ_)a{%gwP_p?f3;aZ5tPYQoCD+Kx?8d>b zaF7fS=nC&w9%OtbH-YdlURbv=%%v089e^-{8vIw@$Yb2jIrWgf^)Q>}0!qDA%DRr-bW$ zkf&BaE{dT$zaCziy^wX`u?BL9X$m3Fc!bw^+<=Zr;$(?lb*xo!Z=)s9A^x_5SenL{ zgzGb-57S@lMC%$Ti1e8X1x$CcI)@=|T>UQQdetZ%#C z#*~-qI`{B)0}_LoZSt*qm7IoGdE$nP8l2BY=26c6Ql&*sHlBf@P0pI!&}V(0mn?Z} zDrad9NRKxUM75HiBC=DEs-xF0K$g1&--y*NqN!kOVZ-lve3U!s!Qeb4V9VHhAZ|msA19#8SgI zjhO1@d8h=Zd+PnJMF=pGw}gI5av6R{UmN-f692Qzr~1K+nKv~dyuvAQ9|kp6BMpU? zYtiA68Ud>SWOa2!j~q_gc;d5caD59ZSBU^ExNVX0lPP8%8k)3;a&2k#hq+Z<;BBOa zaMJ%LI*Gk8L{A~BTrzX6uJi^wv)25Pfmh*u_%0~{Yh_P3F>%W8xW~}SdgqS4xz}5A zwS=+PpL!qa+dSTZn7zFL%kbN}>2jpgUP4;rw6>qpQ^?#(b90+KC5LUhS&C)0btXPZ zDt=&~*3WB>Kqo1MNChLq_fUY_4R4e@x9J|V_;by~l3F}d6^-rFhr#mS<Wm2c;$9zw8^FRG@C<9-zh-&D`=vV6QqtoM9UyX)evw$!+*(0WF=@ z=_6`E)Lyi|Tdcphjuj&myc7?|JFGDFqKgumQOc=JFL~{1wDsk>CF!;GT2@UqPU|Oi zjh-_wAal0$adG!6Sdcblbezz-t69^#?9LH>xNv&`ssPg* znIm2$F6h^4oDi`SFMHdlFL2ZCThLM%cEw~a_DcHN{r7NA+8X>a`99%Cl+jN7u3nO! zQ&GF11*0!T6Y>$qu`sWQc>%LeUBDI=5^$?a^0j6UYkZV#OpKb4AuRH73d*A-y2m)) z$as@r?Qp^yCx5O4njvpKr0i5!^Hd{p%JtpS4(|B$(dKFK5(O!aMRYJURNJOL1y4^d z6ldi_=*H7#XRu{?FB&inH9v(+>>X>Q@lEe}aXamUbC;K9(_abuo!Tp^jF@s+gPDcw ziHXrZPuTfdM^=x#hgduvn>ZaK(rfNtc0Pzn`wj^GcUhMHjwd7%V)-6^^IiP*zvw)-ePulv zoZFP-lcyoA~HZ-%kVo%J{wu&*wfQCsDDwI zeG}ha1jE73p}x~y>g}2eZlthDx0uJ*2k7gorUt63*qgwbr}EoZbO5B}r=~}3Id)PQ zmE#+eWuHx}<1h%*M^x3G#a$VOh{q6!h`;%bpO`en<9+_53U3goCw!)P?)Dyzh<{2) z4hT^8(g15@bALU87 z@*{$8y65CqOO$8yTvFcDl#Lvn=>GJpns>A1Q?VdwvWC&X@n1bAzGE!&BBI$Sik66&e*n5DGzGk}Y%EH^6nra$g) zf$r<8RGSzNZ<>^O-{^JVMk%XhJoM(>m4AyjxU9FlH&m+3MbObopY8t<9d$85k>lX{ z1@8fhr^fZwW!Q&H?6P$pXGTV7A zK|738&f>hOfBE1f+PgM$t62mj?Y|2x{hKP3pr z%R110=6MZ>=+B97b>ZZNgfQp}3=dAnUr!(&2eO94iT|sN(Z5@*TZ}@S54qpzyO=HsYsnFxiDY14bj{)0M zg0wZ0^RxNUu}OL}ZhwfG^i8NPnEo-95>i9%v-UezD9VpE8{c8ZllgaYMfLm&oz-2P zJzzo0z5Cx#{^8avDhZNrE*EppHDkKHAHt|GlG?JRCGBM=>mfzI{xVqOr7aOAcA%g_Rt%eB?(;Op$) ztA+fZH|v`JGz~hfo&8D5s-IoPn%?)|xd5yqDLGkUL&Gc8MvrxFsuz7%bT8UkHxihG zgR*iRtmEnnwk*7TG=h8N`QU#xR4_1B3Grd2C}AbzMgIY~BFom8{k%XpViqI(<%0T| zq)ENg#*72}VHDKMoQ+&y0^gas8bBqQV*A9?A7uj+lG8)C8!^%X|7C0df&m`2*ioz|87&b+Aa23wvWB zV-QDPf+o*m!r*t9?AbR`-hxJyXQ`ivizpj?-0x1k@v3NY%Yf6BWT9X7u^`QDfr2d;rc1q15BUw_;1^ zbTu_@>HYu4C${l#E!%k2*Uh>Uaq#dE4L!P#0<3|uQfuuT9kNd=vDfcU_e`z)7#>oB zZ=7f=xtNl$BLkkzq$%%*;{f#tSE9tm8WlPG6@_ARjZg^1U zzOaxkjUJm?_W*N0gRH1w6@D%_FxWxZ4HEVAcXKGu{~ay^@xJ8=mWdE;FTK)P|I(VN zIjWMlOjSnao;+0e`U7nq2UH&SYZiIjGbl&5tp30+!N=%y0|$-x;N)Zv_wh@id(yKv z{#V)5GD8grxiFZ+V#cYQG#Y93D*8>JID6Y!fE~2wfdS7Xo$%&6x15RyCvxS z2a4Mhn2sm*5bUO@aN++})j|5;zb~aHSQ5ZhV(MpX%^QSPmZGwWvW3yZ8|qWTHJ**0 zo1fv2*dUiXPxML<2kvmiQi!m|I($~S=a5}^tj%f-yL!)}T(dWH)u9R|?d2l`7z0pV z4L#rL3rUJUDr3yUd0st&j#>V!2G%B>S{Xy|qO92M*~)Hr`_B^sq@9Cbo&lkcS4H`cxYXViOsKZekEl6Dcyo&l#d%#V(deqk78mJwgw%9r(|l$g)z7JjZ=`IuCJU zTM=`Vz9TLDD1y5eZE2EbV>~+u8T$s= z?+l~e$+{bQ^1n!HMF=uv3<@QG5dxAY1=%L36Id%KdMcu@X-Dt zN2H3Sx=G+UTE#8id@RvvPA@e|glZ;sS)LAI zned34B61cjw0X#5zFG6ePPZz&93|`tZXW&Ho}9B7cx!j)x+dLE87g3ikgw*NS8IM-&z#K zF2E;2FXBuuGi3Z|$0oNFxiNmRDm!+J@pv=SilxPm! zc-wlxoEHLaiOjle%+oKY*jQIKK@gzcZPUlqf0I^RSp-BYDt?DM|0HuOw=j~_y|))! zd~YpyO{pYi$lnwF64RcV6k#ECb@KFb*{3OKF&@z8Z8}IO&=L0+1G95Hah&o)vNPOF=4QBDqf%s`3q?d z{3PXM_5MpR0vF=REi6LR(GlLzhhE;os@k_!#XStuaW=YNg29M0fJT7mTX<)?BhX_yNPDGpq22v8u63B&q?5Cs!x2N#84!&9>c=iPkOs%!$cU_-|q|; zp0)o#NAI)4_f${gi~+Dz>)mWWOAwuga&Fo{D;QO*0hLKqN7<)=QRN3vhg+-4wB=WB zVcezbt|aq_pc!;BV|TU_`VTg94TB!7juq1QF7a<1&!V5(-LZsot6_#hLx2nk1YBThGPx z|8=+cw-J0Ima{#6)Qv-Gyyy_5kbXbEz@*vX1*r9N^8hB#D=ll21N6Ma-tYjfi(txu z3hyl}vBP}yO=_PMtI{AxPz@Vh#8TF6fJfq$Mu!@5U#THUW zX4zD#azqjg0cW^YY;CSrw|$C>5+?v$}AhW?4nWC)!E31|6BZ>@ojUHC)4L z09Wi`R?FSL9Vzc8_9+P~0?sArH-n_>WQ}%|ga~;*P}KQh$HfuB9<}jjMWPGl($KW3 z9WypO-0%+%J1PP{m_N=Rxs=~q^XbK55FKB9Y|i!SbPme8kugv;TpjV`F=>iPRB`mz zomc6(CT2N9D?MaqUCBm_iBk4+5+c8W4V{ZiJ@{OUnMZ+8ub(RKeDF92?TV|3i&*{!GV-^$nse%;aT@W7oX zk?N9M0<<(Dl>TikZ57PDVCeo@8Tm#*&NI=>Z|adTP+oE&*LY9Q^M@i7^r%DYgyDsc zs&>f?6^h20EPpypfAh0z{=dMo{wcZtByUci#LPACZ3()6Ji`v;_Z$p}T*@&)xDC?j zsOpKAt(k_Wjc|p0adA&oa>W~!uQ~hac}^ubbEbc8VxF(6XGt`xp01ekk)!ZgfBQY_ zgW=HNW8~YEqiWnCmEV)!IeU6ZPJ0yP<@2~rr>lZ)z*FjGDsYKul?UHUB-n}uH57Qd zT-{#Z+~%Bt_7k|;L6kw+OVUe_wECaq@`o-awJHD|uG0;?tg2|Bno&+g*#+Zb5rAv~ zB^f0xOofl`2?&=Uyw28mLXA4K$p~E+W$5!hb+}(-d1yqZ#SO@_5vwU_m`xc)p%qa6 zLkjyKNfld(M*q?*YripFVMVau!k{odR9W`k$hY^O3Fsjt`ypL$$oH?$s?AKzhF0*3 z3#w{cn0|vI zYD&0M)l6@b<=b7q7|FMGj+WEDNd79%F7vr~oF~Mk=BZN6b~giKuR^8`5t$72)Ho5D zVc^PylIP_R36a>n-G@z`LdUa>;Z{Tmd(oqrLG#E{IeAeW!Jw{#c>)*7vx4 zRPAvr4A49~zz-GcUD$ z&w~A1Bo5ykv*L9YN?5vE$OD@i#n&pmOZ7YmT{Q;*NQD)><7Ws&B>h#7>R>C4?OgY> zBaRWZLf}wxXWuFN*^LA=p)wjIqOhEh3b2|Nx8FO#h1LCr2ld;W;$&=6l--~P=6u~} z2@i{XK*I{aOzUe~HEo~zBhDebWh)`#rzQf3;4d2Ki+wlLlC>Np`2SrS0f`Cl@g47| zd;Y$G_7D7bcW(+1uJ)2OtfL!6e^1smf35q82&YbW+sh%IBqxA7PK1-q>I&dDY zJyIU9HSDa3DAS+oCfTNiz0A#dHfJByx-?HB(Pj#i0nv|z!T1pXV!sGL$$|oso)mY(c18%#BQokyd`RCzI5^NXtml_&vtci&48$XO0M*aq!Xr@Dy<^BQ0N zw_M+S!dp+O;+9j5ml^Y!#qhkgI+l32)q3Ski^Z@! z8+m5AVJn1Zi3z=)=j+QH%TOISYdlCK&t4P3BeO04r z52tWv&I?03QygvzCRhAPbEWkV5otQ56@OEpdsYH)O>s*x*Sa}bkzP2~Re>4)UGD=lcK=VnI2F`A501}!E~o_djA zEk&rz1s!&%M6n?*5NF@uw9ZD75)f{lLoEj1K4B%riv>h+euf^66YgXq!ye0r(;vrK)&1tysy;-l<(crd)RayR{! z&>CgQ)+L#1Fho~HVOpDH!a6%#-L3IxwfFHz-{7;$9HJcHWNd30nkQ223+YU*aDf#8 zO)gp@MW6T!S0#%c4IpnlUgW$M?_2Spg+7%%{-I1~F)zgZu;eM@O7|tVx~c!yK+ED= zKhMsv*EH0Eb}wqfq#SaY3nHCk%s;0!*wkMPgm>)4d+456rJYYLkqTb6cMxV zpL-A_5s!OH2oE3)sVAg&!G9Ws@CfHYhYteE%J|^zG;nfbmD0hVQs3pdd8&tHUE%7y z_fhc=R!7sxHwvdZb{;T^cw>;hs5kPYaXEwT954@{qmO+ldA1OPo;a=DJS-nn z-A%Kk$ke=f6q~2Fi0e;T!bjSSyLbE~+)ASp^$>8DWcP1y=|&A<4c3YF$4~^kR8Gk7 zUfKkaqR?=aRA;|!^UuAFbsVs(S%ER=^F&lGuWSN(K9VUE;t)^>t6QOcC(r@PzwU(? z#dF+ykt0n3`2{iLa(UYd9s$kf$8A~z6!%Ezw@~gR)&ovbXRb0q= zYr?pAqDPk)^g?Wp{{ya|A*_~ETKuS?3A2qh|B6EHRPZlE)xpixm63Tf;PHK0= zJEMyn5nhwht>P|CPWGzjN*Rp`<^y`!Dm8Y~IeQ~U$OhkB_5f10+|)5h@Qwc@v*1!O zLp#4GRkp^VTO0UDo$imurfTx^c#&u6YFbVoL}Jq8t!k~k^cEz{rS5?Fk#}eXm^VKP z?qU%=_kU%CqI0bl@m+cMA*{A5zM^tVpXYs4oPb$H_j&omk*()e3&Ufw$M6SHF=?iJ z(?rQi@YGiP>53Mf@T-5>2>;pOM0B=fK5$p_Z%M_M*n%&Jg#Q}J>QvVI48R?`oIUC# z#beuiNBtxD_ z4Io#XAodalmB&sKwsV1l`5RD<4V<|0cr;TRCj`h0-Xw1|F$EJUa_P9QpRMa;Til=i z*uwK+)&^GenH<^m*YM^~N~?ih+@v44e{&2Ws^{wz*xf+*h*kHsgDl5+A$*QVE9Lts%i?J zrZi!2=Q-7V34L>vUdmMP)6TKBzz_7)sCYOl((RWsK0Qh*HYH6K!c)d0*vi}E z;Z&#mBfZ9H1wz6mVog(8sVa|FMq`hs9$f)RW4k-pWB&qj|7I;AXhkpTXW4i0zkoRr z)Q<+blW7$%^GMjm-Wd5D*4B?YVe{ovDF;JV7BgOmrlVtR$xAf;Obb?ifWZAV4kk{j z*fZGH){3iu*F0lLO4F4YABt#cqzvkkM^(Ezk6NEAt6sHys$t)IYu+0;{<^U?%+aax89zgJO5nd+6@O2zf1M)uqII)= z!M?ueQ6%@~k8pUo-=}09LCg2_)-n~QIr+PeeNr85^Dp;k?ty1oK);>tD+Tuf?D+zO zrL^ag)oyunGTm+IpiUF;IU-P0P`de9PA689w*9oqyz{1ORzIHAOAcTJq~TgI>zDKW zQ4Q9E7AEYEnPF%rMw|xOy}Q!5N+Ul^Hca3B*YgG60B6Wp{J!ZwU5eI$hT=E73<|+Bh;9kh7+?KbY@zoqXF`eZyn~ae$YKx_#)l)c8%PkH)qrw#>{S zNqvjW-GW3UogqNZ*Db>@8pfsshV{$LYA%Hsy7;i^AvkpZ?dFzv{}yXiT;a@U0PF{M z2+bRNbyf4hYc9uUx*Kw#jtru_eIqmI!CVflI1J-1mcGM)7ujPo+g@+u6Jo?o+v}d7 zRvaW!we_UE4UM7>?4eP#L*=}#kJ`JgMm!3GlJDsMexi#CPjWO|IE*KcE) zd1v=qL@veQYmUYD*JcO}TQ2OH+}XYQHOT{ah8g?Y)kOfiYmfL0CQ0r2^X}T0t$|Q=||nS&G5eeZMFmu3Ro3>Q}R%@^dZEt6h$~UNH9cE{GmDHgry;{kqIq z&a3jvV161 zHF;yPCeb_Zzla+22(LCy)f2LQx3|=NyJCKfEOkxC*jYqWz+;I%5VBbJjE)ogl09f* zQG^O}wH*i4sqa6cqY)k#s`3uppr>&nL%oA-_BAViJ0$I>nD>)r7RAD#|7H*h{&Q#A zzWMlheE2=hx@z`#yjBgtvRfz1`1V61!}8YyvcEfpp6(=-^l|OLOl9`<9&fuLRN`08 z>=y&mo1U!yr1%y1TK7{w;g^a=^ollPw_Y;KYY$hMx|@XA*0_4T=;@Zr|ETKgPqL7d z$ZOn{c2eCgYpngk0)>=ny{OT8$X2SazYb{{lQec?7VPk=;jMO2)l_btr)FUL+^#-S zFXf;dSZ|Q)9cKFC>ifr)Rh&W7MmM`pX+M26vAkHBR>aTWf9@1FwkQp26)$DJ{W2CKheHg6Qb-3X<>)2fj>c44m7chtZm?w~L`KyX!*FFxY0gorku)y}4Bg+UbPWzhInfS^PCA zV9LA^%J1AT^yvL>z0a5AWGnTLji-l>Q@6E4BkE^iC1pb3VRm%pl(oM!YDJp%&#ir3 z=NR}gmCom;eB z@EcN%A3E4)!3zroxrBtQf_?6h2`lQ&UJ8}{x=ok>2-5YgCE0zr=D*2kKdLpX^E+)b z0yK%>%Y~7g+(#I0bnUd+-VR$rDCJ2T)3uako%Y+TI^X7QE6t9H|6)8X!=p!Jv~5cnIcWOAu)>96&=fjf5$6HV=tbV< znJ}Jq7eKB9X@pEDj9s?tZlu;SIA|JAOP8m}dv)Yr&XAxVSBJd!=IEoYMCwE|uqN2d zTc;4C7K8B>5XD{dW~-s(aq&yQ6N;CduZJ3yF7o2{at1%WU?|*9U;c)NkfqC6nizp! zUT*GVGu}MV&`ko*dIcA>oMSMaewip{jDMT<+~awC^&s;I6VaX)kE%3hcRp$FKu({# zUI5Idp^E^lA2|d_9Fai-@ZM#&lGYcq--;lYuYQXAPMsRYAISHFhb$lt(?Q}nW9DG^ zm(Y>6lc)8!sz|bw{WKwUR)Z0ERaPF=#y5^KAuF4)Jo>J?M<4nOs z%$**SAZ~}xa(7l+l7G+%$fn}Uj)D()AAKnVc%SA(-47r2N=sOpfd@?^sd=S|clYkd zj~~zRaPbI9wfAs7a=mz|!Y4x?jus+b8$EPBn7ZBbBSgyUcsmoBY}NXK+VUn`RIpfVD*$h3mVWOXTY(^*v*9HBi zoai!LyM>TIAEMyEn60xo=8nTsGU{*0*RBX{L0_glg_kb;}bvF|qV5=N5cphT55>ei#&Y z<+s`Th4*ToZ-5|TG9(4}ogI&h=L^qwxxa>C&ia^|r zMu&n?q#wf!Q`dnAOG!AHaMN$Z zy1Y?*dD-*;7U>i0x;10l|7b-4Vor(ECez5jv_o=Q-w^__yTW%l!u5O+(@eN*-WP)E z`uQm2dTd?y+}xg9Eg>&Blr;B|Nb=r+ylj?^iru0~eu6MAmFeH-zl+ zVxV##?NW_a5|o7!4)gD$e86+Mump67$yk`JJ?b3@gFMw_0ZLd;z0Hzkz!hs*w_6Le zV%%RH#)iOboNWSdpr&_@4}LJa?^bxL=HLih@1ccV5U{Cteh{wRo7fya8cxs>R2I|V z2>i=erVw^pG(h7?4PYf& zs=qvtbks|gK{rH^;@SI$n2e`!BNlYWIb;0aFh!GSy-z)9^coyTwaPl1H_?rrc)Vh* zlT`)wcYY;Kh6ZLjl>81r$4CbAo1U(U9O(pWJ~PoXlZs+}$2|o)?zWRvdMXK#SLl(k z{*0CkO6&2yZ+;DV0QD+^h6Xm$id_-*R3o$&(#oLLiBp#`CZgYA>peA9Qii1+q(@p# zrL08tz#JkT{sB*4Hp~HFNPoBldVulJS;fM>O~1@K^xONUWv}SvzUCTnvv>No!fd9p z&tCSyM2(2tbOTw2ue=RJK(PMj#cAl+C`w-H!;LD}ek(@iy^P?skkymjm;*b5D>`nj zRNmw-tJ|{&yZNFL#hRtKqfZqf@9c4&^=%8A@%o9GI(`nFbo8IQ-Cr$dv-`N$)zxJb zcu2ZMGvqR>%@!|y@IKk7Ed zw53L_fhC2iVQ;?avZbC)&7Yw$)v403PWD`>(|CMudQ9V*JD~l%Nzn0w9)POk;Ng6C zZggx|%RKc;Mx(opz}ND9K}cux+|~OP9lcoqfNvVaZElRPT$(VvRepb(^0J@8zNAVW z&CaNX9^TUrnH7~iS|l$n^OlE5bTTzVOjIK;^qe|t2b|$sIhCvB6;EFOn0f&%A`5b? zct{M0S{%x^Y!RbHK_6@qg%g>$s@eu5DNm5hO(c zr5lk}>Fx&U7#eAYW@r%U?odFaMCly5q(Qo8=Op&o#-K5WbCCIS~giznKi;?%i+ty7P);Z(1?7_&2W zS9}$~P|B2DYCSq<3%wL~RNUxMzLef*UvJ81I@wyR6q|Pu`D5oCP46n}e%tv!L~JWm zqedOEqME{%0H`66uh_rzSTYE??MBKJ534-x!Z*w8-0%liac@$Y8K|xIVA|&lABear zFng2xf>)83b1s2Q#PWT!59kMM_)0sGOwOtuy)U|ByC^NO7;3+`p;rH%HVm+ea^&yK zuh{Tm0=OB2kPfx}^`B4a6ow{l<&i7a%$GV&jz0}}e&n#xw587nT1MQS#Go>&_#g2Xjvi?a_NSO2JwCI7EzbsK_< zU`tg(|IOwx;wBqu)W*apeNO$HIeyB_<9PZQlh7u=F^Lw>q}^#xHw8&o*OYCwM*Ae@ z>DtD%i9IIi5r?q z*g^fv*Zy4(ks<*Kt&pnrzA!-AAX6YRfqxoDUE=gZf#SsCE=_Hnd8Q$ti$k>z>)Qk6 zmftxJ0M&)4g9XBn2WH`fzk|BOLd{NW9r3t|$g! z^asCS)ULx&TVfv32Y!psx8V+M7VSGg(WahFVhg?vRDfd=pymMb(hlGE;$?+1zML@X}H+v%H~gb;bGI)Yf{22R$olm5(|iW z-B6aDa6il~wVEBr%>Pl59j&a>U9aj)Sabdq7zY3QkpblaCDm^EF+e{QF?o6UWk}tR zl9FgkE1*kS51#6~Xxm`gk7Hy%1|c8mw%&5ge%qR`83Y$)HTir{cKy*fJdCT|)EH@L zmFMOlZCUcFevP`nzn_^0ZubS~sVME|=O^(37(Y>AGo!6to1NIiInr=p@^LUnHmL?& zwQ;z@a13kY{GL-2ke7!)0(7bCO;3=RUFl64D$9|L*qcVvyFLHeE-O(`=D)EjPZWMV zE0REB-_&5YK&jgRNvo~nm!&1Z!&9Dtu~!(izlP)ts1~8}#b5e|Rs8s5{PdK2N~^;4 zzz9}t!Jm+jXql$&FDom{khXSP=XQjTiH)rSv~hZJmZ!#09gZs#+5EyMeyh>`2Bm5R z1sJOQV&%Q*`*+Urc;M-h*>#2|1K(3dePX!hs=Y_56~_w)D_k-YO~jo&KPsgcpu<)5DARaI4e&l=y@eeA()s`p&Z+~aJ<<-p56tp5x6 z>uMrCE;Q$t;_d>lXk`V3NH=Z);bwb)vvt-gn1tY8V90Q#eibhzE}Hi+#_@B4I9QlHWECJ`Gw zHlU`Vsw5694bbGOv#aT~e|iCUqx?O?Pl)^gxVk)_o4Bb9{a8%XU*%du{$W8_9~| z6LWKOOLR&b9LMPd&`DL}35okg&fLi0yRTt&&(DlwMfMA!K7kMI}1Mum$iJ2eICNhxpG!Hn$QJ;A@1cZ0CEg9mV`LATpuOKm> zA9ey_#6l!$`SCu=0MZ6s(YhRQ)PUdDF- z3EGGdHTxbQ4nDh}(-gW*xx740qnFnPX{?N{v?c(yuN?#JtjqbsN$DafyYn{=( z4xf^-6WiP*5#pc0@6P*uhKkegNKVd99@UL{?6y4G%Z>70_N%a-iUl$$$*$+)js@_u z@bU4VPptbx7n2WF@S)y!j|7d@Ce&?bS|E9OdFva1f4JLlwtKHi*M8Y+HDzF!=n8v? ztFFi&hG?LZQ63Bycin25X`B(8yX|+`7}Gd?v0Hv?aeKuK0oPcaDO~OceaU9GQhyZA z&?c-QRx5Ztr1+z-GK~fO+2&jp7#XrMuR6=uyJ9{1>k&rj1G1P(kkKm*% z_jg=08BvYVPwFuW>~V;=GCFd{R6-j+M}HBu%G)yTzGek(#!D&FMB@4&)R7lT%-}^}O!YHU(XwM_eBPU3z}Q zg-i0di<=fUv_2_~ZyEbqLp-~?LcSGu*%`7z4pS4zlnfC!BPRjdWk zIedU!WC)$5UW~Fa9_^LSX>R%(9dnxEc!tdWa$$#khHxIB z=QVv0+_rWeXl&Tyx<0WzeVKlD;)R=$-&XHxPg4$;<#pNpstQ^2GQPX-esNY@hFUd) zLtr~wKZFws9Nx3v6;pNY&IE7r7b+O8xEbZV{AXO}ZlRJt>NBTbo;{koi&;43`DLW` z1b(}*cGqQR!mg_;S)_v1$-_vHo7AwTTtPOPSfqmz?jg16lR z8|y<$Z+r3ytCe*m824N|L6dHCM`bRC^{>@V>yMZ3fSQZTK0AGo3++dvDB7 z2nWzq6yJ|3fSw*D0>*FzwHji@Nlrpu)`~fp?dgm2{3!Q4agEo4?|?2LUH-q-To;J~ z*eV)hzpq5Ub?!d4Clv~ucG~Fp@b=dU1^O51kKce~DeEe6jX60O&IbGE+A-+&&P2<% zD_V!0hyKb{h)kBE^vVqg>|2{njcQzxRTwjnf>VlIoGRr6dV4}YG{rlbP$;c&CC(2; z&Y~ZPo$E)_osy|VFf16m+#%*pZGAuAJz<;9i0s$n(ejA_GKIs9@5Ynx2?iTHpzpkk zg4M27N(8$pV_G|j)(^+vfxTgZF#z)fw1J{$D*W;OeoU{X5u2axk{nxv&+OzL!&$1f z?=ES1wpCA93;&P6b>8vO!j3%BtH+;bN8*zPq2@+IK*J%@3FvnNf_ES%9q?ILU|J{- zqWA7UtJD1dUES_P;@X!hG_So!g4w4~h$z>UGz7zIxer@;wW3)qbk}HMvq|uZ#QmTh zfD7~FU|5Ck?Rt6oYvdx+F(7I|`Ss?^)+?w;w@!hEhUR!EO27owt^Hthn$~qOgexzU z*BWF+v@>1lC(!+7de#CjfL&&lF3O5w%iTT`}O4@LRN z%$eC+5>>6mNX}YUSB;O4Ki@cP`t3~aq-+;>M2hWS0?uSAht1@?{25mb^DqxA^xau{ z(;+*L`?mi9^1J~4r1$<0!R!PE4cDeB6Qc-Jm8Ofmxo<~|s`$QZ1h>~m$E@g@?J*}j zbyK%Tf<9w7++o3|8@YmFwrGci zyV$@e;ZJEcN8f<5M0T+nQ;^vD^|h^cConzyC)_mez3_he^+B%1-i$~6Q@6&enKg`4 zU0vM@$PVFUSCC-y$Az8v&zp{!TkG4|wj~S)VJrh@-71iWe-G2&k4(Nh)GWbdqU*X(uq_ z>wOe)5lPqA3;v>&wbuA5l>$#;p?2?gSk}D%btq=r^YtdyIkjOqQ zhgqj63oF_R0+}a9*A2>u!WuObnaIJFu=&DbpI{sIN}>V3UK#Ws6)*K`1dbP$m!CO9 z&R#S*zM1q=?qCe4-_%%Va$@XYS2_#(c0K6ZM=t)KXVXB(4%}{DC%*gVLtGe8%Tx

oOowp0-RyD3X zDJCCbluNZ57@Z)BEXdb9ezmB6*Y~R81{od9k5ztq(MH0Nnzdu=ee`icx9Ve>@!fKi zVDHbdx^U^&w<}$@QQpTYxNGBIX7$_!>$)44NNjWX@W;m|IG=-gylTJn^!8!~O*VM! z9lmDot#R6T9CB2`^;5m9WHR-`o94_lThApeQ85ND`rUeEZ&s*Zss?fgZq@S5OLWNG z*_Tet38Np99j+QhI!m|wa*Op0MwTy9zQfNN??mxm-woO&dyR-l;`LKFW6x97FpUfH8aMHqqo=)2JflhBe1PU z8xB#JIS3Ed7%}rf@O(5*RkvYMxqm2&ZvB(3KyOh8W<^Arz2L#Iq&eVoCwc;7(aNRC zDKiTD?wyE$QXW$BqB61q^+~!0B$2Bhn~~^%nW+!GAAG$aXO%?jdK1W|7h`V?n^ONG zo&D`l#`hZg4;_L~tq*U2@m^HQ|_2yT&?2%r!bqdNbs57E#jk+|Q5#P+$kg1qS(s`Yhr)MKT;``d+ zO@Al_`iX3{=SAKEuE%1VG-R|d`|h-zWe{Latd?;k;bv1~syepqL#H#@V*h2ud z0rt}90NMf!=wH0L*W^Gy2M-#s^w*mB$6aM*o)Xec4)Jdh%+C#|N16Q7QO~a=NpI z|F*x(^kGAT*YVxWlE!*YlD8uL_UEh7N3)81ZfC~vWSKjQJ-l3RyZWnCJO@l(oTZ^g zs%7k?1Bg@8|0;RG(`wwr8v=p6sMq(tz|*dELi0+zl81f3L{1e0N;c?DP>k;1#|B(k zdpbb0jMM-`W6qwH00|p-KZ!QOKb*Dv_^`^tg8th3Atn4`tkoRzPwrf^4x+)b&Yp1F z?{S^1R7i)-M(;=ajAEph+@J8JT2{+dP0c_)&J2!%?Zwe{Cd(3m4Ec|>^*=7wmJVJX z@yytnXul___K&IH6l6((+G@*kb5lyuih5E}f|6tt*%4iq|JiH~DE7(bE|_nkXVmNJ zYBziz?dAlLx<@}oM;B3t%r_fe&e-Z_pGIQ2v(#lY-rek((5Vk7XF~j;#(dnlJ_a8y zUA2^-=$xLMm7bTUMG|w%U}COG6I;D`{dz<8ZigkjnwtED58vJO-a7By1;3?rJvi7Z zi5c{>sMf;*owp?Pfep}fbpeH}?0zZ^dPZT&(p_EC)$4}y#a>l)byKdr(5Hnn^015I zyGv(CwwJFiXeLl)C$TR@Q^ym#P_H4jXR1Lx)mHuysPfvlQ}KCG9dLb&mi4Tt`cE=4 zg$gaJ&UBIKucvJRnq#WlnIGLT9cz=E0hsYed1G{peHK%FFk5XOhDFTPmd=T3HdVI^ zGeHGU6lsA~7g#F#y1Uti+YC8W?C}zRaoWyg7JIJDg&&G>UDXI)zC{oO zO@kaPoKXUIbm=Qs=e}Pju&}UR{9L|EZz#VPoz*paUbVX$+owJK&;_#vC}DqqJB`J= zd}~)tOgJCix-f6YJ+1q(-I=p4<^9YI``wu(#MI0^+XZ5(t}ps}Mt4kY?b8@(nTUdsHpdWkNJPVc}|Z+SwTX7I9!Z_g9Q9Moa=t0 z=Fs?fNTaUTtHj1eUCkHo=HA^o9OW5aIZjQdDJY4QO_Y^ zC*zSdFzu5@7OQ>AEX}t&ZbWsb1rXn{+M*60c|6cvRY$S>e@Ljm zC5^gzr6&Ay>!AH=*q6c6`lG~!?^H?A<~&{3td))IbOee57mVtK+F8iM8al#AT7p7#q%5F_85XRzwRpI_93#n zSn=wrDgKnJY=Og8u>^f7fyWhM=ZYUDPFa&SVJHRKNq(U{JjbV6bvF`$L5Abua%~cl zc^bqXEn#{V%URRsV(+cIPrGV=Yfg2_J;Aq*dtMCt7i;<%b#NG1x420ZO8}=gDLo`S z+-ZMN%DmUh>+B|qR_QxW^ES(E8o`qnzEYPe`V$|%eWS(wjH1N_Bg`*H-(J)Aj9}SN z)N6rMR6+^ESIuM%RyBJ`CUCxPykb|t|3$y1%ciqYpz(Wtv80Cwug(*g&1A_FMgAMU z@k00q={RNk7a<8}Go5Z422Ws?k}}Xv9)v_rp2VMbQXyV-DkY=>vMG@SgmK!{<^9{} z{;{+_7HAg$*sX2`UFYNbh~G9>lQ%Ov0R+B`c`sUN`A*{W&ZLrNpbZh_6K|6JkK8J( z#+E!GV%HrHA9zSVOHx~?QUeVRjuy0a!Q2^((ge+3{aknM&Sp_Y=S4$7zHALj-G2Y% z9~HPyF>isyKbu`ke`<4*q!A)7@E*y^sL(Rf;s&f6 zuIhpcjHbKBP#uRRQE%`2ebTknnoPI1_m?N#eG{_s0LfKWR=UpnO2)GSjoC<&?oN!h zi|hm0#n{f9w8E!nXEP2BT6UtA6G3|FMS5=Lz!;EMk9``pMOLnR9P@0ahECh>GCv@9 zdTf^xVey#zxVv^LYg+TEU%e2|)WWYO)OFBz-%zVRSmiZ0H-D%0011iJc-3jUe1bHY z-vd8ZCAN#5>v>b`(XP*T<|Bx>c}hx3ZmQ=LHzyw-v4);KJ(l1#PVUULxOqN_))eU$ zVt*Z%e78szg?L3Ospf!-B+^U@2p2|0brpcv;r`3+M4It{9o0GD3o!%oKUTREc&`oy zIST_%P2p2RXS7r!!SFC(hc(1q_)M4j`B`zQPTW)DQLDVZ-i}LmQDbz6!^fqCU!SL$ zek3#2W0aDSm2W%VetV*Ap5@3CW_`gvG>fHoVQnoc@aN*ye)oX$`Q)@tX1>;G12@%c zd_%^QJ07}&1_s(Il^C^WonNNx#j9)qBVz0>H*yWIale(>jd;>C6gOu@-4F@J4UW(G z4vt?x*E3rH>*|uI7i&cUQ=6WpaDXL%2AR0~diEDI_>`J1sNkuwyIr5zD3-?a$4b=R z4X2+O?3(XiS+qJ>q+GpZVrmDbWrr&Y+z_|7=WMp5K2_kt&rOFs1{x+O@b0N73QAts zv@~ArMmP>|qpRd9*w^asuEqGUo#~r1<9>(nTx36G1;d`<@__`Nn=tP>i<|crHAnH^ z#&5>8HxlSOkw)@tqMo1ConUdGJ%M2*#*Y#)AjG0BA+wk&g?JSs0dl|tB;pTs!1`lh ze@loCHT-@CQ%Kr6-smYogTs|1mQRRYf%{4;*}bGP36y;il;JNCwt9SM={>#lop{72qUqyNWaN9RXM%2 zBO+y9v8Z6;cE`a%hX2|2z1}dujHmknfkwH^d66+v3q<%A`v{y+w{>*b#f%LP4~Je} zy026d;p0mzPD{mo7>kbc{gISp!aR+W)Ff3@Y1?ok_?Cks_N$A2YWX$edo#0)>TKjF zzC&bhiliwq+*v*8%*C5icxRr^5|&L^(tSu^tXlrW{DzrcvnlR2bFv^dfsP&XYJZx^ z%hBtb4kFv7%85AuPJ2w3Yl| zm$YJ%ffV!IVK5n8mJA~7hN7<<)cX2 zb-MPOFs`gx7Pxmt&C{EXRU#}w9W!zs>z}2tI_1`l1115fZ878%LYPDl8{SM2HG!@e zm2%6J{ZPIjrS#;6D)775x|Z2tKx>U9c89^y&j)SYx0BJSFQ`a1;#!a1)qDq!4$N_fzGFinteKs78N%Ijo| z^PNIu)74HBOFvDD#v)WETL{#)D%|2a2p&6ZknLK01;nycHQ$-=o#C&eLJE^|s3485&1WFMX%;Cdc z^t%hZp8VLh$rmp+sE-B6JoYMscnE5yt4oqU&DaWF9HSo(ac7IwP}?X-1$TC#f+J$O zb8+kheOu7LXzzHUB%#Z){jrOgAd-+15QlN>T^#L|K2gO z&u|-?HQ>B3=t9<%8lIiCaDdVbaN`!bW+Y78R4wlcxtSE!P8m799)iSk zb3Z&XGoyM<87{_~b%%l;7RJk47Zax+907u6`ROTvJq|>kaZ3WdcZqAbTrXJh{8rHK zNTh6(8=Xd^x0uc9n5O=P2qMi5$N+aib$ymFp`@-}B$nBmc=NE6)G;16iqMC%l>DsW zOt1}P+kg)F4kV9s&K2JgozD4?jqI^_h`_(Cn(~SD=gfH?HQ*W%J08by-Gr;K(X+QZ zF@`laUfn*bKOWAXEH%!RdB;$}#KhDZ8bsD!+;kgx@9v(C-K_($cz-qHGZTtOcY3?K zyFkaSCHV5KwrFJj(9lrzE{uUmN3ROp+X)~AP>5_+W~SYc_}ap}ANIRUYzTN!uznp4 zn6}l^<#mQupmRZVG81Gm^6i!HrjY{*N9`KK#bu#2N}zRX`CjjVq?rGbE%i13`TT<) zkLGW%1v(gRwpEms?G_%ceb>B6*lM82jg3_fJ(Iq!Kh$u>sJowjkt9f!aBkn9?sHJN zsII9gwYW@9Bf=lqHjIX5|4qkT>iY1CEPo%^>y5X@iCvW9i>B$+xv7sT`4Fe%sT)s($OAL`4(!a}vu>Q@yeLD~Ygjn{`(`+TwO zt=r>uYhUX80wx35c3KGZJ#&z20C(e9;+~I=SY%x%nNNiSKYm6b;o}P{;wLy6J6wcv z(k9b5$-yF^Tasx}?5ejM(61%cA9YIeH|}rZpA5#+p(M6fUE^@@nkmRcYWxI!iF>h@ z`DI-N_6$Ii90)YIO6lu>z86NV>DjYO!wB@_0^yn;59K$7 zZd4jRocfu|lEj7~e=EAF0ojC_)W*_AZ4n3PRaM-+%J-U% zF3wnXzL^*A$LqPbkFzJfUJP%=n*4DT09pZo@0fu76d;A7KyRoCSK5;p@ zXWHv$FL`TiVD%3%PcUV4x+4H@o)O<`x8^Q-{*3A^J39pz_49JGzP4%Z@+U7|2rmxs zjCG6`))+ie%}PFQ6C^QP7=+90R$v#oKGXLC_QtT1x~=7I3)GC$NhQc$!x^=`WOUJB z;?ZS{j(fV#EzPphb$wfVyW!@j^?MVO<`m+sBlO2FzZDt?)6)b#z?zKm&o;xIV^k9q zZ2BNpp=dakHzp$$D^Xk=L9Y z4oml!Z9nb}-`d(5YwV7rGrl~gr)9GdZo#siEa_J5$7&>q)^y$__OoIdn45G?A~6Mh z2E|9aV zu8y0uP+EEuNlKNqIMthMlkO)$3)^oLHHk-U-J% zt1TsM^?=9jj*4%%Ck~0N&+%E@zxG6ts$)qSiC`$lE#Zh`zlsP5Dh-N?Ii^PDlLZj- zmlcLW^!xwYMWuZOXs5zxOj7;7>X{_u5wvjP%lMU*d3(0!iqpFL!QA&njmI#@suknR zt|>^zsFOpztk6p|z50flfEdtupo*G2Khy>uGJHtr;8N;S-W}G)ooPLV$h&=9;CUEOatFg!^7jO|=Qsr8F6?KhR}=Ql16E?xljL;Hj=EGz<@ zxBd$RMo)bjK7j`#j53s*O46sLn@tOlk+Yh%z3rYhl}ndc9Cs|SYw<+43DnfvjLI3f zW(_-;pEqF4^^D|RmGTb=(2g(NKW{3o_XQlQ_|!FwkE&shZ;1Hx7+(pbci5&koRztL z4QcNOX6YgUG!S;3jq^5XY7EZX%o;x3wOz25`5V=$1hHU*V6zEA+3GE zgf5s&{FKBO!`+pehF*amV@1>v32{X369ck#k1VWU{Jq=!0ZzcLlDqzKuO#&yeiKUf zgOD{1;4?E}3b-xFZP0Ai6Uq$wChw9^e`tzhRUEGjT&N}jUn{-`%dva;eJlt4laPZU z>USqqINv9^eu3)%$Egb1s8n-+pP>Gcg`=FjZD?_4$IoKQLMlDppWI>R!Q2DoSD;oU zAXBpSvtO2Gj@%#8GDheD+S|KxWA<6P&PgVaLl=GJh-S9HoATH8%fqeq`@)aNfo9m7 zE~Qi%Oq|U~gTPs*z&*T6t(14Mrvi}&s3hakPSUW0anN0BPeM~{z9m2%pIUBL&CTN5 zmvkKkk@<9Z?0J1}E3A9_^A{uTIH}7orAga6uXV$u=PTs4L-)WX$!`RU@7Xq82|66! zBut;C#7mu$J8bGUUNf#p!DnY9&7_I17dq2pzgH36o%u}6@3&$NapZ`#Z9l*2rb}Of z?=@-w*-#0SIj8%r*e%03veBPot?{rsl}o&Wa8taG`p#t9ECuXQsjGY-U-=Uqw11

%jE5jJeI@5#U-NJchdKj(87r#9E!Ev@O^hP&v>3V8J!!a2TG_k#!3WmW!* z`|>?_Rk4$KAd5*N`Mg7(fP2Dnrdv}8K0X^lB5v|B|GTiPm4^?> z8}Yn|$qNY?IaOrb#mrGF+E;q#gwO5^W(`(JJZr3=v<~c>~HbR^2eR-1B z2$ChtbOQ%|LxO3WTDMUJP8S<mpM;dcnC>o>Xt|>+=f~?7GrYE(v`dtKgT-b7XPd zU>9W>q@P`06YwBLYi{m0eXQsZE)?&bjHIf_VTqLQ*4Pj3lQO1~?QSAa{ffCKh{G&uK|uLEATXMEssi zmW6qWxqiQ#o#(_57x#||9*-imJ0v?66?#DZXnb8c+MVH^KKA0)>+2g;CAEA~R~s9P z+)z^jRTQi@g$F0(g0=Y12%d(}FWaTWKBM~xdP<`81gQwXwuM&L%j+39c6>=BKnsU( zfXX(2Lp`VMTA5HODRuz#7X+X`xN2o~#WMzVzR)@Es|Ny&jhd`J%)7Nm_~>j!KgtUJ zUg4AInu0fUAAy0s88ptnjom=xsX+^vj(fn_wrN)fVifV2|;?d#3iTwrbsCk!`(ce@b0zNdCBL~t} zI1|UAf=P~IlqtSS8Wf;|FTf8Ojb=XAJvB+FTz+eHw_w^h-Xh|OzpSVrFDBv{@8Cp~ z2X7(;fw_TU8V@E-R@h&@`XMH-n^l{bU1-+WmpK>S-JLAJPO^}3ykE}Af6W*MTuhXf zTm(*$754yG)$<3)9JaHe=*;yP6d4r2ez{P++0!ehw6?mskOu@4jE%EkNoi>TK%S>; z!$P;JwE7wl>b98r#Ad%l}I63VF|_&y{u0JuQ}jQM{Z^39W!zzRy)^>BCE$XOEupiG6}t|{nKH@NI5+<#jibRZ(8iTce{UgUC_ z`UFZ!<_#J^Ws>NG*9OuquM!xW+1I!~h-t7p*OnJ^MKzTlP{pb`-RwpLJ&plDqMjZz zig2yBaqXyq@LW-c<3N)?z!xJgEG(Rlpmi=zJ0=Z@@^$cP7<1Z&==?eDfhU{gi#P#V zUrJ&8djhPYmeeuTy>fOwi{?_xQrH>jaNWpk$O_Y=m=r3;E|4T?kSVFGBx#@?uk>;3 zy5T}Xx*pqlvSgg~gp44^hU*1OQHfOYo9EGJM3-k-8t4aG&)TKiZ=nR-niS*4kQ*v6KpQa>JhybZE!oB+?DTB}% zI5IIB*sXsE1`Ewx#C15wZUdYf2Ol$Q>?$#q|Hvx*HDYTvc|f`F+pGYoHSa>xbamG^ zcGZm3z{e7$OnYYhHe?O6(JZHli5eN9{#8uWwJTmyaGv5tjxKWnk=&NKImMb` zLgO+f?7-UnpGY8mGW*h#wrZ)AzhECiV0=#j7uS_kw;No5``k(da?aS@wV{FPHr0G6!e*Ze=|W#v?&k$US7mRM z7uMFSa=&cj1Lld3*yb}SuMqSM3u5`5vXQYt2+RF9L@mL900!eRG1b2f#6a%J`o>O9 z3QfcM&PF9eYNc~i5Q#k;#=D{TNLyQb2sSRvTr;!&4N~2wXBk)JF$zg{Z;xW(?z_CW z93;~}AEvuI$W37u7WPF&L!&(d(q)k!zL+*|_~o9X*7!qoypp5OsYc!=1%C8e&_*u8 zANdbO^Cx89EQJd^4XNRz#()oCBx7lFkgiIUbIRf9gC1!4fwJxPCjoZMPjPWi8>A-3^P=g1@QJziF08(c5 zjf}(sqRtOiR`5`|@3MQfyj; zDJm2kBwBZ(_zp2wn6y|ZNz;tm!U6+3Oc}m2azsQ$sP-5A=srN*C)3BWVk+F}g6n+* zKWsOrtm51Gc|k|hX4L`TLq&eU;umNL=umYA9 ztQ!3#{g=*{B3l9oQnMgc6&3UO#f|M@cWw`XslTggOyd`%au5hUbN#-~cIlN-*z4JO zNaOh-QT_f;+3)%JRj<}aW~U|8X|V*(@9|wMmy6=U90UQ95bulordtIR3fu0SoH({n zvEO0WFar3Wx|8fb7L3^4pGGtT!G|)Pu9#z~V$ZjjKlBQU60yyS`a3qQZx()u!;|t$ zH%W?j27bpXcDpCjz#f!qnMrl!j5AvLL@5vuJV~zx+DKP*V)Vk3y9qZsU1F6k;9@n# z(B6*k4n}2Il+n?=CqxsNlU6@h^4wB$;%y?xyR11;|88k-FW;>&CWE9GwhAgrOsQfY z-s)e?)bOD`8tV8qGv4v-|3m;Wa7K*T-i;htxtE&vR>EPZCq0!X{56FHVfiax!gb-$ z-?wW^4crb8d+MI7^xA6AW16tBf)jOv!PYR~%Y6lQ`DJ=MtbJtV%P)EOscVmTN(ux% zrE{`r1$P-Zo%e^rCM)2HrB2SySrwTml_&DSkr-4hS{NUZ9xyUs!V{M?G4G6s&RtTS zHQhTwWNZ!||3tcKx(YqU!^XxOwn+J_I;S*UVnCJ;Lc5tb-g2RKhp?eyqqCta7W0?q zk!r4_?=jWzmKZt;TtZ$Hf5LETvt8)!k!k_*8lK=2^1Wllns}ABS>o=6)$_`do|lxM zmxhD(@sXLLu#EEb%ctEGyB zew9nRL;w{NyYSP3o6{-AjM5)?;yG$P$>bCQga>RfpOJ^8`I1(aT2wuD@NLDPEMbKPg_jsCZ<{Y=v^@E)*tCPIXMlwL}Dugv8C$+N#oo4nq%Eze?%q* zf`)>@;2TyDg4fb7J>Z3$ly9hJCLc~#m>jJZR^LQ=yi-?~prxOcB9Ga7B1s(Ba5^oD zX5^!Nf!=s|2zslO($PLVG#;JrB?+nx6H_}ps#?Mdt@`@)!!F*%tAo84x#=GR!tgU2 z8Zdzn0l(huo|U7#mNOjgv9 z=TcvqKD7UXARmZ~cC|eB`{%JkOVfa#Mab6`MkxIW=(*NT$JJQCNfm3%9Y<_18mX0st?<8B1Xs#2pdl7X?~lH&6a=7$M~$=>^&tfm0AdDT2awze)$DJm{JbZK zNau~8CNY7k7DMR1w0x6KQM*bM0f{D^20-7PWdl>CgRF|`glFhJ3;HnIoL{k1lSfts zpPdP+FQvQ8DKcO6Au?M?J?CwZA4Tm2rODlUFaFob$^#I0`46N*f1ejZsIIa1&~2wm z1KO(^_ye82%QQd1@**)6XI@Td>*cifnuBF4!%xoRT#mN!-l?u{w3h1b<|HyC3CZT*-1xcY0LM4C#x&( z)lduV?(9_dFw(w4I_h5FWari+{SM8f;`Ijr{t7VyY?>qg3V_}}E*ZFgwHK6PTl>X( z!X3okb>=)?q#Kogd+K8H?X~SL@w9s{W^hDAX&ykf`R+Ad-9MYI``809JXj2#Ohp)FAuZ;2`0QGZlgDn_CwZlIte#6U9VKOme+jR59 zW!4${=g*&Z#38{zev455L4K)GX6DB z%?GqiWzWQ5iFtRnW-yt1T$S~j0ZryFq5K1PLJ)Z>PffCE21>;YDuCEYYAg_|K>(ht z@{z|T@5P?4_V5!28+y;GmFDUyZaw;XD zvI+~aJ-|Oce#%M!>xecuWywtsRZ-v`qD`-@<*7ftgu4P^U>rP>939(%>s||vt;7Dz zOrz<$=2q%F-JoB;Fs9wNBDyjMR##0ukB7`$w}E=Gl$}L@VeakYj6MP<_d$Qb?bXeD zZMAgdcWWnfJp5{#-a1~sy}r3C5|+4ppW@Z6@LyJH1^6nJrj#DP!TaAQFyaCHYthe< z0O)~r|1&WqGM}8mTQu<1B_yMyn%IidCQAdiO4Edtj3^-B=$j#KO{KyyK;RI$!NW?u z9R*-rm;;^%v@Q+ZakwF4PW}NsTd93hh=jz9!qf-A6)*xm)Bv3**q#uiHWAAv5?hx4 z$jrp$t6tRCth8ibTw2;+6HE^mM_+>%^zvE(5wBC;J;RkA{g~L;@ZLLjw9^?EmdZOk z+^xog4mc_%CW5H7Tfs|$fpaS>@zT9dX-M7Im2yeIQ}Z;OE<`ppC(QBj@jrXvL?LJg z2(Q0KnA3Nhii&D}Z_l>MhyH*38XzwhXz2qF@kWul{p(Tu^?`q!&}MnSc(-Vyhr@B~ zsCI%eE2(zOk{< zvgcFKQMoL$RglHR37eb@zH2z6_~N!2;4ARb+egqxOkA9tg2ETM*<-0h6k8c-(RVxO z*{eUj0A$K&0pI68drUL1Y=$-8|GX#v`TM>4p zv18|~sHtDj0C@D^+CnNks`ORLIx(#qwGK+BK6xtqFK))lI=;Q?@%Tl>IJa19EJkV zfh)1sFJ&=t3GHXSfqyNL_B8^6FApV6|JkblSjgXMK?Ha-;}NVm^c3^7NLj+>a4DMt zqN?RA1IZr_j&Bs1D3}S+*W^WIj0(7>KKrqO_I7uLZG_pzt-Hj{%#yUw=9iZIwtuNI ze&$Rg-Vn34x-ZE=OO3d2mtj(Nz=vMs)F-gj6@vNIlwBbudp1f+O1rL>M@F~x+XLJ=5=A!u9zY6 zqAEm$DUZJ7MMh!>KX2IVzResVkUw7E{Os52++)~u13hI{onTLaVPT>P$-Vz>0l&bz z^7;YQ>B$s@9?hDjF0R=%6 z5h;<9?k=T6K%^U_V`zp3k&+hamhOgup^=u(ff>5Hdx-lTpEsW0^WJ;?YZ&k|^F3#u zbM{_)t#vAV)VvS&v#G=ZPG`!g*>8nnH)>e$ri3H-B>pv3m*fb&kjDpvDm_zZW_oe@ z+9%jh@an`9C8=`7bPUWVEFi7Y_2ZRRZOyj>n!&JIzrcs&bZ;hWdHoayS4PAM3VI7) z$+13&M2dP?y#%?hCXWiHIdx{2RZToE#A$rP#2J}N?Q|@-(V9lqsQr80y%4cYwwfQL z=y))Pc-}l7EWhh^tx>(!9-esl!v4Vq2gy^iX8}Lod5=QIgHa@{x~0#z$u<_|lAeZ1 zv{~Kz`eJ?$5+KED+cm~{g-RuHA-;#<1J=qD90?+io*YVQbKH8kS`fN1d3x4=)Ydh9 z1l%Qz-h=tHYG=LvU9PZ_rKpD8G+0_((9IqB0XvsUlD~<3Lq8cSjAwUnY#3Lyz#?f_ zzO<8#Ngxn&-`Vy^0Y&+mNn;qNff>g?ZVT-;2C ze!8AK_@wD^Ep|dLACD>eYyL)R2Mu&>rvd4@HnX!iCE$NwDl4O7NtkVIYePbAbQCo; z{?4>(H1QG?TdOxW%g@U+V%qvO80R}zZLc#iES>Kx#LraYqyzbpY!uR4fcuKrZ@K-Y zU!Z^dgZWxPXYG&$OB(>ADzkGC(g`FvuOUZ&icc8+z#-?ggMG!4_h_QHfT9|LpD!{> zP3r5)jw-QX21U@4au#)$=xRmy0B*|BOl!jztr%#L?;K`$*;X{vok?qM$nWbfdzaDb zqsctmtZZttH)YiZ`47ai$2Wht|DoPJoF+ag={>BjORSSPN$G{fx(?vU%{ico zi#$We0qKNZx7Fk^K{&Saex#7psjWF++#Cz>9I zJ*MZ^5uB6a;g?Y~xeF6o*6m~YQ!f^HW{3FGNa7HQy>(!mF+1;Y2Rm&#m@)e8k+Iy! zO>MXKMB+pXDRNqwr2h=w0&uziOm=ly@+A07d*Z~^_xec8hRHGoat*<9a{3KSz9jUw zlg8HY%PZ2ZCE%$g=N^Pl9lV?b(f}`)Do)GIq}I>xmVV$8$uE+rwL5jjPT%%4XZ035 zY%h#_ZYt2h4`AR0J8w(4{9j0kv{Wq*BVQFaq{JMjbkn?^D?R)b?YQHQr9?;3^hsM+ zb}`LbiI_0IoU-bK6BLmXQvjzfyVG4u8Tody{QHc$!?`d~5`v-KY4|Dmx0AeD>vdl6 z2zLFiin|9EQXlW|nu%dIzQ-Yhf+YR((O(psWOpP%BoV&{e!SZ6f4=mqobNgO6@7S% zsjJidM6HK@+YFDMAEv&jiM4&=$BD znrVv=!WMUerDmx;<3;nRaKJHkgtGbn(hg(VS}H$1_XOr7s%~BAhTVWq@q6v&eiS^K`B z@WXseCpY_z1xL4rH2(}7_UhY&-X{S+uKC_n;ing0SGM`%C7{*c8Ej2Abi@0wJ5jEf z>R9f0M?P1Ix|Q#X_S;zLvd8m=(gH#D_+1ae++R=_`eWz&jaHL#E@A$O)u^p z5;xmo6G_4jMYsFf-!9QA4^S&iaEtta$#WtydrDJ_oh>f9`+`QDV|NwU9_t9ryd5&l znfRZl7td;|`ayj8Z8{JCydYX?9jkEC0aN-z`WZo!$(1R@pb+VoeEWQhEnn{RQTps8 z6DI6CA9qHzQVRNPmQ{W`%EK zY>c1kvB~Rk(4huY-R=3gsbZfIqeYvp7JLVLPgZM9`|=5sFTJ~?RIfUXA5aU>kdJBF$M_TIfq9>mbz8`9+8m~ zuaZenT?E$(+! z!|g6EW>#5#keTDyOcWC4r9^t!hn9XE{kCExsvP+%0RtPe;=K-d<7r-AL0f?n@7vO% z^1N5i@PlZl%=b?ZxKZC9)4!Mgjl3;kdjG>|MtPvvxmyY7#8R!Tr)U?^YV@ltjI!1$ zfVsP<+rE@T?5}Q>8jO=Q7iz0px%V=1zh*aV$xjo9Y~v!wMhBM=HqC)J&9`ByQEkyOqh-{=W2fnwvCO=I9NdeNBz4y0_2<-yLp6% z_v&l5Byo6QNy7)wkzP14h@PHqfAR4kxoPhUzsSdX!;;J$R0L@@o4yfiUMSs^_p~E_ zVp39MbhICRNi7<3r=FVtr}quaSkPCaq}MH=Q2Vdl4fVPh^%^$pr~_sp{EgbnwqfNI zRV!;5B#my9Uc71V8a?Yj0NN~fjSoXbqUCe31+vdR2JTuhMISB4>OrmgqV;OF;q?82 zNwVB>)))968(w~1aWXu%s99xBap9IGxMuvteI(ehh8%dN| zLsEX-nA+cQwH895d~`36shsa%Qo&E=INV8lR-?jmrFG|OAfK~);x))~c`bJ%nyVGQ zPvLz0aXXva60|`*7F$VUTX9i%pK+hRWMLVoI})xekT3bIJ<)nm;vmn*mkYYp8g6ZV z>e$tP;9Qrft~|;I4LyNc8Oz-d?k(tUWcUk2X2;-v7*&7Mth0k7uOZGkVLctNndqiO z)zp+CCEWISO+H&)Vo%HH!`+Ax{F{Nne&%1B*ie0#%@R=N`#RcJrLfa$g>mo2ZBw;|0(HHoyT223K|}Ms>FZqoo#Q##uyN55o97?Dcze{*>MV5Y1vovt zS2VA#+m6L03p}jX~q{4nyx6?yX04we$Shoa#cVJJ~x~*~gx1 z=dXb#QT+}Cm$pZm(hpnQ&JJ^;c<#&BtDWDCT-4OB09r1cyx@w$F^OS3ayMhk80Y}n zuIZf7u4yq}o_RPbKL^iwmgDV!ot(+Jxp6FE#cCxrfZBRYkLc?D)k8nX^&CEMa&{4W zQo1np4%E}D-2~U)x(fG`)ZvPS*DRGE=y7-kHOO@_)PaV-I0BYk9XbF=X2v;)qx z7b0x`=!pGl9c$AjC5<^{k2BXBwpo>XcC^hyg&N5}Ir`1VtrXEGzpNeGVeU_nUhE3eKrt0%^(l!#2smFEZSEbd z8vGH@UqVV!K6mfNa|)6G<$oIt)>WmanoKh^HXVGDbQCimYa{Y1?han(ha@&a2WhJ< z*8_ z5kU*u)i`#$aqTT$eV3AwqJGh9BZG#RfSXj3a0MptI`GLOk9yA61aW@!8N$8{L2fbJ zMYIfkV`5ZX7CPb%4!Y8!_TxhHwi%|?R8?P;Tp(5eoHr*$vqI}X&>7IliU6Qfn%Q{S z&i|hgYN0^ENKcDK@^Ec~T5KPKrl?Gj1D}efzGqI)KKy$2re<7h8=}t#NVy+^d*R

*}`rtXTg+~*MEwIAUiA*UD7_dv1U&tEC@NMK+Q_|W0~zF8A4 zoo_r762s#i(e+qxKfzdGhM&p2y)v-1%-j*+)I$`Q<@$;GZD?)5;k2rrq2? zW(+i{k|cK;js}ngDM062Y0k&TXEH2YaIe95b4L~EPZYZi{~nfP?9gMb?^ae&Fzdxx zwe>*pj5?4H?CtI4x(*-J&v$ip&UaJ9>2LgKi{zsf->J-_B>LNc#G?QuejjwbPyb@C z{vVX`-#_e90*I3HNHoOni#rBZ%@8C(*R;V-RtSRsJb`N7KYrboA(3rJbd0EPa2J|yzZD}b^SXlog)Pd&JCegg4{7L?pgeIKQ1*amc z^&eeX$K*8fs?|BE6C zphV=UKj}b^?!x{&XjW11w3UOR+ML;=X&8)Pv~slD*oh9H&B!5*JDl!0oyfJj6M>({ zB)mHMO7KYu4<+~)^9xKo?G46_$3TtkQwa@wK+Eu7RQJ!PVF{z4U15g}#lMB@KmRCH z7R6|ZYon76v%A+uTeSlqR`Rp*D`jv5qOiMsot=vINyw_4sE77g-p{G=(U8PW@N+e8 zLoI2+Lz%6QqeJ0!t6&buP+?+EO!$q6*>~Z^H@;8tUwqq+e)~ZoLcL7b#I$oM zzA@LpTJ>IoBo9q^ae2N*oEcc44SzU0WClG7 z|1al(#Wz4H1EOF*!h$kPcX0m)3nUYXG!)DL-uP{3}wPpf*;Qe zqmw|NJ^H?lZ13*0m1^}K{D$$qEwJKfH^UowC0l%PcC28zRbc9vbFl3aMLT<6FI>E1TwyN7}?4TX~`1YhM<+Y0f@%1|i{~ zLI)`t-NMUNe#h|f4FnxQ%4OYlQD={UYNHd4!*I|z9XIHVuZxHnw{MWQ@S#~?qrDuH zn`f9KRB0)vr~lF882+Q9g~J2B1D-y)HFbinj!k06a=~kdPmf1E5K!&n&)hb_Fi9mQ zrp`tCk|%?#^tM%Pvu6SKwraI$)Z!em7?0P!*=|MJMG|w<7s8UpJ`M zN{;`Q8KPRd*nT)frPPB5c!mx-ZbpferIR)6@JY+x$Cs}*>~lNiqLM1LXHpC01)eyJ z@=kQ97Z1EAK#U60RQnn&`;nF z7Re8Vtz`i5a0nOPboNN$;K&os^lk#YOKyp3gEU+P+8Q`u=>!?ko{! z@3dRr5?sl}j}k9CTTCbSf!ZDHo|k5_J(?CTaa;STf^@s)<&;;QHxKmP6HjR>woku| z;lu_wj3Q>X-|+x{4Sy`hg3(m=X3Ij0&2sA{u4onIB)F;Cc>YurYSTe`7+Uo5q$b(E zVgJGeZ;GoG*7aDLmHb--mV~quJDo+M`Pk%Ctf-nd;Xt8|=e1T=E0!L*)g6 zn;Tu6!kt)EwS@JUbSlB|A?7c4ig@A*Rkq=(I!1=)&~k1j_&^mRQCmASyCfYG@wm6g z2ToM3xF97fSGEl(PWtlyLI*9(o|%z8BYS4<+Rzbeyv^WNns2E*2YpZ3vc@axXjI$r z^aatA&kJt5WZbRhImzJ2ny%2;Wt%XmNnHUfd^|{b(WtEz|Fs}m$G(-pSnvL zkA=r(f)NGuz0*}4sypWN>(zT>wY&*QmF4Rl1!~qYA(<{DF^cnUo*U8po=-Nb)+Y8G zX}UV-2vAzx;!bIz@0lQ)E;*VPh0|3!Tg0WpK(LKRZ=7(BtjLEYQFEI@>jc$OT!>e5 z9Ew89HB)?(dIvt*z^aHtGtZ#0MeX_@+&d$jwEhV_PKq#uK`vET3Xd`kHlauNn zlDHlWD=Kb^6cl&z<%bpXLIM4&=%ebG#Kf;a*0H?2nqF1)JcUFDgQ6zFT&a?k7KC@@ zfz5h=1}Gl!TrVB~E{1pYIOM)XNS;Q2IN4ZQGA!heJF{yBvbAW-yMS75NWMJ44~>GF z@1c@PNhH{TbFZPPiS)q({*M|eVJ{Z(pFS;Fl+Ps2%-F6m5D16b&9t|py{dl*c=!4q z20z-~MEFOK8TBRc6Ja|(t*@xS6BHDbl96f8lFsMI@me)dFM>^seeN0%u|?e6+{6Rf zq`$`E2Ksu=9XbN85tf+#CC;|7Hb$?X-Zmg*=Ch>Qa2hRc2vkD8qC zi#Z_=JPaim1Dt%zAl}X8q1+q7dU&win%5+2q}4AE6w|M}!ulkcS7OvYhR(sP#7))W zXus9QzXckWVPX^IIi3}7&^p>HGKZ&j)2o7lG9H-TfeLq?A$bW7yKo zjoU?sdfhS$8aldVy@PpuaWS@n@X@`dt3^u=PVS`mgVDoe`o~7hJT|-l!|mNBf47Mq zgWL7IZ$!{FBJXvpwVq8WUMZWi&F{z~fvuuZ+g}G=Z`jy=6@R0?kh>aCgj3&wjRd)qs7ABv;VU;&Cfw(Dvx_ z7&oO4vK7AKBrElV2B8(qT-zOoSjCjZPKjPn-Fw;BC(t4 zmmG4do+KKch@JBqpti9(Xg&nU>MzII;5qk=#W6w^Q5jt3eHw$mFjZ7K>pDV7kCg>b1;zwcn<&{@PSg@^J`{4dw7skp}w$Vvn--1O~8o5PP+fn4maf zyO$Q0n`L$sGgq%^l(j;bp?OT%ZYaSr9^N9Ou5^nCg2<*JY}%aOcHRdWwX^|_j@+-P z(c`d~CGE0Z@L!{&K`=L80h%4T)sCE#cXbAKqrx{O?b&y&-LOA{bVx{Dm+h{Ok4l#- zEYpb2`dLY#jzM@o62E5PXMQ}30^CQZ7jF16Q`%ga}l&0n1qLW<` z(Dn2?-&{evd+A?u>-Rz?jn8MjXXWKv7HW6vh+>dTA>m{m`=otu;xu18uq1fVH*338 ze7*vk8qnRk9m5k+;{S2D`73N%hEQ4I z`u4IE`8@5tHu5S)`qECocjd*sK^C`pr<-J}4}+=O`C|`fb^&kXBsc!S))4BYUzw}q z9NlCp*dUi9Wbt{tU#&-@h~SW1+V7s&nsK4sVAzGXA<1m@5f^V}gH;!FE1%}VTJD_}8GI&mf{y!OX%Q^*6Kn!zJBz#9dyt2z$0*W?T~iDTq{23W0#*+WQd`8f&TuMok(p~?e! z4km-`0RC|Bu%k@`=0imL5HGDwTB0>k_jlssV2;t=y zttNVNOajOIhUeRr%+czx9a(`SU>1~qJ}Wnu)^0yDLMW)1^3^U?!24wrh%7A9wBzt0bTzSxK(Bw{_l<#^I8zkj|I(aPI9 zC;~KPo?-*suFe#pCLtdEThDTrgEv(iHE+4$4=8^bug$sdy5j12UKej30lpkRZ{)?q z{Hm3#b#;ZTn^xqXuT8vVR0Kf^2xYlTF}Ao?GV1Gdg&CQ%vO5iHF4%EN@P)MV;XAicvF@_%?v)zT zR>^&m3_sT65BYttRnTvyYU9Hu7WIA>pR^*i%h6)!@iGI5@_=dNLX2g`oBJ|-}7o0U3Sw_(+WI4 z=b5(a>PMLcP1^Yq6c0@d&XKMCcpdGZ4q${iMv2{mXVA5q`(RsRZrJ&`i@@Q&r%bYW zQ5HU2p2}`>uC)2p)Uuhyc7%AI^NbVo4CQY%JLKiXViCJSmo%kg*lU>T(qS)i^HMAR ztq3o4=@2`vezy)EI4SwBXob{bF9Rf|?YC0Yo2~D=NlCf)P!Y^e8irSNS63I~JI`I; zK@n%_x~I;5gfO?*b&-gdKpv7dUpGC%5!nA`zqK+yz;mq(9M`lg1Q``d+laje$zO}k zQY_PXE;F7m#&|AJL65&GeN_slaU>4;*MB33>=oYZmtrgpQSS(B$UvBqh99A>x!Kat70 ztZCNqp@=08(6{$o0eI5A^5r?Nh8rRA7)r4^4A1TL`DIpFY-;H)gMY4^R9 z?mnp++|UY)(-GOyU$Mo!9)%BJI_^|Y_>c8hwk<5IFz5kU3}sd0V_x3n3Xyv&YiZti zO1VZ_$Nl}*h}Z}Ksx}lVmr07Yh-_O@5b(zlI!9xq%n^LgJDwV}zJ51X(@=fe0~wKI z-Nno>No9&C4B7%X)#2a2>#G1?k%*Z1E3n7N23dt=7#Z?+DuDB@k+(CUBK9fR}aPzz!tGc;nT^I4N_nlW|iDU6o-VF9)$e?>Rd=(;pnF>3Ii&`J7RtVFo>~ z9Q&tSrv_Kcb%0lvu-9t?Ye`A;0YT>kyk!Zom+eEVB3h(d?z>Qu`aMXuqb?yLQsJLV zeH!H-xNAtuhsXV^9xe1)=Z2@vJ3?4$zvYQQsE^+~ZK1KGNiqliD zwpT~BOn2gsZ7f);fg>@6a1*Z+vagfwD)VsP^2uz#Tum?1<`HEjRZjngNc(DvaUEq*(SQ}6^ zG-FW0UuOQFSda%|!CI0I`_bJvOc#JDRGCLyII;HApH!8LDbf+!ur-;sdw}DLXr|UX zOQ_z>O;LM1ba9jVYQqFSN#}1Lc5mR*+|@;p;l57%FCl$GfnuAbfAMyE#)Q|bEcp~7s0mz zSFc9w?hY0Rnu5&$WNUotP8d$yMVssUh;-@S7C)ggKyDIo{k#L6`3+ zDc;s*@?0K(OPAzd$+UtmMslDc>2=zJ&-L8B(M|J z%(!KWmecTO&&q_CQDqzNQ=!KI*E(@9Ui#9e@Y|-t zhl#I}Y?mV?=NCf;C>Bh|?tJmu#SuPyDRi^!P^BoOy>`B&ZbnpKUFRWpZ`%8MYfc7@ z&-UlZD;RfhU}IxrOy#!cS#e7ZrK)kRD%fzwd9JbS_*9lncKIA0%mML&=GJW;e!yOGmu_-V5xtQy!YF>M-;ggZ`; zN99{La?@l$685rhnV85Wr?tu)*5ny<8*owHQ+7{2&y{&mq>`tD@Pqtll=^B$p{=3n z@s>EQxetGQwiv#LYj|%Gt%)x(?=lz^1k3nf+i>$gMGk&4V}a=!8)3;0Bk%GsLao=Z)52sOB{!Ra?j zWd-XO&-E^JA=w!+mt|JX?RC0zcwS(gpo<8w_aedx1UZ4;B|QeIO>q3IEqauG3`zS# zPb4J8^zy&?8biBkI}JYlV9v%)%&6pg1~4PjrOTX@>3({|WnQk^p6ah;FuS$`QY zy@s>pyttwO%YYV-+Rlik42~r)4)jTx6>?1t11jwh7MiFM^b?K(wzdrg&W3vnE3!7T z2V4#2L5~ER_C<#PL~YT5^8Z4Su72;ohT^ zo2niD>f%wzUm7132EJ>Jac5w(5hz(0yyO^#7b3pUBjDNq+zD~|Tx??|^4zWMj3Ppfe8G=h6EbrrK=3XkpVR}Qv&ZI z3gt`cj-E80g3vkJ8&9DH4^sxja|I(-b4F{p2zDT`KXor`S2IvDH|u_JQ{v;xLl-8u z19Js5NdzAVniw*Ez<162NTudODJaDrW!G4E;{+e&S15uzm;~n7psX^TEtwK0i$^AC z$yA`~4@#$4r=jb|xj_R^xfDnW2|?qfwcuJ+0$)N1idfs07!n25NKaoPndzNCO)$v& zNzDncgTaUZyU-bJl81Xn>Gcl7=7X8gjpO2#l9`Dgqx570+9(=`2QCz#Fk0mI{9CZ; zlm2Y|jU9078PR?RfnIu98AceTF37@K^)o^jZ!VG9O#}hhQ2nvw{A~ES52sSSG%v4x zuB7p(Bjzjm)}D)%R4IiR7e2x!by0`~Yy092AQo^Ge}lyzkDCxUui%w{eHNXdjeS0e|69or7Cgqmq%` zSa|F9C~hc2NIiMFxu1WG&*q5F=CpJ)^>l!VqsGw!&O$nPVwQgC(MS9OPRjeZa#6}k z`<8b|)`n{l($Ih{g7{)|F1CxaS2kmY*gvHfy`PG#_wyU~F6t+5)$`4d8v3r^mk{Zn zKV`mo*I3D?2*bxt0&qF(n))Kc_iw=aKP7{YB1#^VY4n;B3zY-3xKOrm6Up?bfIHeE z4Ei^#DJ!ywuoJ0RSa6?Gl7c9>5ijg(PskEX>}>rr7yyuF z=0KioV-)GEMh=}`9mN`)ZYRie|6W0f7E{m9*z4r$;E+(nVATEnDs!dr)sKD<1}v}L zi`)4bXW@5BO3%WD+-N&$wK4smjrcf%!NI|gRv^f;t=oX-zY(=p=c6(LSNlr^)3r8b zY10G6HPhcVMstIQz-2>OssFbDYs(H)PIZKN95iU#xMr4nV!XV9fF|iPi=aM{WO&Ha zW#uivR=~-R#vihMRSO7AAAw`zFR}N}x~4TW;uUuD+sYjsPZnW7=jg(d2^rCGD=zqAVsBCQ!M>dxF{@yw-d*%Gj5P6T|H(-WYQ93z8 z`$#|Z4Y<9v6b_KbUkBT={H%?0x zQuv+aRX1F3d~q7|xQg^>yo;tR$gX-s*|_-VfDApYVF9}|GN&`4ODfUpc1__%X6dXW53J>KIZQv5K5G8uGi(`RnghrOx&1&DG3SGLR@p`bINpM;>UXAZ7yeW5C!pdWr~>ZN~1)Hf_-T-k~H zPbygE7*KpY8 z@V<{_;+LMH%g6{XZU1!7PkM8&OTDiPS58XZ!#Ft5#M8VF7n(mBEaN1LAd0nWy2);b z(T%1mPK&lr^UBVA$*zR$`x zbaqW9eU@###~Q%=iFF4#dq!VTRjtCuAJM&cGm9=*UeM!$tZzO_8W}G4(5)O$GvgN$ zD*3#2*1J37o|TcI?X`B@OuIEvdLUMXJR>_68ojI(MjAq|AzH@=vFr)j@~Hxhd$%b# z-9gW2jMoN8QupZ9O5)@8FhFbmVe{%*#|0*nDf^PBzX^u=Nm#ZCia;L;eP7LdWgx&DO2#>GsrGkb#476{FI^w%+Y{+V3##U1c8=jZ2pNC1%fy z!oz$8Pl-z;(ij0@OeA-fh|c$F>B3E!q2LI*u(LmV0(1<9!*sx8$*o+j2w4&q%!4IV1?RbwJQG= z$scin=YIS(^8M?1%I|V!Th1I`5e31I%(dV}3WUMEQ%7-GB{`aWvDGewrq^JDQxnkQ zemQ&M@agx^@UZLv&54OOHFFIru{AYWn;AT{Y(lhpUgzJgww%v;vo3$&*0=>v`qhqo z(`xJ=qq^z;W);>tCYO*#D56<9%RczcLe4~6Pk(E#G5nH(ylRFVp%pfCir~w73QxT2 zC_9j}FSnMjn=OKXNts_4W4ikZ_d{LJP2G*O(_)ux=woYoNVsiAbI~6(qwUog;P@1# z0FzsIjkPHJkJY+J3Ge}V1|RFb2OhhY8sqAk=0>r}3=mwm9p22{+%E6dr@g=)_23)B1BW{KxZfL@>Y3WpJrN(RP_Czdk)i?8a=WyljMataueOFEK`hyD6%-Wao_7 zi+_rFdy#eFRw!idE0!@-9xpJ+?+B>nIX_ zYbhN=4A7{#9oByX<&KX(Ik4p!@UTBd(-zT6`>sL3LQkVacg|2X1ZE?RYm-#y-4#q> z%kdsWB7#?B0i$m%%St``o}1(B_ZKx}q~FPQ_+s!{FBf6aFDH~;GSn)$*|e0Th>?qG zrRy+P@F?Xl+i>TeVL?<^{^^^+I=kYAGZpUM!^5;}<0?+_B#22|@*r`Xsw2vdf`8bhh|c2HShy^P&~*XQcgQY^*ft zpdb@&PlVPSC2(UKQC7ME_5H4IUbg!_!smvrR|hl#tZRoWy$#znz$i#f}JcYU({193#e}A*wM)qTe+v-_VKWr}a^+}ueWgOl2>!8r^@ZaGnh?V=zX9zkT zon21X<;b+2wA+=r?u(Mgt5aX>ZxOR^fD7F$v&+ke$$lZ63-(XWg!d)wFUJTO6$h+(fY!z4yM)nPmXtlzxNK*XzI6Oyspw=8T;Uv@+`h^h>Ju?+!e}TqxD8sD`})~%~ODtl{PRu^+)a* z$w6w#5>AzyaeW-8leEL?+(A?0N92qo^KVnqNt!@;C--~m6kjhIKk?ao352)h5*Xc{vEp#KE$+JAb3FnR)=xfz#I8y}UDr%BsxxLvKjZjVhNDjS z-Do`Af9x3d$YKf79iKO5{+M!b>(sq5)nXCAnnD(W;%g6pj!HY*T2nGE$F zn3fSE&hFb~O?8)uBSw>{mBQYp_$Guyy+`#9c#72K;5W5<{?n$^PfypXgo5`1h#kHq42)|k7aP2RI=F}#SuLa%;*CUA)B_^GMF3g% zA{>=ue|2~F_GYe`y!kw&`So~DXsg6GIFCaALOGuyxou=%$3)@@F_ zFtj@vgr%|U=rs9N2OcoaHCgQ+v={etTpF=t)7g?Hd1MN-k- znGoFd+ZHwmf(qgZSlM-HwtDHRy7n4t;^ZoIRkdejZ$eX8gu=SvUVV11&AZt3rGfsX z^}<3tg@tY_C~o$2Q^19mEqTMBO}HiPge7zA1rSmf+;cv~!?`yvTa67xil26(FYOOGWx}Lge+k4CN~}u_K$^0lh{q9{WJ_fwmB2GtMQzd%xW|j%axMzz8v>UsP z47r0kW9~7J8coelc6Hd+6qt?AsD|l^1U*agBHAu3&T4uUk!geH5F21!^#YebOKN~G z08ioUy^C-Xt`};z9@m(ovn#Ud?l0#Kcalm=FCf6Qi$HL;3Jbl-J)Oc<4ylTOi{V7z zrEBWi<;=^jWos3{JeHh7Jjr_vJh2hCn!zU);T=w-1Z-UYXa3dHyqy`;fSY|t&=~)! zYsXU4zv?zrhWJkXp2IWvDz~g1Cg|uWWdiqGaEpgOWaCCzr2ylDxDoY{Rghxz z3KXzo>%AFRsyJ(5Wz|bOsR`RsEf_j|m|vWKSomg2c)uO;Co~mi!=xGbf0^>CZ zc7@ZCW^=G0S_$txqpHSLdD^?EB=FzGDe&^`BOnD1S>%{U`%}xswY0bU3GC18^{xru ziu2kn8g-&GQ*W*bolT{FJl@i~jlG&j7mk&_)?bYfK1SLDR2*4ouyFr>GROX4H)&n) zpzQJvaI7{RwVW-}>s{9!JDzO>KEGU$wntPLS2kR&Fvk!SzUCH;Dz-^096A-gJ(2~o z`J1BSv$I}7zO~ZpO?RUnyeMo=2jqE|FqPirAzTmR5WyqxxYZlKrmtWjh3DhGz%-s^?1LMmLhnJ$Ou zT~%OVVRZ*!Z>{(yx`KD$oKuOpo2A-><3-iNkv3k)yHoXQo@6AlQ+@9}bv%EasWoYH znM3rBF#3+M(?NXL;eW3?%2)tUfCnd~XYr8=V@wDBkH zm6~z5qlv8JsSKw5s#}lE8&`u4uI$2iVEhxTzkkaZiEBkQEGHnAclm3iWKVv!yEhd~ zS&@xfL1M`|nU!MB7s3=Zt3UjP>oFS34YCGwb5U?jSLZ5)r}88vW`61z=eE+I;Rek` z7cAYm2YZD|B;kZqr2oh;JKh5ovRyKI11ijH`=7CpNf2*tM~enNv80A$YE;|%Tg_JV z^!~CSU5c@+^oKN`TJA*xHbDvT@zI{h)1HH8xdQ1MmnT~deYG2e8V+IZ)sqj=1DB5z z*y-qY6&Lo571k}#I)K|pE*Ipj!Cs*Ow;dsI4OT5Pf{l0~9a*B47^NDGG8P<3JyvgY znr&FOnVp<_d!ll)k)LXUeV#QDm0LSGIkDCT;{1Ije0lfdUER=&x42(gs^#=QJt&zG z^t>$9yMHp4rQ3qw(AuoDo?~6(47vDpc_^B4ct%%s(orTMl{6Vz%Sl^-8vCs&j-+Bb z6M82d18Ku*2FsGTL^_IxT-O59))gs)9ia<*jrU9Sv>Z~b=E^>Rt=GSA{$@)^U5|2^ zyN|bbogQpOgLkdu6>osI)OY^&)2HzgLeO4J#j2S<#8;H!aIA^K{^yY&W;^1yOmCL4 zbY@j`^|{J6`5m8c7|Lqq6Z@yC8Y9YN!&q34|5mvCdHGlxs0BnuOql-6R6K!?l?cKW zTY}~v6NmdPw54VKTXOwSvBGsN-V`wwPy#(i_mRH7cT9y3KRtexzS9TMVb2lT3MYy5 z&gUkt@*H_qnd4W~iLGapgxBz@e5)$DOJ?O1M88r!h+ra8V^B;l3bx9nG2#>Yi5wQY zgDJQ3fn`>)g3UPT$41ZHgeH5boQKZ6W9zQ?Q}T&HQHJZYX$XFflP1stP@i53T^-+K zR;X1zK_*>focvgo&}g#C*Xtm?hx_f@J2{o?BK0QaS45AFjw`=S8>#>EapEa}2z5Xc z2d+W}b~<$dV5cL95M=*5JO{kr9r#XwG)~u38|rH1ARrW@pavJYbI%nwJ~8nJX8&9M z{8FfhmGNa&`k{J)NjhWFk?pFqs199`FaX#&WwV!_fs!VEv+qqZl?!wx9%Y$hHy_&O zdR);fY))euSc+H`im2jO51boXWn{qP8@4r)RzS>9jRJb*xBOn8ass?_Zcl^r%qBPv ztIC7Of;4_CUA~$!@?G|jmTcf!og^5c_DG-ww5f4cneNP)J8V(Ir_da>3Xs07I(Sd; zO<;KPhkk3Wk%ZJ>i^&ua|SezV@ar-`g3FhzxnspKW{bTt2v}W zaxv}7R{XG?-|O+){4Uz3WPD6YO6*_f`nS}2*{z%37tqnK@{KjXJ=YEl4}(f~ei#@V zm{#HA-xN5iiq`}I=3HFR+f=QUPEOW-5u|9sE4L4nLO<|Ya>O9BJ{yMZ<OdsG}OE*Vb?g8=m}HlbNMCO^ULKo zp66Zt?Qa?XAjijMsx)3cZQ=dz3IQX_fdQpo7^mQ4$sJ*+_Kmt9W)YK^VVIF_1 z>3RxJ>F`I-K-qCDtNZSZSC|a((P+SOh41ogbymR7U|tK*XCtST;~0wMRc|2yfe$_l zgVz@KfR4l9^}H`TwdvQ$V>)DJ_9Aj+$VCit)?U5(URD`SpBb@xtbpxdD&8Gm*Pjv*x{yEWy z)QMhtmV;}hiKAQEHIdVgpRM>sS~w@ue=}Q`uKkTBfa5qtptSEew)=4|GfdY40Qzx5 zwx6wRIgXFhQ^nAnl(P;GFRylep()N}p$3w83*4qrm&nrW@^j!t$#TT#kPvV6woa|X zy+R7^3#`Seq~}1d4Ag3D<{njJ(UcVotL5*>Y>H~{b*S3hyL1BWV;PzyWZ!v#l;A&N z!=ns9f&~&V=CQI zMa#&6KeqO5yQ37KLlUX$GV?DCZ*h^vStOCp{WW&0D?{iHcUSPti;)qtt@WpPk-M*6 zVf>oFmGk|^Sp@|Sn!Zo84q=8X9|w*vGYonI6fq#9j*=BmTQu?VOne)Q!q^^M1oYR% zL6q57;iq|Bp2}`_v*OlME3O~x*7abJD<(N{ecIJ5`N*x0c1E6sPKfeRw~#qIg&RvF zBG8!ag75kooQazse)ceZNpKv=IhF63b4_#ojr#7-xpyxv$z7UPm#Ov3Fm@GFw>7>B zQ8m9ZDX^&F`PT92OxuY+{QCf}n;>O3?N>vkR#AnfWwN?WNB-5P{|AFSPy7w&9>Hbw zYaHVjGW~fO{N}d2B6)kz!LT2DZ)VmZtF*M#LR9Th<7C%|D5@qBlb26ndD?)@+$mKqu>YFG%C9MOX#)OHU;5;c6r{pHnRb)>1|Ceb_8Dl|-kQWd^6H$lxD=sAM3VcvpeU6%{2;dLyHA z+%GXW%{YNoZe#1n;oDq-y3HHk=^aLfzoz>luZDfs_JAx zO5tkOrE9OTc)7b5W<72VduYEal6ZZwgQuaSWjop#tn0+WGo`jT-sgSNDKxTG@10OU zOmrFku|TGbh>a2b!F~t*^2amqy`rovo&KVQ_cD$op1!^qe~`~%+wQj)QWtL9$((w4 z>%}kb*?(OAPJ6`I4k|VP?(KVswE0+sEQ-Zox|>ZwmK`WsIgF1}u1QUAVglMs{KrU* zRVHk>lt-6o^3(XK&eq)8tt>YA;i8_+3+jRk zSE>=+uKAfl#wEl{ccyH9h~ps%gUq~rV*2#Js)jp+>)2Heq3HPV503R*naivAOw7i& zuf4Lx25MlGF<<#mg(1HHzt-Bn1QGvQpCdFCr>~THh-aKQbl?7CwrO@Wn?R?c7f0n>Z{42fJ1-y*cMf=xEQcx)yh8Hq6rRsW|8%-{%1Qc-@@8UhvoK`zw{)#&a`=T(yn9{U=+blCPFe;#|v)Z z1OIMs{5ea?qqJ|pxfXjlt3R6!T3@}X;?GB&S-E_zL^5VpR7KdQHKy*qj<_=Dbnv^CR>33v+S1Dy)sU=s%u=CDZk_uhr%(na>vQyG znhK|S%>$5qO&|LD^tKvk)`iVW$h^Gc-8~A?%lR3yIh<;74`zk>V~6#}zXmQ4_?lEy zRjsEltz1=c!Q;JG{h(T-wY%+`Mg`1z7^h0B&JmHC$>ncvL&MdxPC7W`eVyZ|ly`UD zn!)7ewC>dT#(^be6K3@FwYkf-(~aB{1!Cvcm)qP+o>6y`&+8`-EpoO3g^2@tuN=_K&=@pJrGiBBb8BDCuCfiQ&X7Mp)5tC+4fDX%Htv zNw_X@_9&!ftu4?D!CooG??cBHvlkSeo1|x-4;!vgN^zO>+#`z+rJ)6?KaOR($c@U} zsFvk}}+P23~U*Vyfi{K}fWxpL(fg}iO*{RlmDWVbh0 z=o-;j_U>m5^T)F>k!$vpFW;*6b&a^W8Q@x4IHRZm;W?xI=@O<%Ta5+8$bP&>_+Wwq z2@6R^*h_9~KfTsgd2s8~l(#v-(bm*+A$kSgQUyan#mp1L=M53bPd*%Iu5TRehpgmE z5jhG86mOAcfAy+OSCQFkw*qz)M+qIH+86sFnO=Uy!mN~nwmp1f73?yWw1W{&OjiHy zG`@w?|0tXo0+nQ)#Z;n{CCD#n;bE6c%L9}i_nx!{p&%{VnBDKzN}2I=#ndW551>blyb#=-%6>^O|2n@w{tD)jYP&b z210`Nq@~OcS^21UpJ|Rr6gmoknY8zlBzuG?Jk6t_XxgP8iUD}vbyLJP#Mw@%#sPK2 zP3ZS=o7YIhYCTtgxMdf&dI;b74Y|_`4^W|m_!awzh~5psl@Z-ga&K=mo0OO6q*0*% zIG&mO~YYFiN4b2BCU>1~(&H^O!2>}PYWm1U*Gu())WMU{a>-3&}^(q!*`;5N_2t zwx8L%=37A*yW3U2V2C)UdebMMA5v0s+UkiZ_$+SD&k)hx!BZIMLHc;ycCiyTH)nE2 zv$|^o^TgNYup6p?8$S1Agjr)P*7pm6Eho;Tx(eiM?e3H-2V&u7l)lO|;{otn`iyb- z=y9}mI($LU=j+yYmaPKD!2+6(2I6-yX|q+!6sOt*CU^aUE-c02;$Xqs;kTp^m+C5~ zmsb3xa3Q6_6peNDpEfJmu}REuCXr~Q_Z@@}>7|L}5P|Xdc;PE&5gCElu9z1mOcx+` z#n(<*+#&L64&ZQUz#2RO*xvYZcuCl2+#C!*3YoSm8uvr$Qv(8C2Qu=i{a`ALNR}1w zS?7#NAB)dz0`(GGgk&UIfZ&ubk@0Ej)zUTb!2(rf7r3HZBGAiFL$!5PV=g$0k=VPl z05m7St&8NF@)ocAWS4p(N9{B>==q=CsB)myS z;6!FIB+~1$j{v2=&FukuJXv+X2$;sDwh_QDn1fL)@7N{AevM81R%s&U2CY~BIV3qr zK9df|f1&iJoEWZjNzf2rbf3E0J{)wyR3dY$)Z)%l`CdwY5cRXxat7L}txJhMJ_`U; zgg-TQh(NguU4U02l4X#-#;ziXBE^+uQ)ZryNz3pC91Qr;krW?NWl3u;_XcLGs}(&D z2$jZh7pZ_^{dEpWep9A4`piqgz1`hfBs?T}$ZHndo??_>enGSJ(P?-sO4vckcswWA z8YhSy@fH7UsNoBpiM(dgITxcIV~=>NNmp~AI@_-b+hWZwb$n1TZOIY$fV}v1WoZ@9 zW$zf>Ji{>Wx+6r+!lO>6!&%~e&tK%7pbq#VZ(Fjiyb$%3KrQwy{qi`7*zao(LuD;P z9~^zX`)sm@B^@qbN*Q5HpC2-uBuDy?eBZSf$!%cV#-p7C79cC!;EnYmLPv5ROo$dJ zHH@IqkmZqG`jM{UH|JV0muB;opJ)|IaZ2sIU-wmWPwA=Hjrj5e8tvCAAlJ~d8oS4h{fTyF;&Fmf0FAN7#m*ssQ zZrb{`@7e7P75k)`-TQqu&kRl3c-e_5&@wlN+~3~r9xb!l?%XI-3?S-72YJapF<2n& zG>vOpj@a%I^$QDi3iz3po)&E=8^sbs%#e5OfnI9bze9sJ*B}eDt6ZOYJud98#jIts z4c;su)>#iO4m#jYwyqjAt=5GfRtq7KDEKN@ep9N?<^gSI9Tk4I~{U7 zq5TEGS8UEnIYUE$diQ9T9ejY7)8#e33&MMf+yqAmyi1xK=@D6BN`ZQ071h8{& zR8~+v&ie2Hmlbc2wx-}VpF8VN#;`kavtly(;ttzYA4crbMQL717m2XEvKyhTK&V$Y zpYd(R!Q!Ccofcq%GOQ~yO+>S{5&ocL9}?*ULmKw-A_U-2q2GAl{1pQGFT?v+UpTG# zbeu?EJe|CBM9T6Ptkw87ggnt-T&U|0?T|492O=fs|(B6aa)R?A}0g+6r zgo=8yinW(d$Xv~n%u-?d=-`J@Vb^o5PaWpup+o^64_!>JBKfyYUf{KxD2*}cr+DM@ z?kVr7xyzpZejS23S)z5lXjaQ3#Pb4Y^s~|O>mw_23_XqXQZU`?bMR@OgMrI!#Q?w{ z(jYln$nV{kL9^^Pmly^-TPC&+A~&;BdBg|tl{bL)X|L)rK8sJJ0HMv4uyrw{!FqmX z5@R*%Ejo35h@M8f-u0I-+kai61gN7&_NagS+tGi%crzlEjRk-0L3ncPF(8J}Qjjp9 zV!fAezH&U4nhVyhI6Woaz53dwbT8$MRc(ee`84}gb?ey>=pK%Fl+8!lcroY<911`p zEZ>#YDur>2fm{uEI{nOYwl`FihfngE7jG&WN2PD{l0ud@QOBsTh>V|LF4S=8lQNi5 zxmG~|e^y~(n?!NYf4G-aF8SAx@_)-oVyD#_$Hlz@a5U#emt-tKhypVA%Jn6;M%cK!#Ck zEyOh~V<11B*BY~mx&7}^ft@4!*(F;Fdsp_ zEOqa30A|(HqbvtcXzoWo3U-lOg1?LIb$|GW!@CRnaKGb{jHnbJkdZ?Gpn!)bqXs~r ze!{s#qSu^&fB?WUx9T4qIW!Dq;Rr-sJHqIT{z=-yIV-TvT2|P~YTR|q63zBQ_A0`A zTdN2N7g#s-d${(51Cn($DTVF*^oLgoW1bOboFZCQ<7{4pMHJM5`B0z{pCDzIB0j{I zFV-K0iVQ`v&&gz!`Uk~^J*)U)z~nJI&-&if=RBb}$`;5l!LU$0;V4#YA!2ZlKVK^y z-g1rhrFO^R!E%%saGW#N=0yJEkh`d2HqVleG0>$Z$cA3MYs2?A1vLH4Wx^zM#IwoQ zYs*o>Gc*~EMy=C&r?3@Q`JRJ5ZFJZ{Am=1CP?f>_u_i7oiCq0Jo4&_&PC7oSwwm*` zaw&USOqfOz;%o(l%}qUR19%n!Yc0;xD+yuv-O&ad(Z1nhWbEgPR79 zm=_*_SDRuJWEQneh{_f?avmu#_+h}dVmLCX?;e`G z=;cx-@&jc1AmP782ip*D^)#jQ)KXYduGPG%Rq4Sn2XHZpOX&XI<`+Ka1NbZ z202w*;Z0D|@bKc5wZ1<5?Wq5l;!L6O&)y{`N7!_Qu(z1$Q?H_f!PBr5T#ip9IWJNO`SJ z?O0E=+O_6a4YH6hE@9LtKEFU~w&Fp%lfX|9v-4+;QQ=e4uk)Nk=e=Vkn3;VB3HFuAxC_bmhClVuA=j zxy)BlR2l?5B{7LHQb9>4!WvvSOx*5sgb);V6q|KDLm9xaw*#7dD@{BG*{n|a7N0By zpkodlRj}Wh*#y|8?7y0uyPdUq)DCbJN)#bi*D5-iDUzC&F6X(-7%#39)hQ!rxdP;qxw&V+=?nOfE7#bo~928F~(0d^o@YbI}A*e zPVxQ$-&w?nSOdKHd2s52Dr0()dYIVX1>~qoA-QhC+C&M!F{|P*2VE}H)AJgjTO?hH zB6Gg-;nMpK1xO&~_nNoMBi+~^zw8c|4wH@*iXl6V@XxCziqG)1Mbx#3 zPfZr5E+Po8?&cp+1CzrcMHs(XZ+jqZ*&6K1ClZl8_um9cCo}+r!G7D1!=vGUSsl;s zTeyk|XD0M{y1T2152nO)WaeJyh{!dHK_CeI>d=W;_QWgCPgfV?GOR*MJ2*RDpn@UU{Fd?8kNyi`C;-x7UN-IPi9-edU-spTD@UTJV=&p? zJ_Y28=w0_MHH@KKsA0KxC15H5 zB?VDM8yXGmu*0?a7yv;%*Ay{w_@{rpd;N4=A=ZljID2Z``>5Pb!Vv~?g6lRGld0}l z>lFgno{_+xJAKpnqf7aGQXZ6-vRl1Zr*%bF+Vs9J)jT0c+r#an4GP-`HpWIq(mk)a z4(C%ZDxZqL-2a|W>v(R0KtkgQef>0WAb&PF@UF!5M{`SC8xjJc(!FxBv0Y2w7*2Ob ziuOqTdRt}4vKs?weRbWov;c*QRG-yr*)F5%Tpj)>X1F+u=D)GvKh_GsIgkReJv|xb zT%Dq6gWL!?95S;ADjeizG%r=VwD3d3a>o`CA{kp_r5e%TkreW3-J=bj%2dr3H!N!Q zQ}%>Xv*rgtADJsQeZQ>mv`|kFP=D(UVGZ&SJ=l?wK{uR;l%Sxo(~Gs ztxkt7{^b1@;2oIhWPw`6Q!Wu!@SjA@7B=SEDqm$g7Z0F=YOG4w&oDq!iYq9=gJ#V{ z{fFjvQ_F7)R(9MMPBgnf%N_#7--fN+RGGOxCqE{2o$|=qi?M?A*iKB{LBX z&hLD0v@}2Q$Ji?oYk9{z631m_MiX7}`jQ>09rzj4q;cJbVyZ1dVcnM*BA`du2+hg) z_A%(s@xJPCP!9*?6Y!{ zj6@SnGVRv(nQ7>c6~?#R#L8yKirJNPAUen%5@LDuw@1Ex+-FH95SzHMk zRWad3dgVgo8?ow$gsCl0qy8a)IcdxH#GIq@(8NZUC(7co5xXfVc#1Cdz4(;y$<135pynbO38XigE__i(vQtz<%E(MaEoze_u6re5522RmFgftfWRHq@8 zUG7)d;D73%Wj}C#qx!Qs4$SS zjjyF55Yvb?1u*Jgi;K^iK_CzgBr6ylRZwt-kB{%enRXfzP0a;%+gmyR`6TKXF9ZYC z0*^O;{8||EpOm@{K1v_u((WK5tmF>GqC(^_2LSWP-u(TCr5Kr|czzqiPQ)3w>%`B? zIjecjPoH(>?`tcA>IorOod&KbIYYrw4FK0D-fzu*v95F2Ivt^T4Y;siHU;nh!4wIs zTU{+xQ&Ve=v%v!1opz7wf?_$Fq`S$QgTG&xT4wMpddNs>m>%B#3HJ?(Y0n(4R$=no_ENS0sQ*U+Q5IY68_0J|9JNb z(~+olPZ&&*hldwuv-Hg5QPNE0t00Yn-=4~LmE}~m(nmUuV)R-GR!4Tqj6{oGtgX?t zYWvVp<8()##6EmiioMl}6`IZRP>!+{`Itd zyn>=W7FTRnQ_9h=k{}NXh0T|-{}`*UUwgUV^OE}1+dHdg^vwwz{rdU`kEgihgxz3U z95<122(3CG3%Zany3T7$x)=f#Mxcd#EPN3PQmWA(CGS>8SjhrX@>aX%PvJ1 z$&Y46U_69*5=zx|^M^e%+j$#o(c`fn+hyz+H?p_AL!K(7JOz`3W8dbwbJ@s;02`?uc(PvvZF*rqiz1}WN)~=j;vGV)n+X81i&QX|+>lo%!XV)%B>-l^(nY0XP z7}G#K{%m&aaCa83Ax#=QM$yJvo~9NT+_Cy|)>IeEyxE|Bo8`x%1rz_Dem6aoJdf#< z9V8;S7!$RrWkmB^Fh;K!_ToyQcnG-N#En6g@f5kHBWid+)DvF}`1k{)g-P8GaYkUx zs>K2CU&^XvXApuc`QP!7-}z$ei-Uu`H~wBy03H^7T+%H|@>2BMUh673pM}Ud1z*KC zLFgZKlw;}fMLG>x0@AUq>M~#zps+7GCbr`;Iz4k~>9mx``b*ie#kZ^L=Z;?!5E6Vp`SByw9iqR?ZV?k3_Y2ss&~% zSsPpo2ayTi^P76UOzz z&7))&z{xp_>e)`MJ%`*}1(0j5-+QHM`9GqyUQAbk*nz0Ew7o+i-9QNL8Y#5XN!dymh^Yw>SZvKT9y7HGvRFh!Zislz&3U42`tBl$sJ0U+qVFftyCYQ`L|1X zfvU0_u=M<;fGgJ441<0tpQ@??k!P7JWhH%b^u?_K3?G0@Qqn`)MO6*XoE3G5MQgSvnyx60L6$SM95|VT{ z)8A7Ayyq{^nGZM0{-XK|(&^CrkARwzt+&Groj-q;s(vO`D?Tn4g9u_}`MNAB|xFrmG z8U*Hwuj|}hOuHBQ&;v-Y@K()t`GuWvW`ZUH?E~t%-X>{|Y5-bSRc=pAN-DmOJu2N3 zK>xu^%C!cK5_R7uRyN3ffCt)?3$@>Re7G}faN&=zD6?%khs;ERfWyv9=SPpezisf9 zk((M%ncMfQd~3NBd$b3Am8x~3i%D)|2y~&QGpesP?S2sY#fpUn2ewwuEPC=I{>?lm z1hzhK-uxIbEfcpQ{c%dfnzStRty&JzHv$&16TIqonjLy&lLl~A%v6gd(N_}#O~ZfQ zI{wD99Zo{eu2|QX3=B|S#+tg_hl|+V4F3eUG=Ar#8{MAKcg!V_v1EvkCt}#qycr`` zZi=O}?#LSM(HgmLCT#d%=aZnme-;aBk~2fwImj1Pzp=QNJ~cbFz8ffLj6dO9K7|=1 zQ%;0&X951ox#OHq0=fF3e2h~d>ynRziz#pFx=@uuJ05;1uxE^{WRoro6qPrB;#{L> z99L`&`cBic^G=`RP2I>q&1mNWP#Z^U*pWo0(G2?tHibcL#F1^U>bbhTR-=<-{jLTL zcs7=AR~eB$qVD!XJq@BJu{tGn!e79smt(5KduBW%QMMhY#MU|}uP)L!0s9k-GR^mo zeYUtBxt?Nf#u3He?pXcI5GLNKee+G;{3qs2q|28}&(O}L8Zr@Ix02x2g!1Q$o(f1D z+^ow$ar=^V|Lva_^&~BEv6e1ocfqvPY-9E`XXg{h7<1xO%NyI`;`S3l)l{#$%YyBd zlx52fi+kwQPo5+as2tF!>vO`@!}#|QAIEA~d(4IxW}B(>$4}7W28=94-1OYJK@c|2 zz&>D3l*4kx)`5Q5E!Lc$+oCnZ`qFMXc0$U^+i6);slFx)jr`{`4+@D|f*sIinf+_P2G&wXSZcZKLx>9Ljn+nFDcDBbC_8C#Z10;?+Pm30yx74BE~`2b~9aZC}re` zl-v4ClevW`O*rC0*2#n%eiaoJP!BxtRzFe2$_gi_`L*cc2zb^droU6aMmjtGY0v|u z>~g2u-aDtV&;gHy>CU!%>tbN;X{&LpRmnnOfu;yTF$@HR%ByYLkQZT2O4i1jW(%jC zweK9BM7Z+t8x?yl>B{r^Z*60sNlH(GI>gsktC5%ImQPU&Pvk&N&?kErmD!Ug-%J9# z+jU_#Tk5p&p6D*_;x|3LXjPyHf%jRF?pLU3*nSUA3I#Od0CL+5J!T)$pX?!q=n}2= zB*esc=%bV#CwA&x%VxP3)=}x%=W1Bu5Rb_354}kbv8?G9Thlm!EjA$4G}LW9Q!+kO z_PiJZ=0KsmV))w?cyWT~WDE$_@chHI}`K7D9nC;{~xwCQ!^kZ2my(xkI0lCJDs*gu+*zGaaHFf8m0x zi`4p+cc-I;&VS7O`G;sO)Y4RmbLQB<$R`+Y?rGdU8&yZ3>2vap!q6fB{L!@2}=d} z={7l!tsmU2&#cOmUb$QhplRFL9vfMk@eBd68eyyPD85k#q(JbxrX|J2kxRc(8=tUo zWX1n+sIf`sL7LgAeH+G>SqJ_-%dhi0rg1`4-s z5|NdTd+jF2C`LCL;V@stl9IMvR8e=^4T`y_BTr9TS99Cq;PSFqevxnokyyI_y-HSc zrMlnxgMFUB2$A@F+d~R)n>$zEwg?#gB`Szd+pQ^lY4_Y7=02F;qIt{=8 z#~hTXm_Y0hL8-nkv=zVv!l;-)0pN3I5EZO?&UnYHztAmVt;2H201>uOXhJuOp)5Y- zicIeE=zeVgZtjUHOyF!$NNjgBA`amEtM% z1w!b0dwg*P036k9=30QzDvP@bE!yr%WrFO-! zoHF>#_uUTd-s0qinU)KMMW!T{X36){ch^^~9sk4BXRn(d+NS74%c%4&P^dDN7*mT+Gljq@aiLS+c)h*XVA>w6oldWl4R7f0R> zciXr65`|_)rQfSis(Y5NKkZ``(J!1|cKt9j2kOKowHDJB3rfMnKcU(`Ppw2W?7Fy6 ze4SdkSGYe+!qxL#McLKzZ|pX=gzzEwb$+k;1wy)X|ARV|OuIj3l5Q#Qldcgu&_Am8 zRB%Z?ZM`yz=E{&KSz`FEce(YYRmZYLT& zhJAsESsT;z-r5gRo_Fo(Ho6{rj>N6U(t9CaR1+MIDa-7p=Xyj&8uouy^++C~fvKM) zi)qBj)Q)NhZ&V^YE+*6h;G?Y)LSGbssdlFvRLA~>tv=TzV(heI24I@NS|xq90cZbyy&X~+|O3v`y=d+7)sTJZJ( zaHC8qWcMRgm&=g{JQcXh#oqEHiBGdScE*l!gGhrUx-;;^U~q|x#T|X7RO3YSd7xK> zKFbG4v7`RROUJ}B@DOpUQd}DJOTUu4X{hlx9)tUHN^NGL{cf0DPG zNMe}UrZ;sDBvC)I&AfyU_aXf}TN3uT*~gHpG&!#KYP%T`O48_G8%;#SDOsRfuh108oz%hU5Mosv-FCBqSeg+&r0u; zfmpk=dZ8@GUSsW<;TH!fZcqBWk>h|VbYd80{kg9sjWygHH6jSKj1>=H{r-BZ#BJ?f(zk23 z6l8!GE^cdz)E5EN7yo1rr*SjS{W%l4%nAg^5CDM#eT9gACT-)9ZjdUEtsi8cwQ0py zclB#Byxu2zx$2v?&zX0D6$iB#h>fcRim3Vzi`Q7%N*57UcKBg{YO3(m|5L<B|5=%bYmYp0DWm5 z-=6ne6dh|pqx5wF(<`>2_(IR`SxB!ZfI*?`0vh#qDntu64``n4CM*1qyF%cs=I(xw zuv60J6yWtUxcukL2KeQyWqXA^N41Vtu(L%2Y6SogGVjyC6%lbv)hDZR^F|Ut~Wx0jv z`$nk06DBDlOd|*N>djz5M!Tb2L9K1j+D1`8d%uqE!?JyW#&*H)XMgMzEvYht z5EpUInzePhTwf69YY^z(R$QO+?`@oSrwzT;^v3f_zPAyrR-R03-ji*>YK~f2ZJQZ~ zvQpI*!~dPSqTWT-V*r(D0VeIw=2>-nu56lmbIKJ@W-tv>HkS~CiZUc*_mAGvD2irz zQnX(L?Pp}V=2oOoj+^>las09(upwKG0r_z)Ug|u{D>aTl!F16ZRCU#Lx$WbPiHj_+ z6uaBlke5LxPcRMIyiq&-x8~6i8bRSBD`SWjXDGf@x+sI(Tdb@Josr#8J87b=7HxC9 zq=!Gd?_gDR@m;`oND(L=+Ky=5+inPZPdYpXl5q{#PyCqBUrJ67&omtVuCp!`0j8TO zpLA&8;O`A$s&)95n!w0w78Cw^Q}w_5p*mflqHtc%9*3PyXBI{?p#gqcJ(5NVX5dU4O7E>=TZnb#&cg>Bql6 zGC2#y&jW#dAJm^+obLZuUl~8SrtiUW=COe=Co0~m@~_rHe?|*-jDj1&+l8lCkw~1} zzG5sD95f$7a4e6&%mFccIhD~B_Cy04ptVX{Y3P3QWC-9hV}k&nS-urRKzv-k;aA>t z9ta@U%8gpan&PYGLZ++b%KyOh%r7yPz^L7fM*sgu{s&=)=XZ30YQa-?X#d|>0ch-y z0Bi$a?>I!|imS+)?P3X5+6dcm9VB@awh!IvHLm z#qm7iy7P-nl__terdx4Co`}XbqZW9y!M(W;N zE%G;v(t^)y;)J@B_g)_p4F?nVi{fI@EwqTAuKf1b2-ODcmr)E^R=k8@KpxNQ#JF7z05GArJxe6dT_!gSW66_s z6F|mkekI>I3{IkMXW}Zz)~$SiM5$?|f=7v7E+q8K3dMrn9u{5+U+^U1l}y%w&|>ER zBZx5wO$AR1S3`Xh)$=f1deq426~-oC&BjYV8xq>6NJF5A(JamHs(@fPFf0Hq+V7jL z=n^*hvD(swlwADgOvlV0Ln^5upnv>hNYBOpKN=FmMohzQhm*f_&m^I1Jq%62;Zv+? z;y+|cVYcs512s9N(nglG1U8+VP6h>HB?t{=J<@)-zmlsV|4-Zqb zo1qP&weuPs7^q;-FhdCN8kD=@#R33=tZE)wxwXOF$_Zd8gx?*j7IEzTu!b>YNMcAe zVS#1ThQ46#ZQq|y6g7`7KJHu0Qvx7U^xXO($8J*$#;Q*Kxn8EkPi&cS#wCH_4Wgq% zNgds-qS%mXK#spKWdAdp$U??c`+AVj)6fozWAQ(^WaT@?yl<-g6HoU5n;Us(9^)5Q zF$aV@Q;P5Zfvl9Hhy1o`26%a-Gv3}Ojr8aj?3QN&`2H=809Lm@-T zAI~gm%O_z1b>GHe!sHO!ieGLbyt>K18`&jFrhbA|OuJQu(|U0*zRDMnpF3nzn!_|hk+1ysNIhtKqo6L0MUoc zrFLM9(pZQ^p;j>7eJYjnSZXH>trTx>wCr-Tl~KSQe*RX-WGlmRsEiX(=~fP{wCpd& zoQ7*8NpdUfjzvs9o_Zqsxs_WrVUm*Qv`TR>u5y3$*|=vhuW@}KGlH;0&ueWx5nNg( z6eE-<;U!f*MXK(hJkm zF{afik@UP8(=|n|vqBQ8s?dnT%MoE9$RiN_iQOCJgr8PgH2TOZf)C4u;_DVO5Bm?#{cg?~Wm`8K& zZSn&B(pl_!hlT`2yjo}{M|{kuPv4k_VU*@J=?*rTy|nIUJ(ZhfUM|qziwu6S(SpG5 zf|yy@S}&su3)SvtmACHI?lOuhDj5$r(8A4k2K7~aj1zYWwg;wV+q8l;v_a0{_q~cSXp!UmofF)WYJi z|7zx`Nd^2*^OTR`H{a@AZ}dv9*)Q8@6=P7!aZDjs$KbLBK2)Lq4Sd@XF+({JJtjGRFs?hkvWg=oZ1- zRIqP$AyqeR`|Yr-F8KR&Ic~mvc^QH0MFO4F(7uxd-M4H}oil5FL?U8liW8=nz9q8| zkjMlT1drD`N$iY`J<+(n<8-ipVp`{F1uo`BP#FIiaAC?p%~amaO6km&FJE5!P9jI& z*KQ*tn$Iv~)*AU0>~nVQc_Yvu{j_8cFrxQY}C}#^ODi2x2^aOGyiT=yTjSv zl>FOtPX$e!AeK&HH*a@E;Q+}tHy541snai9Y)~m{Tv9d?aA1rRET2Bt6NpuMY@n|{ z3y}oH-?1f!N;>atd$^7Q&4_^m{&vq6!>hWmIanpV0-7G{Gje{EP`ltR(witHhL#cJ z_Yn#FQdxIb*9E(kQk#B|q6HTXh;+9E&a*NLbcwz@g8KY8iUH&|J3SwBunkmyGU0!6 zYZ$~kmP82Xe%n@I2*d9TJLxle@VQk1?fWrBnx7`6+K;jkVc8{c;QTm#XT0&q%EHr! zNUX-Fu<6YD@!Er}29cJ{fw?4gpD5FHQYT(@WDT_gsoyS}zS}k{X=>;5%I2pj9u^NA zmdPdN&3&T_On>=9ehX@cB7u9fP&vh&qL4F^q|Ma<$}p{;1);rSY8Hw95WN>A7n}SI z?~?;|o~Cvkxo@@|$<%@d2Hjd&GL;0BwY?*ml!*9$9kv+^4aKU)3NDFpC5E=u-;ICi zj4s~DymucnJF#Cr$}6(jFx9TZ8zF3tpF5qcuv6Jd_*QqjE~VhH=Ccr+C;n?lb3P|O z0&7j2pD{4$w}Xj^i4!&3)|izJEOSnIp7R#2cKH!0J;V6WdWD<%fSR0A3HCfhZT**l z&h0$6d76Rb{|JvJDTg(C#s~A5Z+GIMxo~so+_9(N#;>^Vn z_{|29whIfM9v=2KT>(*OhsMVxW##1rS^yTl6*wjT;C|&=%JYpTh5dX4gU9W_NFD)H zONP&ZNUbhVK!}r9dcP~TwiA`Q%R8<0r0^n|C1BxeXlduO#$+vRZ6RKb8a>X~p|$8YqZAHI74F#AZIazN<7z)iI7lcn^#L6c)Rbk6XQzP8y&1|19G^#;CZ*YZ`Jefc9du*@g#9OOV z`ptLxHjZQRxBc5ZQUMI`PH%7Tv(KGOBYPn!&j&X*2CO2WY@c5HFIO}UT>hwjp2xAnt86e$KR3&MO{a5JQ^P|wlVmjN1MD{H2%JARP*kXkmv1b|7Bqf)uyi0s#@5`sxbny6l?*qN^rA4; zV4m#v#i?PFaf_S~N?SbKv$Ua9%UvLGqT1q<5zhZaCHbnx%QuI4sMV3p+ zz0g4*5POLL#eUQW8}{ihBR-EtLUyol?B-K^R)cmytdQ-ST8gg40o9ReFwB7KE*T` z{_%c6ZmMUn0Dri7KnRXAV24bmoQJM|I>qUUGV*yNl!N1`3QCoV*clSPdZJ@0^=Yi> ziD!@I7MTXy^^AYpZ{;+XsKo<;!2#5A)l^C~S#eRIZ7hhBW%6oZzm}kIV3X^?qjKcw z13)d>!`PJjC=QEJ=5{h)7*D5q&L~r61kg9@=TzFV)l=$uQ+%bp1Ln%6I8ZlC&b(12 zGnxC^>rd>32|eG-^x=poZRl3mS~_PFEEGEb?0Uk`k`sQbe^`U>EMjWoM)l{P5&pd% zBD;#@JFiYw`v6bY@--dQLjlOyszv-MQ;wa*T6E=p6|x;Tm)ul3dmOoJsEK(i4Utor zG4M{8eURP5@2|V$h+(?Z2ZFLhk{BAi)1x`IpmtrnDZ#mT_2E1xF|MyjfP6a<58t zFj$BIUPGC7&^pJwB{)BWS>x zvW12t!WWu#sHPpv1b3sE2gTmljvGia{i7=U=SN1`%iJ{o@!-RVQix|`AwJGTS^mu00a%&p z;eeuMVfjH6G|&&6Inna+{DW!7&_52oEN}Exb zd_&EpcLloA6RAFv4TO4Qz5}yGn_stSurp;b2X903G~U9kLw! zW$KWIQ;1q=Vo96k8zF;O_2VE4&m8Fy^|jafn9T#!X}#A?(~fzU68AetIyc-f z?W*h%hG{OobG2MQZR025^2jRvdGFdB7OKnm~gZ#Wfc$j|QEy!Vhw1H6h<)_G5Ebg%<6?^zs1`0Xl_=?O2IW1}4x_YChJ!u#+_whoEGR#98^&2pJ-jv9T~N zxs!6>FDBm?h=t!S)}ICDce!|W_%H;yy2@@#QkyNWBgB{YC*Oiv#RwrK43e*Zm=3#O z{Ml>5lD$vrGXveG(cDidY1#EiY<%BHAQ_nCqy$BKvg-1)V|ig?riqnxgwvdr5R7f7 z(Rio6yt0U;SE|~OJTa!rVvRdQz?bjC=WBB6kA){87@6+^Hg1VmL>(CwibD(syR3bk zoEpzba#b0kTboGf@=ndY8pWmQ!KmCW@7bya&xQLfhNjmv=Ih^}0%l|ECQ>kZ$yFXx z%CH|Rx@9aXdS$GL)iUPA)t8ONS2puEKN9nw4mPv(=u1!xcZ0N;N)rbhaz)4Io8(T_ z9b~@=*2%*yHNoUqhFaX_>C&O9acNky&*$@7_x5F7UkDUgy~Xb{`x9hPFM|LdiMX)S zy(W*^7jrH5T8c60H*x!)f=d&nESIO zf$fHCEVkX3_>S?{{H-N5#Ud92sSD#RrGcFSd(E$y@wsI)`_Zkz53yt6g$ZeEE4n3j zJ{hA&cRflF8~CZfau?>&GfS&?7Dz}SwM4G!WwL!p34~V+LB7XvSimEOoS_w@iCSw8 zW>6h^hr=1tnlOD|*{(?wvHHm+I!-IKV#3OM%w%C|zpGO5Btg)BZ5p>yt+56)ab4Jc zr#t!j&hQvzsR;j3ZR;O2&+mft zO&eY2ySzRlpWw~bpq;`)3&?>F?WtW>TLlg!t5X*0`Ct)JkPtnisV|?@dQFh>N)q%9 zmVLuOgHO}aDD#a?E$35oGExSbs_LbQ#=c8mqYRVmV8?ytbS9`KPT99kTOk>RI2`l` z)gIxQ98{Yo=f3R2ikf^Ftu@)Fv0+>q%k6jy>z97UbDyABle=lgjEqNztf6O9oI-*< z!xOU)&p!~*R1i@A`peQn5>5$*dgVwmfDi|~?adq5#^~v08|j^M-7r_GHa%Q(`HT?~ za!{F${W=;&BjL9X*(&$-te$}Ir}=hn(+xhE{ew!CBSA2yk*~=3=L+i@KAKbCYI8yt zIQhKK-W6p02!1tX+*urWG@bXt_^O)YJ4y5m#Xh00L>{Blk*&$Iv`a&46BBlCmUoO3 zZx|{AILxql9qe?a&*Hv?2umf_40RTbuhrYNc!0V*7ja~)&7mNWTx>C$9cOi?Rej{0 zv7{}+HgH&CT5&l9(H|{I_tMI{ay<@=zW-`D>)5FKkZ>4OtfyDTg%f0$7T_0o(Lp9LVXy?YS=U2n9p;Q z)wDnpHj|;2-hq9%H9vfqIR4}6xQalziE8$`FGr<_B*>()ib@>VoWFDqt}vxd)n;a! z)IHf^K44qhuhuo^?Dt-`Kz$I83mhO)DBWZpX$?C@3ryILD`RXwI*o-P z^kf$*^V$N7F}qL7E+!^CJ6_4^w9JDqx*5z%Vt&>xRIc1Yj%?YW!-S|^n4fOA2J4a0 zwN-v8qTfg;t#{&!Fk8kC9Q#IsC?Q-ibcah9G71W7H2>s)3W}f0Kp7Q34*64<{@WsN zzrLZ^c)}IOc}$s_87dooSJHO&O@XAE@7EW3-i?LSxYzvvD`>2D%tud4mnh=CZuIo8 zXy-X!3g`*A-A=V>s!5$i*-w$M4__Rpc{AzfA2iFru42dfoBEf4;$eVuJ_1Ej?fG{X z>I*_^x5mX-;vD!Lv*V3|aTD|+-OzmwRy-%=9<`dVL0Tt5BpDZWP-3uT*~#3`qcbZg zhh}L4<+ISo7rP9UcL{Zbm2A%6dZ>&h`-8^2>7u$ByZe?wci+DZ&~;y4l6N`1o70?7 z7w=Syu-8>f-*isz1yd-&<&gIEm~vv0;k)>V~A{k zB0Mt<_P5RM1-!*RMQ5``EPS6l(+TvobO7Vg_KF>@S?nkhG!?M*5T=FSqvVBcI+Lcj@Kke7|UlINB54!kY+{5%;o3l>N_1Pm%mJYdvo0s2xzO>2?cgL5`5Z^w|`{e)m)ur(; zwOKcaSEF7I&oA_4M?3)2rOgmk#N36nAHuCP=h^tpf3hEMRhv~RTx0LI%apxdIbCc{ zE}OsWS%pAimp|nu0;?4&ddk|XX0E#c<~mavnCv;^mnM4l?lVT=k22Uor)b#kV2N-aVE}`*=2Wm6s6^5}r zbJ{Sei?KqF+Egc+^Dg)(;d}@?EVaN7OYe6MxgTEC zHX=^m%WlJvda2WX2Nk?tsLu8)qSh~txpdjASyvh%skc68Q>7O!5YCvH8fwn=m!O(O zVugOJ8|l9jl8W&9AdVg}C>1pyW0#HCC9W;^;o@(T%Tk0;BgPfF|In1b%}&74&C()t zI<6*Vwe2m6`e|GXQK}`VuLX7JvEGJ)jx@aM)@a1(67Xl5w0ZhV## z*Fz^wEsfaH+3sD|Qso*q2v*ZU6)~*xM)6%0p6QR!9nJ~^67oU?g%}iVV8{^OO5fa) zu(E!HBRZ>(%(uX`C?6_cK5OH$>cxY}5<_+)%+(ty7BZAl$Xs+ys>dZ!H77ax5@k?A ztLHHVS@e*Mr!3Fau`A))HrtqKJfOhKVusXtXdk{?D-wWcM_0eD&n^_!@5V4!F1pN_ zkpRR-@AY>Ec!75T;8C@#a{T0>vay*A#j(kn)OwghAs)W_6?UtSvWU6m0+}(Z0M6u= z=S)r6mkk4GSmT80x;~-s{Msc32ytC17q3B&OXA;Hp%>xQClhz#E>yIWack=_U7aP( zU1Yxq%M@bg2}t>%b=~qLzOdy8*^HeBa2Mkrq>~^-zptlCUq8?1gVfmu_RspW-Ba}JDBTvH&nw0_=PTGum%Iu z$Q0F*&R{aT+{E72@h1*Yu6kN(`nnsaD9|rT4`v z;Zzn{r#{Br=dEy_UdEg~M%>b~vPs?z!oh5k!(j$S2sTB~qJF(g!0~s#%9n?m9}!Cc z-j-hOMMNpks)o4LkkAjx3te%DqyfxO*Fe+L@Uxi<$%HA~=U0yi@#gb`PK6pRMyvy> ztX!>12NnY-2K~YR{d&$Nn>xf@LHcS(zt>0s`6u55m^ll_?J;bcMcd02CoYT_s)I1N zDXBSH>PGW#p3hDF+ctBn?1*Geb(A4v!~3NE$=VV-%Ui7)6EdEk0H8=G50y`7r;_%B zYjqd!4Rk61$`aa8eL@}W6mHg?4i`ybXh?tNE=Sk5@&Ucgkk!udL^(b z;UqI29E}&j9(B#GB)DJMG<)#l2l(lvtLz4SohiH}!{Hsap>6{kA&&$AxqgvC2nxOFmohPojPY)?sQ5bE1e^(5_9Ly80M%AuK><;P z-il>9j(W7!bpph2<(GQB3KbOX?gC_D%L{}SX>&ob@vIYTWipV=?gM8UtMMUFA7+ab z!-GQG7mIx|3X1Su{?5RbIxGMo-y%8QcFlw? zucx(RmcJZqwk?rYmPom)J!~ak${xK9`*HdGh46TgUP1*()rf>jZ)Sf-P)L1np<(&! zE?D!Au#f7mg`X14D2>jH@|NUVA>M@~wgKOB2+BW$xlQ7L(`ua|&N{8@cFf{q#UnD|q+10F55dYTt3LDZwIyH$;weMUbRozFlZ8Sna?cdFmg zQe+Uw-uJlD5Pug&w~Mfh8IoUK42>UgA>+GRd#{*wR#qRt^*2j8(%Mb;owyo*t5ub= z9nJISBcJM)PZ40HgB2@{c$dKTLfUHWb|QWv^)~cGrTfg7-Dv$T7j>zZ(Pgfc%xfji zeeONbV4zexfv$*O<#HH06gp~d#A2aSzpzZ`l8DR;VRHMz{e{+3=n1RwR_|Fqs=^HO zAY|lP{FzsmGm3zCI`_V~mMhzO-Bgd8Vz~r0CCe7Kvp`Vlj^DMmScpT{v`VD;-j~Is z*w%&}92xE-qms;t$e>DB!!i>nW4bZFSbC-lYI%F7JAPQVKLPO-sN+I*AJ!0h$EW_t z)}&VtwyM6ZA=fY6hHYPt_rr{8UQIY#qaolffJYVkFbndCBAA-ADGP7Sx}3%x0WZ#(2s{egT28$o@+s@+2&--0hY6{wA@RtM*DO4wW4ZFE0F@#|k<@N`X!veJa6fvf6 z-6Tn5uD>G}@MpF0D`wt)W&?y7oB>iN;vv6854QtTndnA-VPvXxP{lvry!g)ZrG7#; z#dpcQwD@D$+(>hNi2MtkLVG%z8hi*Csp7LPXmpeV2@)MvtW)&XGv4lmVd5QS7e}SF zf7On8W=Uzs~l;?K2B!z7p930C^XjVv78g06 z0)T5aWW!*Y+f$e=`{$8x5+tluX%EV%z`1ia@>1GKkleAK8tjq;aS?iI={ZodofH^V ztXC*VlS34}CNeU?jw>?67!K>@MuDWE{aR)`@7FYEQ4Z^$M0 zVu~PPv1ZpwAO))*A3CAjeyWqMmaE^l3P96F?x!AFnz?I8>LZ2_(o^sT)#8OWMufj5hm584x$C@#V)B1!0W!bkwJD*+ZpwCFe|nv)2Il+bml; z=s;V2E4*KY+U0yH+{FzK(T`*WY@L~19y14E!m=e+gEE6%^BodWZ7QKW@Ef(G{LVn->S0QF*E9f!Rd(Cgd{Iy%7fTg2nw$gndj zSi(ys$7$aqIut|AMYV-!u3_*^Jj(b-pJ%eYDHlG1}E&!0D>NUQpO{&0!V&T65p zbO{}V?z_Mz19laBoDY}YOi{EyWJ4frrW&_H7`fz#FTV$*5WA}3VEvXNRVe;=wNkb;pxBlex?kCJ-|K@>uiK)ooqa_(fsGV(<XpG<4_F5l!&7XbHf@NwIU7+X1n16;S*^X_dMQbtxj06-%s4y49RVTV3?{chufAAs zj>i3X7WR|I;R1Z$tsPeWW8vee*co~3%pINn5IOZW4JUs6{RN{94j~slfVi1DF#8h-{=eQdY`tF-vns=33N{P0%&xI$~fQeCg4v~zC-eb zn+@K3mdkDdKDoo{d{1c$KmaZ1ce*-(^V$jb`al_1qfR?Riw%U;Yxz+EnqSYMYsTWr zH(ZqR@#Um=>R+H7?bTrSze#rG#|WscTvzND4p>eC0cwJ*kH%=kgXTTJpX9g2xposQ z_j`ysg-9Bn{p5vandc^5!F2T--*&#MJsl`m<-anQi?OBGwKx@4-X=Tu9dJ@|8GFm$ zs#SNubG3lRwm>=qSIhJ4LJqUSegpLup^?P0=~Ct8QrRt3<2ei1DiXcI;*19eU>_n2xRm zISYlvPEA{<#qpyervOax`tjaVnXov2?xI!#VrAY=5$Jf*-afJGrV{>ZT!H2X0ve91 zEEYAVi*Vi9H4CzHElrDK$XQXE0La{_`jVp81iO`aNMRql{RU<;!`m{WZ>lM;b^h@o z&;F~&@YBm}4zb!Wb0u@rj4D72w-6m}pw=(c$k7P=^L&4XB%aBERqe6g;!if=AF=WE z&0xH(O$#hgv9d51W%^Ma^U%A))pO*}ce5N^TnKc)DO652LY&<`YPxu|W$VW!Y~~k9 zu!H?{#-;xZXK3%S8mhU9xd|pzwm3x#7tr^@|ADBIW3((GrJcErl9}u0|C+ewR9!+;d0gYIph`= zqSceTkNoPvmgB3ozABHTS5BLo-wN?_(Py0FT)1X#kbbDNnuEt_DZX5Vh9~voym#us zv^a5M8@CFtZ5-`fEcOqj(MC%@@0h7Y+__V!Yc=6ooCae|Pe2{;6YMx&t%wOSaYu36 zIXdF!nAWM#!k}3atFnvcGK64EbMRBx0$;lZd#I%g%V?nN`4lHE|H;ud=Smj^`G}?S z;1RPV6ic+%ajmnE*l<91Tw$?Hd=SxWi>4TWKezMG{D1~l^VQabrY(C+58k6VneS$C0%vt|mO@yzu7H$N@7yq9>&!k|5K0G~;+#Eydx9Vz&Z1qHYMW z0w-fG(In93h~sH~4;lvhexunAlchmJU3ItK_Ojlkwk6DyhcP&f)vd!jF zVr-XrotTx5Er=8t$tyGE%68yxQdg4u-lrL7E2p6-}-7dD9DS?nI+B9M8x65ju#$nKmGPZ0|)=iprIzK6t_H< zDS1-Lq8}Wj5(E{WE_9i zjc9qw<~lLWH>2A4mK+3HsG<+O%Pp^Sd-^Epl)u<6 z-rD-aw6zdAI&vFl0wEuy{e%`BJG<@EY~jZ*8?3S>=4({+8&~IQ2#P19*RCJ;Q|BBj zeeIq?^U5}--M(?>v|n-l>*)FLpY9K7ktSZlmEUu&H2T@d?bleP&~C}?|J(a~tD0uBo8K zH|3P&_~ItLOSi4mdC>Onyc)R>VGDJD}3}cweL`GKrC`C@?BQC-eyQ z1Pjk7kKY}23$}8jFbR?TB1$$duO}vS5BMhkgpLzf?nfn39BqUyuBPy?{fcQD?)1FC;kR5KfdW+`93(S)1;jqm1ZsDRPMB=-V?uDrL zbfG7KWUd-N%1NxGK6UlDm&%e=(sFos@Z%GH(-$+C(M29qi<9WSFIaOY2)fT=?2CW1 zt;bV~)?0G05DWJ5$v9@}jqZ~8COe_2!KG$f>cq_^b1;5JZ#gI9xG}s;OkRD{FLutoH<7(v=LH*z4!V>Jw>(BK(-9MVgp72S+eU;+;+UI0zlZYFxoRxW8hM;~&-4`yYt#EP@$b5o;**bM# z@$PuBw2^@Xn5u$Lua)is<)oDEQNoYzbJ4a{5B-;4C?(gz$y*h~!_HrX9^R5; z1ZroXdR+H8ecAluybO`MJmuP~!5(x?1vwVf!)A3B(grOpc57Ugl1NK={ncc34WD{R zVyNVO#P#GKubR273kEwWZxYKob0q%7em#YQhm_o(MRpyT za&sDZXJ?vkAr^STO|N3H3^h>RB4b59%ZGY@Z`Cf@^3@Bg(m?V(bAQ_y=i-m^cQ}yV zDG!((j_bo1mo@S#&U2eAB!{<7FNr7=Jzkq+c3?I)9dV%fP$w=tCY0SCIZ@)+@(_tD zv-I{H{d}auU!$_O!W(a1ZfzjgnI5pQxwqrZQ?3uT=;bOOtFybm|IUd}S1D%q095K( zU$L!|U{BWE)2k)i44j6`yvXW)7$dWNR5SwY(^d)`E8yDff7(7;DLz}|)2~cIDK|k0 zA=*)GGE38WbtncIQ-b`ICrMo8CNlNdPcwP%@%rRg;=v$G<~Lws7IMy7c3^7qJaRm4 z^dM3jf3>hn=ssaJmHeKrf`lev_9mbMYGWzRrwCxhyTurR?`)dj{PAJ599X#k_OBTyl9VB zTtWSA--tAx(LZo6t;zIG!`NZ1xR$_Er+!&On>%jbeNpLPdTsg%vWrJ%Z942~f?;Ou zVMX&&HL!@4O>*`mG}#SLvKqi5Hi%ieI9{C4(0F##3JFv8kyA6ymB7@V!M}*zf zPn#CtcAbLmzY$Uc&{?h<3A46xlua_zW`sN*5K{w}X}HS4{vPWtI#v<0Mz_fKr_yG_ zdy+Ujf-?RY*4qF91@E)9NfBQ!Fv?OzZ*<*1eccqE)b;QgpiGGXYpPMemFEV1Rgf~ z?UguB`lp zybD>1GLT}PK639Ib3+Bq zvGl3LudNx_^&X4zj6Sn9fWFBK*EOyy|LdrhLte7!GkR`^HuP=w!r7`k-TLeO=9|7+ zCFz8qch#SG$$^B31d`2(XGH#Wr2eO--lFb8(%+G@E1w5-Z7xkxyO#MkL+~HOV_^4B z08ThjLmrqPKK}i(z`XcUnC^m7sa>TFNRkJx&75^O`nPlVcNd;*03HrQn}Oj&nMhsx zJK_2JA?YP-N~Akypf07z){q%pDH7)2-;tZ^p-6~*bTBF@G0|AEi+gB+b;EUA&%g#0h;lg zJ@22IOYuWOL^zSPa&(*66>zse_+i?v6*I2inw|yFwvim3GS;b0^_bRe)M>J8GMPdc zGX3RN{WWSP>oP$#3umNjp(-|{+sg3U`~6hobXyBjXF|k6#tHv^aWOeWnA$xU1@8Qr z%)SGvSoTT9wZloPi|=NJRB*IZ>qVOmU~jl{limo>hr--`q8W)*m8^ek!qkvm6Rv~q z`S*)HtvVr=PO}Z*PHhHOL4;`$8m*5cSgiRtvS*WM2*aY~A|&YPs@Gyg;aDcA=Y|U} z1p(2T9f`*0a)#?NDNg@>QDY*rhCpK9ap85|N6sjtAel}9r!CT~VH&$yzkmAA9X4EF z*lzkTcG8Oa(0QQ1dFu7Bz;{c)`b|C;)AQR+3H5nojp0_EzZbW^YvCk3-Qfl!mi2X# z#B@0iGbI%)aCE)Ce@SlUFVlumbiIpY1Ie4Iit695@lyD2N)cn8F`9y1r_=>r|3%L4 zf9u_0C^$o&+9iibg1;gU9L(%hhN8B7|8qVnZZP3PF$}QSD1%H1K2&xllwe{T6+D!4 z4+FiJ+(~P+byCY8&8*2BOZ-@9SxA;C@6o4_(?V!zWxps`4X>yRc=dDxncc%~2=Ah% z4kbGv_UrTVG>Fw3(GAIXcMaM8cNmm&wnk)#d)4yQoGtr%Ki0(lGO*vuX|@CK?UmQn zRwMNq*>S(-p`2?_IwNB1E1&qna?HX)E(l{=@#0p@U?YiZ#^qLjZ1f7OqOCY_I94w# zKhHX$|jgZQNhkySoVc#)+ws7$QOy zkw*8Oxtwm|`|N#>o(x?v774B84^u&{8>9Q@ulidfZ7Z~g5WJ!`c{5p&0*xMcv>C~X zr;+Gi4_WrQyrP_N?;wc88u+-5(O3QE*n1v8M#Nj&7VdeXWK9b++|pLeDyNoO5?G|7 zXpoYlqpyB4u9+g;^Y*m?s;AbJ4w8E&@NIV-Uj&3&IS2Jteju?9wbX2l{R{3-iP%9XeuU2xp z-&hs0=uWE+)#|!}o;~OcP;J(CZ7ZsmybpaQ6!6OR*ygCVCrKjMOnj#mlydw&d*`O{ zC#ujfAFI247*bIT>!Mua5=9f;r(n>`217RD0ESFI-N|xnSXBZO1Al-vsx_?M<9?13 z8>^pbDJp;bCaLhZ)>Zwnb%UXB=M1KB&})=|)p;i>{H4pPn`gwIiO0Wmd;VaZk+%X` z0h}EvZ+=rh1GRC;+xYv}#$}<8lEj!8XGp#k!|fT!{kpNu;o^UP^}lH!>yi-NH0BgRGfI=P{p^pyVM{17W_Gh5j%F|27VP`SF&T(2GDa z47dhTSnt~*j<%%>x5j{UooDy0EQ6GGlb|C@d-{e$IoaOLQQpdd4?Td)l;`EvL7(2ZQX~* zR4q44&1L1}ep$4R!nN;0C~2G`disxJlzOUvDcWcymr?XH3zV0NU}f-OasMe9XaZPt zeD|Sf{o3DifZWrFMU&ETkJ$}c8nbZX+-aCrRWVp)4m~Uems{-Acd(#R0^I@f0^5}0 zl4ozsuyuk8r+peJ88iQu?=z{GTOE~{+SwBVu%7L2OM*yut8O|sokdPaGkJzN$o_gz zu8a!q(x?63f*1CiE2FVzj*Oja1-W;Q%=472tWSv*zqbqICYk)l+$0ArT+i@a9fZ;5 zh0q4^-$bH*ZGR(tIt+A>@LN(6L0Er=`Hz8248iyl*bQw;Fu7)18~;~qS!L6Y8r`64 zhSj<1Ds%647sga&6fJ{|r}F2Hw}y+=tBU-p>xPRSRg}9CHKenvd)-Q&Sv#JR4 zr7X1vNUL;oCb@2eIR@WNk)Er*(6(YBsfIQ>gh@%Sbl+-7JR5!Hu!;fk*^aw0Xd308o!j!3%)dB}t z{7(b?hv)AzP6sh8=B-gYVk=-kC*b{rt@uCt2Q1 zAL}WO=#K$k(d~2H^U}-w)_JzQUiqDAY^ZE-gQj1DNtO59s@~um^{_A56Zgy(%0?Pa zEkD6?XKLWe-u!6Q&bZW#)-7YP5?eoDQJu$gkExfap7(k4MI3-=gDp*NrSckEs}n~; z!*_JW0rb7r1>P#p=|rE)R~=gE{0V^eyD7M_gqDH7g%`HhKlA&fdbry<^+DBW zBb*#>f3Ix=JO#j=uMhoP^+lD}@GTWIzWcUvFhQBL&9{p|1|M_l`5S2T>EZzr%vT4d zdYy91rLU1>SChABH1sRSbm1wtnqO4Cpp5jAXRg1uEf%q=BeeTkA; zr=C7caI?|9$Y~I%sl@e@jNJ!_4kb%~TawJmxUePBAxf9Q9rRwS7Z84{DWb)7HxhKB z`M21`9jwhwEew@No7EXx?y9iOK`q2e4yK^;xg2%~Yma<%e@L_KhfWhaW_h<{*7H4= zl5Stvs>2Bq;blqRm}zS4nri73a(Wt38+yp4mbg8f6(t{y&9B+rUUl0hDWMdpBiQ-N z?FTKR+n!GQb1P|N6vIw)&F6~X)XVkU$G(P_v0B1Qs~xFq`6_d3vh#p&4Rz{q&}JOY zIQ6OIlhKf+5NP7!er255wA9au@AXt-x`{|X!wm-@pg42NHGD!fLlYRDe~wR zJ23Sl(rF#dwl|z_RB4G!f*Z!`hwCY{2^Ph$8ne-jlczvQ=rT+@Lfd zY*#V;0h25q`fD!-<0gdQq;LAC{Oe;x?ZIOJCOlu4KK?{O#AD+YqGDWuyZ+f*AfLOf zWVp4>)~OUtDk%W)fT;G3nte}lMRa>-n^3Fg-MGmL=46I!FeC=&*!upMQB6ODBAwX4ZlhqCG zo^;c{dLMWR%#TEE#$eNHP|>P>n@a5@)U~Vy z5CmZYq&9607vS;0s^w~?7t2giHH{p$FjV6 z`M0P1^U=H?Kt+KsACJ0G+-@rEX=#fhO79CK->&!mVz)c_k@eWA_)SpEHjT#PXKudm z!JT;3h0?Z&-}LCC$!yc{vT_3?f7JWyuNt{a0WP+2?N6I+FKouM!L$yX$O7H?#mWZ( z7)wnOSs|{#M6OZ{-FG)F!gRd&h))*>eC4vI6VRX+<(pZQMjc(!)X>Yw;O$hWHD9Wp9TnJ6x$}#g_hR@ zM5PAu{W?VtYd^vdk}C81oT*`knl#b!6*+%5tdIc|*kjo<;jg0*_8NzoP{t*D)=G#i zq$fdXN?BJV^$h0D@^9pgQ%`9u*O3z&d0`4u(_(;vJeAD~_Dy{;IDS z2SGF1xLwJ}yJgD(pTSHapi;Uet%6Lf33UdhkF7*FU92dkV#G3@i9NM#Ni3lWS`dCT zqRV+q!!(>x+pS#k)2B&E;)e@c6SlER@P|~)J6QOoCP3g|1AGmi^)RP4H??#ZFfu=n zVo{$;cU{~%HCl6&v)%bco3=xg>f>fxAmXjImwGAAeuP6{)XF4&0kTKtElr;A{Jlik z-UMRS%M&voJpU@Jze*IzwaxbVsrr$I^xDG$HH|jcZLar;f00z$l5xL_bHnC3PdfHJ z__1=*@A;``E_>+Oq37do#ejkvIx;v|=?R417+hLBkMdMz!m};qQdv$B7Z?MRl>;q0 zO{KYLBZ5eDk^;t*oj)P*Easaxj`XW!wVRPv&$Go-<0@FzhNl@UUGFu)6enxnn(oq8 zV&UTgjSGNEN&7{I0`LQwt$u_RjB-qx@@1B<`-C{NqoDZFt2yyt)@d#~gnIZfGi>_qOrLny7M^E2zDBcSDZu*Sx5?6a={j z$OeDwGirxG0!j9M4rp3xKszUMv4=1ex}AE>2>8AY{RFtYq>Ak{kG!DqlNMrj8xF60 zU0+bx^Q}PUV^#ISlO9l_W5-BkQL=fFcn^Ez$^aDL2)s`cwLQaE40IiC)^=Mjg3zM6 zD`pA+3hw7b8NAX4`D~KJ%nj>xSiqt!OE0p`Gt^ZYHd$YauA(bO19k=Bcfuya-ap|K z6u9L7h)6`nG?6`gEjm+$mRfJoxnRGZClpJH)pZwMF;a_<|7*)22{-?hd)+-wJi1Ek zE@Ifb!AYKVu>@r=$H;iHR3%BS^2qVCb^b>77*=P(<=y;aH#YuS)gx74i5>64tlgjU z(-OgH`4jvKzz~8$C=tA}DUbcBUKE09trYwHvnt5;)s~q%%_abv{VlYkM(P9kJRdik za&Yab*>Hp_Ioq$#=KG`jbLo+r6@=(~n`+3RD`z79B01~t(D2`U@z|C5(|_ypjhwm*pb{>bBpXprYEd*$=@ z$M@?3;?G^mK;4LP2;SLZS5!jkf#Q#>QK1mE%+aIm zDdRCVpE(>(3|0tzlY%)aGUoe~Bod`l_lyUw&C-MVD**7N6J!GFb!chWNKQu4LzcXP z3eH))yIS#Ca-rtd)y0K=wzYos45CSG$aSUzzQJZ&t5T$Iz}9H^ekqYf(RtYw?grNj z)<`DZii7b>^Hp!Fb#3)P@OFv;+mUV00eeV^-mJZmxy{LxkW#Osir_kL3sJ5t1!`w@ z@!IG(iH(%g%Xb9aFSkFWUm#S8h>HZ(JCLFisprRh7gawOrcG3dz>Z?pEC!eS(c$B} z_v-&d2pZ*APamaUraWtlaQ!eV;yB*I^wPDk0x-w?Q5kZYI_pw71frm zkhVHbvRJ%Lb>FCl10ZEFovD~EM zDC{d|^Wekkb~>q&#az~0@=6UIa%ST}!R)2yOVhw>^ORcsOW5c?3x7HRh-(3!asK4@ zi~8bGut+NVw+(;)d!Io9W`yW^^-QMRXRxblx!%27|I@nsV`n6J4D8XHqI>?U68ZNQ zrnm6}8g;_;$hPkf;suX@Ztu!_9P}TE$iE)U_KD5=(%Z=cgFokJ;*Oo&jU0t98~;i% z`5f3U6<0NSXrB|J%GFPmmCr7SbQh1y_oR8Yx@K|Ssok$ccj=b9h9>JH8Vz_FKE+cT z1x01S9rt`ps$8D;n`$bu_p{h11$A%mVPhv&bjuAZkM*j7TR7eIlrPzU^dhkay(QjZ zx^x?}l>@5!@bW{YRR^%$x!M2kUsc1e3`S+{GJO4a&&4gyp7eGMhdOcR@%NAD4xr+x z0o77}J>dVzDlyW|u>qU2xt4o7F)@*>C9d$NTIK)RmEIY!dIn}(RJR@bPp|sR#@)RH zgm*^LZRd9zwwD-*c91{7WaTI+)rUI$QHVrZDkI&QO%!C26O-;o$i=un&!u(<=^q=2 zBjlg8QZjZ4jSj)3t#EZ4N&jGiR~0SVINv2B7)ZhaaG8EO=n>max~~|Dk=b1 zy9afMdvDBtFJ^V=#M8$))lXDKY}LgRU)cRhsSOV|dIc>ksJ}-rhS&rXD4;FrY}6zN z!s9x_<(#2B*W-4F{Zzr|lQP%FB|17nw(PMzwn*HX{b=Dk4R|(DrPHq|Im9|@%5Q$_ z4FYpwc$V|#d75m{PSr!7d7+hlmkID+5}kgMqc3Vu(=B;>V{YA?R#fstf4E9&!l~_i z?Z@Jj8J_VLYxzzeDzR zclPzApV|BsJAyJuPFN;m(QkfEeLqdL$B${Dhdnk>+DwsD2HOzePJSExDy`(@z9%0e zM%II%V~Bdw66_|JN7*uwX*pEFPw(P6Jl8*qszE5nXOi5jSO@MrmScS4k*wT~iUscY zp%(FzvG3t~8brL#HIO3Rjna+`y&jVPtbF`oH-SlV?O`|6EjX{(Q4!hgrf2oIj+fTw z#|wjG6`PVH->pFpUq^tvukIf1;eFqYeFvP~^$d6bLZT2l#{BbN6z%-G$M8qbLI z?q9Q&DhJ|oa^|b`b;#~F>C80Nf!X7#%@4m@t=v1ekq@-zo=Qyg_d7zbK@Qsvl{=fh ze-yR|ev~1iRKPClwX3(UVyXIXnVu*5tv;A-w20XK-G*u1hRAymB9jhiTfGk`^xZR{ zJhG;Y)z8P^p~yUZJGKZEDn!0{#DlTB>f9&vA`1oAK^Yt9J+A$CVr5`^Le+UC3ogyS zAhkFl!|ovW7r%u05Gej_JIY7cDMKRDEAI7k=&Mf(%J45#FpP|z29>a5EU0M%d5 z*aT2y;KhwZ7y5xCSCdZDx9@G&q8nCRclWHB1Z4^5c4@wObvIF}i$Vi@@oq+HfMrfmcAW z&q|V#Q!OpRnP+5oC~=fjl0czJ7L9hAiX>Wq;tB=V4!#oag>K}nAQFP+-{C(T_yij{ zTbK^kWe=agT5s@{q+;V@+ZmJvA@li1+ zv?L?P*Co3@H|%_8p@`+Phaw?N#TTzM`Lj{;KMN~*wcqP>naA@;%)z)xiUI)79~#eq zB>KrV`23FdVpnFHK=}tK-{6%xXg!+aez7-Bf_^J@xRKiM_29EFi4^Bxr$)AfeL^S5 z&+mNOJz(=GO$Z?Mspg9%>E!^|1w|q3a+di^IC)ty7k4y^ZTo8p39n`XtME4M3V`U; zqZ~Xh(s`JDt}hPYsv6!7%-&Ku~b|BviYqk2N;7) z^xScza1-27uRIJRbQNLQg-{%@SI>xi{<4&VrJ_d;HFkwhm53 zZr5JSb&s3~bVRgHNfV-mqk#x?+dPxYX{)ku*4jf&&9=0^n$Iw!S(f!XJ2Sz?d=0|V z*}`;|^$C6FBeyCdEcs%x&Q%;zk=g`50J$S(!@vFwUtdU*dz373l`fngL%w}sOTu$w zI5d}$i;xRGI@MFyH?82OO+>iLXML>VF*-8e;8)b|M9yic7Y7{E0)6^Nw_ek?37noE ze8M)fUf*m2 z46#Wr|KfommanCZGE!}DyQ_8E$3?gLTs<|n@Fw%U_g$E~BXO%BaHeB2r}a4%i!=Ib z%_l!FnS1N@43_J8)2~hTESTjNAwBtl!Tzkhz?lxynHwJeaWDrdE4~R9br{BtD z|GEB(-r*zM<){6o$y%D{e%-2c`|XX}r;>CKXERucuck$Nc zHRn(M`FCkuXv%Kc**kN-gjDE%ss$E^y`QzVeGJ}v9q7lYKwq2}Js$8Ry>YL@&pF*Y z*L;7m^vyE+^G|{MUrsA*O}Bb#dvQBx59;Z6)i?cq{dWI-|G~fWy+44fZ?>!7j|Yy; zC@lal09~Y$-RAAtoLlw zxh>K4OQ2SGU|OO6);O#!Q7?M0T)^hZ`|G#0ZUgS5d*S(Svia1Uk4h{0oL{moSSMUh z`hbqY1qa}o?OWSQLay(+>J4nXsP&r${9DpQMkCI((Pd%o&8%&gmLAgDF6#bBfs8g3 zugZkDjMrkDQ(bSf?Yd8fGcNcx_Bq{NwyaD0dYMkz?Yu|8OO1+S{Ky&h_vhMjTj|!b dXKA1RGg=6XZ7r@_cbEYPJYD@<);T3K0RWDD(Gvgw literal 0 HcmV?d00001 diff --git a/docs/apm/service-maps.asciidoc b/docs/apm/service-maps.asciidoc new file mode 100644 index 0000000000000..e0d84f33b4dcb --- /dev/null +++ b/docs/apm/service-maps.asciidoc @@ -0,0 +1,48 @@ +[[service-maps]] +=== Service maps + +beta::[] + +A service map is a real-time diagram of the interactions occurring in your application’s architecture. +It allows you to easily visualize data flow and high-level statistics, like average transaction duration, +requests per minute, errors per minute, and metrics, allowing you to quickly assess the status of your services. + +Our beta offering creates two types of service maps: + +* Global: All services and connections are shown. +* Service-specific: Selecting a specific service will highlight it's connections. + +[role="screenshot"] +image::apm/images/service-maps.png[Example view of service maps in the APM app in Kibana] + +[float] +[[visualize-your-architecture]] +=== Visualize your architecture + +Select the **Service Map** tab to get started. +By default, all services and connections are shown. +Whether your onboarding a new engineer, or just trying to grasp the big picture, +click around, zoom in and out, and begin to visualize how your services are connected. + +If there's a specific service that interests you, select that service to highlight its connections. +Clicking **Focus map** will refocus the map on that specific service and lock the connection highlighting. +From here, select **Service Details**, or click on the **Transaction** tab to jump to the Transaction overview. +You can also use the tabs at the top of the page to easily jump to the **Errors** or **Metrics** overview. + +While it's not possible to query in service maps, it is possible to filter by environment. +This can be useful if you have two or more services, in separate environments, but with the same name. +Use the environment drop down to only see the data you're interested in, like `dev` or `production`. + +[role="screenshot"] +image::apm/images/service-maps-java.png[Example view of service maps with Java highlighted in the APM app in Kibana] + +[float] +[[service-maps-legend]] +=== Legend + +Nodes appear on the map in one of two shapes: + +* **Circle**: Instrumented services. Interior icons are based on the language of the agent used. +* **Diamond**: Databases, external, and messaging. Interior icons represent the generic type, +with specific icons for known entities, like Elasticsearch. +Type and subtype are based on `span.type`, and `span.subtype`. diff --git a/docs/apm/using-the-apm-ui.asciidoc b/docs/apm/using-the-apm-ui.asciidoc index 1361dc046e3b1..b1b7ed7307986 100644 --- a/docs/apm/using-the-apm-ui.asciidoc +++ b/docs/apm/using-the-apm-ui.asciidoc @@ -31,6 +31,8 @@ include::transactions.asciidoc[] include::spans.asciidoc[] +include::service-maps.asciidoc[] + include::errors.asciidoc[] include::metrics.asciidoc[] From eacdbcd4f5a6ad92db988a0d5c8ba7e0be141112 Mon Sep 17 00:00:00 2001 From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com> Date: Tue, 7 Apr 2020 16:37:15 -0400 Subject: [PATCH 36/36] [Endpoint] new AppRootProvider + Policy details tests (#62319) * Refactor of mocks into own dir ++ added `createAppContextTestRender` * new AppRootProvider component * Refactor application `index.tsx` to use `AppRootProvider` * Add `generatePolicyDatasource()` to EndpointDocGenerator * Test for policy details --- .../plugins/endpoint/common/generate_data.ts | 38 +++ .../public/applications/endpoint/index.tsx | 81 ++---- .../endpoint/mocks/app_context_render.tsx | 70 +++++ .../dependencies_start_mock.ts} | 2 +- .../applications/endpoint/mocks/index.ts | 8 + .../endpoint/store/policy_details/reducer.ts | 6 +- .../endpoint/view/app_root_provider.tsx | 58 +++++ .../endpoint/view/policy/agents_summary.tsx | 2 +- .../view/policy/policy_details.test.tsx | 239 ++++++++++++++++++ .../endpoint/view/policy/policy_details.tsx | 8 +- 10 files changed, 454 insertions(+), 58 deletions(-) create mode 100644 x-pack/plugins/endpoint/public/applications/endpoint/mocks/app_context_render.tsx rename x-pack/plugins/endpoint/public/applications/endpoint/{mocks.ts => mocks/dependencies_start_mock.ts} (96%) create mode 100644 x-pack/plugins/endpoint/public/applications/endpoint/mocks/index.ts create mode 100644 x-pack/plugins/endpoint/public/applications/endpoint/view/app_root_provider.tsx create mode 100644 x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.test.tsx diff --git a/x-pack/plugins/endpoint/common/generate_data.ts b/x-pack/plugins/endpoint/common/generate_data.ts index 0ec105129b7ac..7c24bd9d77148 100644 --- a/x-pack/plugins/endpoint/common/generate_data.ts +++ b/x-pack/plugins/endpoint/common/generate_data.ts @@ -7,6 +7,11 @@ import uuid from 'uuid'; import seedrandom from 'seedrandom'; import { AlertEvent, EndpointEvent, HostMetadata, OSFields, HostFields } from './types'; +// FIXME: move types/model to top-level +// eslint-disable-next-line @kbn/eslint/no-restricted-paths +import { PolicyData } from '../public/applications/endpoint/types'; +// eslint-disable-next-line @kbn/eslint/no-restricted-paths +import { generatePolicy } from '../public/applications/endpoint/models/policy'; export type Event = AlertEvent | EndpointEvent; @@ -452,6 +457,39 @@ export class EndpointDocGenerator { } } + /** + * Generates an Ingest `datasource` that includes the Endpoint Policy data + */ + public generatePolicyDatasource(): PolicyData { + return { + id: this.seededUUIDv4(), + name: 'Endpoint Policy', + description: 'Policy to protect the worlds data', + config_id: this.seededUUIDv4(), + enabled: true, + output_id: '', + inputs: [ + { + type: 'endpoint', + enabled: true, + streams: [], + config: { + policy: { + value: generatePolicy(), + }, + }, + }, + ], + namespace: 'default', + package: { + name: 'endpoint', + title: 'Elastic Endpoint', + version: '1.0.0', + }, + revision: 1, + }; + } + private randomN(n: number): number { return Math.floor(this.random() * n); } diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/index.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/index.tsx index fa9055e0d9bbd..89a6302351a54 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/index.tsx +++ b/x-pack/plugins/endpoint/public/applications/endpoint/index.tsx @@ -7,13 +7,9 @@ import * as React from 'react'; import ReactDOM from 'react-dom'; import { CoreStart, AppMountParameters, ScopedHistory } from 'kibana/public'; -import { I18nProvider, FormattedMessage } from '@kbn/i18n/react'; -import { Route, Switch, Router } from 'react-router-dom'; -import { Provider } from 'react-redux'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { Route, Switch } from 'react-router-dom'; import { Store } from 'redux'; -import { useObservable } from 'react-use'; -import { KibanaContextProvider } from '../../../../../../src/plugins/kibana_react/public'; -import { RouteCapture } from './view/route_capture'; import { EndpointPluginStartDependencies } from '../../plugin'; import { appStoreFactory } from './store'; import { AlertIndex } from './view/alerts'; @@ -21,7 +17,7 @@ import { HostList } from './view/hosts'; import { PolicyList } from './view/policy'; import { PolicyDetails } from './view/policy'; import { HeaderNavigation } from './components/header_nav'; -import { EuiThemeProvider } from '../../../../../legacy/common/eui_styled_components'; +import { AppRootProvider } from './view/app_root_provider'; /** * This module will be loaded asynchronously to reduce the bundle size of your plugin's main bundle. @@ -49,54 +45,31 @@ interface RouterProps { } const AppRoot: React.FunctionComponent = React.memo( - ({ - history, - store, - coreStart: { http, notifications, uiSettings, application }, - depsStart: { data }, - }) => { - const isDarkMode = useObservable(uiSettings.get$('theme:darkMode')); - + ({ history, store, coreStart, depsStart }) => { return ( - - - - - - - - - ( -

- -

- )} - /> - - - - - ( - - )} - /> - - - - - - - + + + + ( +

+ +

+ )} + /> + + + + + ( + + )} + /> +
+
); } ); diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/mocks/app_context_render.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/mocks/app_context_render.tsx new file mode 100644 index 0000000000000..af34205e2310f --- /dev/null +++ b/x-pack/plugins/endpoint/public/applications/endpoint/mocks/app_context_render.tsx @@ -0,0 +1,70 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React from 'react'; +import { createMemoryHistory } from 'history'; +import { render as reactRender, RenderOptions, RenderResult } from '@testing-library/react'; +import { appStoreFactory } from '../store'; +import { coreMock } from '../../../../../../../src/core/public/mocks'; +import { EndpointPluginStartDependencies } from '../../../plugin'; +import { depsStartMock } from './dependencies_start_mock'; +import { AppRootProvider } from '../view/app_root_provider'; + +type UiRender = (ui: React.ReactElement, options?: RenderOptions) => RenderResult; + +/** + * Mocked app root context renderer + */ +interface AppContextTestRender { + store: ReturnType; + history: ReturnType; + coreStart: ReturnType; + depsStart: EndpointPluginStartDependencies; + /** + * A wrapper around `AppRootContext` component. Uses the mocked modules as input to the + * `AppRootContext` + */ + AppWrapper: React.FC; + /** + * Renders the given UI within the created `AppWrapper` providing the given UI a mocked + * endpoint runtime context environment + */ + render: UiRender; +} + +/** + * Creates a mocked endpoint app context custom renderer that can be used to render + * component that depend upon the application's surrounding context providers. + * Factory also returns the content that was used to create the custom renderer, allowing + * for further customization. + */ +export const createAppRootMockRenderer = (): AppContextTestRender => { + const history = createMemoryHistory(); + const coreStart = coreMock.createStart({ basePath: '/mock' }); + const depsStart = depsStartMock(); + const store = appStoreFactory({ coreStart, depsStart }); + const AppWrapper: React.FunctionComponent<{ children: React.ReactElement }> = ({ children }) => ( + + {children} + + ); + const render: UiRender = (ui, options) => { + // @ts-ignore + return reactRender(ui, { + wrapper: AppWrapper, + ...options, + }); + }; + + return { + store, + history, + coreStart, + depsStart, + AppWrapper, + render, + }; +}; diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/mocks.ts b/x-pack/plugins/endpoint/public/applications/endpoint/mocks/dependencies_start_mock.ts similarity index 96% rename from x-pack/plugins/endpoint/public/applications/endpoint/mocks.ts rename to x-pack/plugins/endpoint/public/applications/endpoint/mocks/dependencies_start_mock.ts index e1a90b4a416dc..00cf0bca57e66 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/mocks.ts +++ b/x-pack/plugins/endpoint/public/applications/endpoint/mocks/dependencies_start_mock.ts @@ -7,7 +7,7 @@ import { dataPluginMock, Start as DataPublicStartMock, -} from '../../../../../../src/plugins/data/public/mocks'; +} from '../../../../../../../src/plugins/data/public/mocks'; type DataMock = Omit & { indexPatterns: Omit & { diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/mocks/index.ts b/x-pack/plugins/endpoint/public/applications/endpoint/mocks/index.ts new file mode 100644 index 0000000000000..65e78f27943ba --- /dev/null +++ b/x-pack/plugins/endpoint/public/applications/endpoint/mocks/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export * from './dependencies_start_mock'; +export * from './app_context_render'; diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/store/policy_details/reducer.ts b/x-pack/plugins/endpoint/public/applications/endpoint/store/policy_details/reducer.ts index af9b49cea18ad..fb3e26157ef32 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/store/policy_details/reducer.ts +++ b/x-pack/plugins/endpoint/public/applications/endpoint/store/policy_details/reducer.ts @@ -74,8 +74,12 @@ export const policyDetailsReducer: Reducer = ( ...state, location: action.payload, }; + const isCurrentlyOnDetailsPage = isOnPolicyDetailsPage(newState); + const wasPreviouslyOnDetailsPage = isOnPolicyDetailsPage(state); - if (isOnPolicyDetailsPage(newState)) { + // Did user just enter the Detail page? if so, then set the loading indicator and return new state + if (isCurrentlyOnDetailsPage && !wasPreviouslyOnDetailsPage) { + newState.isLoading = true; return newState; } return { diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/app_root_provider.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/app_root_provider.tsx new file mode 100644 index 0000000000000..ca27831ee90b5 --- /dev/null +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/app_root_provider.tsx @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React, { memo, ReactNode, useMemo } from 'react'; +import { Provider } from 'react-redux'; +import { I18nProvider } from '@kbn/i18n/react'; +import { Router } from 'react-router-dom'; +import { History } from 'history'; +import { CoreStart } from 'kibana/public'; +import { useObservable } from 'react-use'; +import { EuiThemeProvider } from '../../../../../../legacy/common/eui_styled_components'; +import { KibanaContextProvider } from '../../../../../../../src/plugins/kibana_react/public'; +import { appStoreFactory } from '../store'; +import { RouteCapture } from './route_capture'; +import { EndpointPluginStartDependencies } from '../../../plugin'; + +/** + * Provides the context for rendering the endpoint app + */ +export const AppRootProvider = memo<{ + store: ReturnType; + history: History; + coreStart: CoreStart; + depsStart: EndpointPluginStartDependencies; + children: ReactNode | ReactNode[]; +}>( + ({ + store, + history, + coreStart: { http, notifications, uiSettings, application }, + depsStart: { data }, + children, + }) => { + const isDarkMode = useObservable(uiSettings.get$('theme:darkMode')); + const services = useMemo(() => ({ http, notifications, application, data }), [ + application, + data, + http, + notifications, + ]); + return ( + + + + + + {children} + + + + + + ); + } +); diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/agents_summary.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/agents_summary.tsx index d0751cf9fb886..a3e30eb891db4 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/agents_summary.tsx +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/agents_summary.tsx @@ -61,7 +61,7 @@ export const AgentsSummary = memo(props => { }, []); return ( - + {stats.map(({ key, title, health }) => { return ( diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.test.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.test.tsx new file mode 100644 index 0000000000000..2ecc2b117bf01 --- /dev/null +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.test.tsx @@ -0,0 +1,239 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React from 'react'; +import { mount } from 'enzyme'; +import { createAppRootMockRenderer } from '../../mocks'; +import { PolicyDetails } from './policy_details'; +import { EndpointDocGenerator } from '../../../../../common/generate_data'; + +describe('Policy Details', () => { + type FindReactWrapperResponse = ReturnType['find']>; + + const sleep = (ms = 100) => new Promise(wakeup => setTimeout(wakeup, ms)); + const generator = new EndpointDocGenerator(); + const { history, AppWrapper, coreStart } = createAppRootMockRenderer(); + const http = coreStart.http; + const render = (ui: Parameters[0]) => mount(ui, { wrappingComponent: AppWrapper }); + let policyDatasource: ReturnType; + let policyView: ReturnType; + + beforeEach(() => jest.clearAllMocks()); + + afterEach(() => { + if (policyView) { + policyView.unmount(); + } + }); + + describe('when displayed with invalid id', () => { + beforeEach(() => { + http.get.mockReturnValue(Promise.reject(new Error('policy not found'))); + history.push('/policy/1'); + policyView = render(); + }); + + it('should show loader followed by error message', () => { + expect(policyView.find('EuiLoadingSpinner').length).toBe(1); + policyView.update(); + const callout = policyView.find('EuiCallOut'); + expect(callout).toHaveLength(1); + expect(callout.prop('color')).toEqual('danger'); + expect(callout.text()).toEqual('policy not found'); + }); + }); + describe('when displayed with valid id', () => { + let asyncActions: Promise = Promise.resolve(); + + beforeEach(() => { + policyDatasource = generator.generatePolicyDatasource(); + policyDatasource.id = '1'; + + http.get.mockImplementation((...args) => { + const [path] = args; + if (typeof path === 'string') { + // GET datasouce + if (path === '/api/ingest_manager/datasources/1') { + asyncActions = asyncActions.then(async (): Promise => await sleep()); + return Promise.resolve({ + item: policyDatasource, + success: true, + }); + } + + // GET Agent status for agent config + if (path === '/api/ingest_manager/fleet/agent-status') { + asyncActions = asyncActions.then(async () => await sleep()); + return Promise.resolve({ + results: { events: 0, total: 5, online: 3, error: 1, offline: 1 }, + success: true, + }); + } + } + + return Promise.reject(new Error('unknown API call!')); + }); + history.push('/policy/1'); + policyView = render(); + }); + + it('should display back to list button and policy title', () => { + policyView.update(); + const pageHeaderLeft = policyView.find( + 'EuiPageHeaderSection[data-test-subj="pageViewHeaderLeft"]' + ); + + const backToListButton = pageHeaderLeft.find('EuiButtonEmpty'); + expect(backToListButton.prop('iconType')).toBe('arrowLeft'); + expect(backToListButton.prop('href')).toBe('/mock/app/endpoint/policy'); + expect(backToListButton.text()).toBe('Back to policy list'); + + const pageTitle = pageHeaderLeft.find('[data-test-subj="pageViewHeaderLeftTitle"]'); + expect(pageTitle).toHaveLength(1); + expect(pageTitle.text()).toEqual(policyDatasource.name); + }); + it('should navigate to list if back to link is clicked', async () => { + policyView.update(); + const backToListButton = policyView.find( + 'EuiPageHeaderSection[data-test-subj="pageViewHeaderLeft"] EuiButtonEmpty' + ); + expect(history.location.pathname).toEqual('/policy/1'); + backToListButton.simulate('click'); + expect(history.location.pathname).toEqual('/policy'); + }); + it('should display agent stats', async () => { + await asyncActions; + policyView.update(); + const headerRight = policyView.find( + 'EuiPageHeaderSection[data-test-subj="pageViewHeaderRight"]' + ); + const agentsSummary = headerRight.find('EuiFlexGroup[data-test-subj="policyAgentsSummary"]'); + expect(agentsSummary).toHaveLength(1); + expect(agentsSummary.text()).toBe('Hosts5Online3Offline1Error1'); + }); + it('should display cancel button', async () => { + await asyncActions; + policyView.update(); + const cancelbutton = policyView.find( + 'EuiButtonEmpty[data-test-subj="policyDetailsCancelButton"]' + ); + expect(cancelbutton).toHaveLength(1); + expect(cancelbutton.text()).toEqual('Cancel'); + }); + it('should redirect to policy list when cancel button is clicked', async () => { + await asyncActions; + policyView.update(); + const cancelbutton = policyView.find( + 'EuiButtonEmpty[data-test-subj="policyDetailsCancelButton"]' + ); + expect(history.location.pathname).toEqual('/policy/1'); + cancelbutton.simulate('click'); + expect(history.location.pathname).toEqual('/policy'); + }); + it('should display save button', async () => { + await asyncActions; + policyView.update(); + const saveButton = policyView.find('EuiButton[data-test-subj="policyDetailsSaveButton"]'); + expect(saveButton).toHaveLength(1); + expect(saveButton.text()).toEqual('Save'); + }); + describe('when the save button is clicked', () => { + let saveButton: FindReactWrapperResponse; + let confirmModal: FindReactWrapperResponse; + let modalCancelButton: FindReactWrapperResponse; + let modalConfirmButton: FindReactWrapperResponse; + + beforeEach(async () => { + await asyncActions; + policyView.update(); + saveButton = policyView.find('EuiButton[data-test-subj="policyDetailsSaveButton"]'); + saveButton.simulate('click'); + policyView.update(); + confirmModal = policyView.find( + 'EuiConfirmModal[data-test-subj="policyDetailsConfirmModal"]' + ); + modalCancelButton = confirmModal.find('button[data-test-subj="confirmModalCancelButton"]'); + modalConfirmButton = confirmModal.find( + 'button[data-test-subj="confirmModalConfirmButton"]' + ); + http.put.mockImplementation((...args) => { + asyncActions = asyncActions.then(async () => await sleep()); + const [path] = args; + if (typeof path === 'string') { + if (path === '/api/ingest_manager/datasources/1') { + return Promise.resolve({ + item: policyDatasource, + success: true, + }); + } + } + + return Promise.reject(new Error('unknown PUT path!')); + }); + }); + + it('should show a modal confirmation', () => { + expect(confirmModal).toHaveLength(1); + expect(confirmModal.find('div[data-test-subj="confirmModalTitleText"]').text()).toEqual( + 'Save and deploy changes' + ); + expect(modalCancelButton.text()).toEqual('Cancel'); + expect(modalConfirmButton.text()).toEqual('Save and deploy changes'); + }); + it('should show info callout if policy is in use', () => { + const warningCallout = confirmModal.find( + 'EuiCallOut[data-test-subj="policyDetailsWarningCallout"]' + ); + expect(warningCallout).toHaveLength(1); + expect(warningCallout.text()).toEqual( + 'This action will update 5 hostsSaving these changes will apply the updates to all active endpoints assigned to this policy' + ); + }); + it('should close dialog if cancel button is clicked', () => { + modalCancelButton.simulate('click'); + expect( + policyView.find('EuiConfirmModal[data-test-subj="policyDetailsConfirmModal"]') + ).toHaveLength(0); + }); + it('should update policy and show success notification when confirm button is clicked', async () => { + modalConfirmButton.simulate('click'); + policyView.update(); + // Modal should be closed + expect( + policyView.find('EuiConfirmModal[data-test-subj="policyDetailsConfirmModal"]') + ).toHaveLength(0); + + // API should be called + await asyncActions; + expect(http.put.mock.calls[0][0]).toEqual(`/api/ingest_manager/datasources/1`); + policyView.update(); + + // Toast notification should be shown + const toastAddMock = coreStart.notifications.toasts.add.mock; + expect(toastAddMock.calls).toHaveLength(1); + expect(toastAddMock.calls[0][0]).toMatchObject({ + color: 'success', + iconType: 'check', + }); + }); + it('should show an error notification toast if update fails', async () => { + policyDatasource.id = 'invalid'; + modalConfirmButton.simulate('click'); + + await asyncActions; + policyView.update(); + + // Toast notification should be shown + const toastAddMock = coreStart.notifications.toasts.add.mock; + expect(toastAddMock.calls).toHaveLength(1); + expect(toastAddMock.calls[0][0]).toMatchObject({ + color: 'danger', + iconType: 'alert', + }); + }); + }); + }); +}); diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.tsx index 2dba301bf4537..bc56e5e6f6329 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.tsx +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.tsx @@ -149,7 +149,10 @@ export const PolicyDetails = React.memo(() => { - + @@ -157,6 +160,7 @@ export const PolicyDetails = React.memo(() => { 0 && ( <>